The new South Dakota Breach Notification Law was enacted on July 1, 2018. While the organizations throughout the state are learning more about the rules, wording, & procedures as the days go by, a North Carolina federal court decision has made a ruling that could impact the rest of the nation.
“According to a recent federal court decision, an employee who is tricked into sharing personal information in response to a phishing email can be seen as committing an intentional disclosure under the North Carolina Identity Theft Protection Act (NCITPA). As a result, the employer could face treble damages for the employee’s mistake, adding a new element to potential exposure for businesses.” (KnowBe4)
This ruling highlights what is considered intentional vs. unintentional. One would argue that the person was still unintentionally providing the information, but the courts rebut that clause by saying they were intentionally sending it to a particular person with particular content. “The federal court rejected Schletter’s argument, finding that the e-mail response, “while solicited under false pretenses, was intentionally made.” (KnowBe4)
Although this court case is in North Carolina, it could set a standard for the rest of the nation to follow in this new “Data Breach Notification/Identify Theft Protection” era. Now is the time to invest in your network in the event something happens & awareness training.
Read more here: https://goo.gl/2T3Qfy