Personal Data Safety Increased 

The Trump administration has placed restrictions on companies that deal in personal data or security-related data. Executive Order 14117, titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern,” has been enacted with a final rule from the DOJ. This action places “the first national security-focused restrictions on the transfer or export of sensitive personal and government-related data to designated foreign adversaries.” Six countries are named (all malevolent actors) plus anyone acting on their behalf. With the increasing awareness of penetration of American data systems by Chinese and North Korean hackers in particular, this has come none too soon. 

Employers are reminded to report any data breaches to state and local authorities, especially when employees’ private personal data may be at risk. Systems should be taken offline but NOT shut down until forensic experts have a chance to examine them. If health records are compromised, the FTC must also be notified. For employers covered by HIPAA, HHS must also be notified. Following are the relevant contact sites:

• HIPAA Breach Notification Rule: 
  hhs.gov/hipaa/for-professionals/breach-notification 

• HHS HIPAA Breach Notification Form: 
  hhs.gov/hipaa/for-professionals/breach-notification/breach-reporting 

• Complying with the FTC’s Health Breach Notification Rule: 
  ftc.gov/healthbreachnotificationrule 

IF social security numbers are included in the breach notify these entities: 

• Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111 

• Experian: experian.com/help or 1-888-397-3742 

• TransUnion: transunion.com/credit-help or 1-888-909-8872 

and the employees affected, of course.