{"id":67,"date":"2017-07-03T18:19:49","date_gmt":"2017-07-03T22:19:49","guid":{"rendered":"https:\/\/www.amp.legal\/blog\/?p=67"},"modified":"2017-08-11T13:40:53","modified_gmt":"2017-08-11T17:40:53","slug":"safe-harbor-from-data-breach-notification","status":"publish","type":"post","link":"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/","title":{"rendered":"Safe Harbor From Data Breach Notification"},"content":{"rendered":"

The purpose of data breach laws is to encourage organizations to take measures to protect their sensitive data. After a data breach, a business must comply with the state data breach notification statutes where its customers are located. States normally define a \u201cbreach\u201d as either \u201cunauthorized acquisition\u201d or \u201cunauthorized access\u201d of personal information.<\/p>\n

Risk of Harm Analysis<\/h3>\n

Some state statutes include a \u201crisk of harm analysis\u201d that triggers the notification requirement. This analysis allows a business to determine\u00a0if there is a reasonable likelihood of harm that an intruder will use any sensitive information for harmful purposes, such as identity theft or fraud. However, many statutes have requirements to utilize this provision, such as documenting the risk determination and notifying a state agency.<\/p>\n

Once notification is triggered, a business must send notifications to affected individuals who were compromised by the breach. Some statutes also require notifying state agencies and credit agencies.<\/p>\n

\"\"Safe Harbor Provision<\/h3>\n

Many statutes include a safe harbor provision to reward businesses for encrypting their data. This provision allows an organization\u00a0to portray the security event as an \u201cincident\u201d instead of declaring it\u00a0had a \u201cbreach.\u201d Importantly, this provision relieves the business from the expense and humiliation of having to send out breach notifications.<\/p>\n

To use a safe harbor, the breached organization must prove that it encrypted the sensitive data in accordance with the state statute. Many state statutes specify a safe harbor for encryption where the trigger for notification is unauthorized access or acquisition of personal \u201cunencrypted computerized data.” Other state breach statutes do not define encryption at all. Meanwhile, some states have defined \u201cbreach\u201d or \u201cpersonal information\u201d to specifically exclude encrypted data where the unauthorized person has the key required to decrypt the data. This exclusion creates the argument that encrypted data no longer has a safe harbor from notification.<\/p>\n

For more information,\u00a0visit these links:<\/p>\n

Search State Data Breach Laws<\/a><\/p>\n

Data Breaches and the Encryption Safe Harbor<\/a><\/p>\n

State Data Breach Notification Laws Just Got Crazier<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The purpose of data breach laws is to encourage organizations to take measures to protect their sensitive data. After a data breach, a business must comply with the state data breach notification statutes where its […]<\/p>\n","protected":false},"author":1,"featured_media":167,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[21,23,22,20],"yoast_head":"\nSafe Harbor From Data Breach Notification - Cyber Law Blog<\/title>\n<meta name=\"description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Safe Harbor From Data Breach Notification - Cyber Law Blog\" \/>\n<meta property=\"og:description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Law Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-03T22:19:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-08-11T17:40:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/07\/safe-harbor.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/\"},\"author\":{\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\"},\"headline\":\"Safe Harbor From Data Breach Notification\",\"datePublished\":\"2017-07-03T22:19:49+00:00\",\"dateModified\":\"2017-08-11T17:40:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/\"},\"wordCount\":336,\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"keywords\":[\"encryption\",\"notification\",\"risk of harm\",\"safe harbor\"],\"articleSection\":[\"Data Breach Laws\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/\",\"name\":\"Safe Harbor From Data Breach Notification - Cyber Law Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\"},\"datePublished\":\"2017-07-03T22:19:49+00:00\",\"dateModified\":\"2017-08-11T17:40:53+00:00\",\"description\":\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.amp.legal\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Safe Harbor From Data Breach Notification\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"name\":\"Cyber Law Blog\",\"description\":\"Exploring technology law in cyberspace\",\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.amp.legal\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\",\"name\":\"Alice M. Porch, P.A.\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"contentUrl\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"width\":1104,\"height\":1114,\"caption\":\"Alice M. Porch, P.A.\"},\"image\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\",\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"caption\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\"},\"description\":\"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.\",\"sameAs\":[\"https:\/\/www.aliceporch.com\",\"https:\/\/www.linkedin.com\/in\/alice-m-porch\/\"],\"url\":\"https:\/\/www.amp.legal\/blog\/author\/amplegal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Safe Harbor From Data Breach Notification - Cyber Law Blog","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/","og_locale":"en_US","og_type":"article","og_title":"Safe Harbor From Data Breach Notification - Cyber Law Blog","og_description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","og_url":"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/","og_site_name":"Cyber Law Blog","article_published_time":"2017-07-03T22:19:49+00:00","article_modified_time":"2017-08-11T17:40:53+00:00","og_image":[{"width":900,"height":525,"url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/07\/safe-harbor.png","type":"image\/png"}],"author":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/#article","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/"},"author":{"name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f"},"headline":"Safe Harbor From Data Breach Notification","datePublished":"2017-07-03T22:19:49+00:00","dateModified":"2017-08-11T17:40:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/"},"wordCount":336,"publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"keywords":["encryption","notification","risk of harm","safe harbor"],"articleSection":["Data Breach Laws"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/","url":"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/","name":"Safe Harbor From Data Breach Notification - Cyber Law Blog","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/#website"},"datePublished":"2017-07-03T22:19:49+00:00","dateModified":"2017-08-11T17:40:53+00:00","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","breadcrumb":{"@id":"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.amp.legal\/blog\/safe-harbor-from-data-breach-notification\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amp.legal\/blog\/"},{"@type":"ListItem","position":2,"name":"Safe Harbor From Data Breach Notification"}]},{"@type":"WebSite","@id":"https:\/\/www.amp.legal\/blog\/#website","url":"https:\/\/www.amp.legal\/blog\/","name":"Cyber Law Blog","description":"Exploring technology law in cyberspace","publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amp.legal\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.amp.legal\/blog\/#organization","name":"Alice M. Porch, P.A.","url":"https:\/\/www.amp.legal\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","contentUrl":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","width":1104,"height":1114,"caption":"Alice M. Porch, P.A."},"image":{"@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f","name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","caption":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+"},"description":"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.","sameAs":["https:\/\/www.aliceporch.com","https:\/\/www.linkedin.com\/in\/alice-m-porch\/"],"url":"https:\/\/www.amp.legal\/blog\/author\/amplegal\/"}]}},"_links":{"self":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/67"}],"collection":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/comments?post=67"}],"version-history":[{"count":11,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions"}],"predecessor-version":[{"id":298,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions\/298"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media\/167"}],"wp:attachment":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media?parent=67"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/categories?post=67"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/tags?post=67"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}