Nonprofit Identity Theft Resource Center's "2023 Business Impact Report" showed 73% of 551 U.S.-based small and medium-sized businesses were impacted by a data breach this year, Infosecurity Magazine reports. Breach preparedness was high among respondents at 85%, but less than 50% adopted cybersecurity best practices, including multifactor authentication, mandatory password strength and authorized employee access.Full story... Read More

The U.K. Information Commissioner’s Office issued a six-step guide for small businesses that receive data protection complaints. The steps are to acknowledge receipt of the complaint, find out the specific issue related to the complaint, provide updates to the data subject, record actions taken in response to complaint, formally respond to the individual with the outcome of the investigation, and review lessons observed.  Full Story... Read More

A report by Stericycle’s information security service Shred-it found 63% of high-ranking executives and 67% of small U.S. businesses do not have an incident response plan, while 75% of large U.S. businesses have experienced a data breach, Venture Beat reports. Also, one in four North American businesses expressed concerns a data breach is likely in the next 12 months. For consumers, nearly 70% of those surveyed were impacted by a data breach in 2021.Full Story... Read More

Ryan McErlane knows the challenges small- and medium-sized enterprises face on a daily basis, as he is the co-founder of one himself. McErlane heads up Dataships, a privacy technology vendor based out of Ireland that has created a solution specifically geared toward SMEs. While privacy tech vendors have focused on large, multinational organizations, McErlane said SMEs have not received the same level of attention. Now that those companies are starting to catch the eye of regulators, McErlane be... Read More

The Wall Street Journal reports small- and medium-sized businesses are voicing concerns over how Apple's App Tracking Transparency framework will affect business models and competition. Facebook previously spoke out on negative effects for businesses stemming from ATT, and now SMEs are becoming equally skeptical. John Merris, CEO of startup retailer Solo Stove, said he is "not in the camp that privacy doesn’t matter" but does question "where is the right place to draw the line? And why is Apple ... Read More

Collection and analysis of personal data on a mass scale are essential for businesses to enhance their decision-making processes, better understand their customers and serve them personalized services. While individuals enjoy reaping the benefits of personal services, there is a growing concern over privacy. According to Pew Research, 81% of Americans report they feel a lack of control over their personal data and are highly concerned about how their data is used and shared. To give individual... Read More

Axios reports the potential impact of the invalidation of the EU-U.S. Privacy Shield agreement may differ depending on business size. While larger companies may be able to rely on the more complex and expensive standard contractual clauses to continue data transfers, small- to medium-sized enterprises may face a tougher road. "As with any compliance concern, it's a matter of capacity for small and medium businesses," said Better Business Bureau National Programs Deputy Director, Privacy Initiati... Read More

Since the EU General Data Protection Regulation went into effect, most American companies have been inundated with contract addenda from vendors, customers and just about everyone else with whom they do business, intended to respond to the privacy requirements of the GDPR. In this piece for The Privacy Advisor, Hinshaw & Culbertson Partner David Levitt explains why American companies without significant EU-based assets may not need to sign such addenda.Full Story... Read More

A study by the Data & Marketing Association found 10% of small- to medium-sized businesses in the U.K. are fully compliant with the EU General Data Protection Regulation, while 25% are only in the early stages, MediaPost reports. Of the 293 marketing executives surveyed, 68% said their company has a moderate to good understanding of the GDPR, while 74% rated their company’s knowledge as high. “There is a concern about knowledge gaps and training made available in medium-sized businesses” reg... Read More

A study conducted by insurer Hiscox found while small businesses suffered cyberattacks, many of them did not take action to prevent further incidents, USA Today reports. The study found 47 percent of small businesses suffered one cyberattack in 2017, while 44 percent said they experienced between two and four incidents. Despite the amount of cyberattacks, approximately half of small businesses said they had a cybersecurity strategy, with two-thirds admitting they did not enhance security followi... Read More

Data security and privacy concerns are everyone’s challenge because any modern business is dependent on technology in some way. However, security and privacy is not an equal challenge for every business. For established companies, addressing the issue of data security may be a nuisance, but their vast resources can make compliance easier by facilitating the hire of a sophisticated IT security vendor or an experienced data security expert. For cash-strapped startup companies that prioritize growt... Read More