SECURING YOUR DATABASE

In the era of modern technology, effective database security is more important than ever. Your business stores a range of sensitive information (for clients and employees) all of which needs to be kept safe at all times. Should any of that data get exposed, either by malicious hackers or internal human error on your staff’s part, it could very quickly lead to severe consequences for your business. Loss of business, the trust of your clients, financial damages, lawsuits, compliance infractions, or worse. Don’t let it happen to you.

Database Security

Why Should Database Security Be Enhanced?

Information stored on your business database is more than likely to be misused – either hackers who want to access, steal or corrupt it, or simply by employees who aren’t entirely sure of what they’re doing. Additionally, the database is at risk of malware infections that may lead to inappropriate effects, unauthorized access, or deletion of crucial data. Data breaches can cause an overload that would result in poor business performance and lower operational efficiency. Besides, if hackers access your private business data, it could lead to data corruption and inappropriate activity that would potentially damage your reputation. That’s why it’s so important for you to enhance database security by employing various strategies aimed at protecting the information from any unauthorized access. These strategies involve physical, administrative, and software controls. They include:

Enhancement of Physical Database Security
It may sound simple, but it’s a vitally important part of database security – make sure your servers are kept protected by physical security implementations. Locked closets, numbered keypads, video surveillance, etc. Similarly, you need to ensure that you allocate different machines from those running the web servers for your database. Given that such servers are publicly accessible, they are at a higher risk of hacking and may help in accessing the database irregularly.

Use of Database Firewalls
A firewall will help to enhance the security of the database by denying access to traffic from unidentified sources and reducing the initiation of unnecessary outbound connections. In this case, it identifies a few web servers of applications that are allowed to access the data. Web application firewalls can also be used to prevent malware such as SQL injection attacks that have a potential to delete database information.

Encryption of Data
Encryption should be a foundational aspect of your cybersecurity practices, but especially those concerning your database. In layman’s terms, encrypted data is formatted in a secret code that would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only occur through a key, which is essentially a “secret password”. In this case, there is a need for updated encryption software to ensure that private information is only accessible through the database program.

Use of Secure Passwords
Given that a password grants access to your database, it is imperative that you ensure it is complex enough that it can’t be easily guessed. In recent years, hackers have developed sophisticated tools and systems for identifying simple passwords. Therefore, combining letters, numbers, and symbols are simple ways to ensure your passwords are more difficult for hackers to crack using their standard methods.

Auditing and Monitoring Database Activity
Regular database auditing and monitoring help to detect any unusual activity or login attempts by an unauthorized individual. In addition, doing so can help you detect cases of account sharing or any other suspicious activity. The organization may need Database Activity Monitoring (DAM) software that is important in monitoring such activities automatically and independently. Additionally, auditing the database helps to identify accounts that are no longer in use, which could increase the risk of hacking.

Tight Management of the Database Access
It’s important to limit the number of people accessing the database in order to enhance monitoring. Besides, your administrators should only get the minimum privileges that are necessary for their jobs. In some instances, employees are caught colluding with external hackers to defraud an organization or steal crucial data. Therefore, it would be prudent for your business to consider acquiring access management software that provides temporary passwords to authorized users and more specific privileges when necessary. That way, any attempts to access the database with these credentials after they expire won’t work and will notify you of such attempts.

Segmentation of Database
A large, singular database is at a higher risk of exposing private information because it involves so much data. That’s why it can be useful to segment the data by creating various roles within the database. This help prevents all administrators from viewing all data whenever they like. Were you to segment your database, depending on the roles, your administrators may be classified with different privileges and access to different levels of database information.

The security of a database is undeniably important for businesses like yours. Be sure to follow strict cybersecurity practices in order to keep your database secure from malicious hackers and careless employees.

Hey Brother, Can You Spare $2.7 Million?

Don’t Be Like The City Of Atlanta That Paid Millions After A Ransomware Attack

In March 2018, Atlanta’s city government was hit with a ransomware attack that paralyzed them. They couldn’t process payments, provide information or other citizen services because their IT system was locked down. The note attached to the SamSam ransomware demanded $51,000 in bitcoin to restore their systems. However, the City of Atlanta spent much more than this trying to recover their data; a whopping $2.7 million! Plus, some services still aren’t up and running.

We’re not sure if they paid the ransom, but it doesn’t look like it went through if they tried. The hackers took down their communications portal, which they would have needed to pay the ransom. Agencies like the FBI tell us not to pay ransoms because it only encourages these criminals to continue hacking us. Plus, paying doesn’t necessarily mean that the thieves will provide the decryption keys to unlock your data.

It would have been so much cheaper to have protected their network beforehand. The City of Atlanta paid $600,000 in emergency data recovery costs after the incident. They could have set up a more secure system throughout all their departments for 10 percent of this. If I were a taxpayer in Atlanta, I’d be pretty angry about this, wouldn’t you?

Unless your organization has $2.7 Million to spare, it’s time to up your IT security.

Government entities are advised to follow the standards mandated by the Federal Information Processing Standards (FIPS) through the Federal Information Security Management Act (FISMA).

FIPS are a set of standards for document processing, encryption algorithms and other information technology standards for use by non-military government agencies, government contractors and vendors who work with them.

The US government’s National Institute of Standards and Technology (NIST) disseminates these standards via their Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, recently published on April 16, 2018.

Had The City of Atlanta followed these standards, they may not have been hacked.

The voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. It’s broken down into five segments:

Identify, Protect, Detect, Respond and Recover

1. Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

2. Protect: Develop and implement appropriate safeguards to ensure delivery of critical services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include Identity Management and Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

3. Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

4. Respond: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident. Examples of outcome Categories within this Function include Response Planning; Communications; Analysis; Mitigation; and Improvements.

5. Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact of a cybersecurity incident. Examples of outcome Categories within this Function include Recovery Planning; Improvements; and Communications.

The NIST Framework is a good reference for guidance. {company} can do the rest. The days of using only in-house techs are gone. Your organization requires the up-to-date expertise of IT experts who can keep your data secure.

What Else Can You Do?

6 Steps To Take To Protect Your Organization

Step 1: Ignore Ransomware Threat Popups and Don’t Fall for Phishing Attacks

These threats look like they’re from an official entity like the IRS or FBI. If a screen pops up that says you’ll be fined if you don’t follow their instructions, don’t do what they ask. If you do, the criminal will encrypt all your data and prevent you and your employees from accessing it.

Beware of messages that:

  • Try to solicit your curiosity or trust.
  • Contain a link that you must “check out now”.
  • Contain a downloadable file like a photo, music, document or PDF file.

Don’t believe messages that contain an urgent call to action:

  • With an immediate need to address a problem that requires you to verify information.
  • Urgently asks for your help.
  • Asks you to donate to a charitable cause.
  • Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Be on the lookout for messages that:

  • Respond to a question you never asked.
  • Create distrust.
  • Try to start a conflict.

Watch for flags like:

  • Misspellings
  • Typos

Step 2: Always Use Secure Passwords

  • Never use words found in the dictionary or your family names.
  • Never reuse passwords across your various accounts.
  • Never write down your passwords.
  • Consider using a Password Manager (e.g., LastPass or 1Password)
  • Use password complexity (e.g., P@ssword1).
  • Create a unique password for work.
  • Change passwords at least quarterly.
  • Use passwords with 9+ characters.
    • A criminal can crack a 5-character password in 16 minutes.
    • It takes 5 hours to crack a 6-character password.
    • Three days for a 7-character one.
    • Four months for eight characters.
    • 26 years for nine characters.
    • Centuries for 10+ characters.
  • Turn on Two-Factor Authentication if it’s available.

Step 3: Keep Your Passwords Secure

  • Don’t write down passwords.
  • Don’t email them.
  • Don’t include a password in a non-encrypted stored document.
  • Don’t tell anyone your password.
  • Don’t speak your password over the phone.
  • Don’t hint at the format of your password.
  • Don’t use the “Remember Password” feature offered on programs like Internet Explorer, Portfolio Center or others.
  • Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login where the web browser address starts with “http://” instead of “https://”. If the web address begins with “https://”, then your computer is talking to the website in a secure code that no one can eavesdrop on. There should be a small lock next to the address. If not, don’t type in your password.

If you believe your password may have been breached, you can always change it.

Step 4: Back Up Your Data Onsite/Remotely and Securely

  • Maintain at least three copies of everything.
  • Store all data on at least two types of media.
  • Keep a copy of your data in an alternate location.

If you haven’t backed up your data and you get attacked, it’s gone forever.

Step 5: Secure Open Wi-Fi with a VPN

  • Don’t go to sites that require your personal information like your username or password.
  • Use a VPN whenever possible.
  • Limit your access to using sites that start with “https://”
  • Don’t connect if all the Wi-Fi networks you have ever accessed appear as “Available”.

Step 6: Hire a Reputable IT Company to Conduct Testing and Training

  • Conduct a social engineering test.
  • Share the results with your staff.
  • Debrief and train your users.
  • Test again each year!

Don’t run the risk of getting hit with SamSam or any other form of ransomware. Follow the FIPS and NIST Framework and ask the experts at {company} to help.

Is Your Business Compliant with The New DFARS/NIST Requirements?

What DoD Contractors Need to Know About Controlled Unclassified Information (CUI) & Using a Technology Solutions Provider to Ensure Compliance with the DFARS and NIST.

DFARS

Today, more than ever, the Department of Defense (DoD) relies on external contractors and suppliers to carry out a wide range of missions. Sensitive data is shared with these companies and must be protected. Inadequate safeguards for this sensitive data may threaten America’s National Security and put our military members at risk.

In response to this threat, the DoD has implemented a basic set of cybersecurity controls through DoD policies and the Defense Federal Acquisition Regulation Supplement (DFARS). The DFARS rules and clauses apply to the safeguarding of contractor/supplier information systems that process, store or transmit Controlled Unclassified Information (CUI). These security controls must be implemented at both the contractor and subcontractor levels based on information security guidelines developed by the National Institute of Standards and Technology (NIST) Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations.”

As a U.S. DoD contractor who collects, stores, or transmits Covered Defense Information (CDI) or Controlled Unclassified Information (CUI) you must comply with NIST (The National Institute of Standards and Technology) regulations 800-171 and DFARS (Defense Federal Acquisition Regulation Supplement) 252.204-7012. Your subcontractors must comply as well and be able to maintain compliance. If you don’t, you can’t bid on DoD contracts, and you may lose the ones you have.

The Department of Defense enforces a specifically defined set of cybersecurity controls through the DFARS. The DFARS rules and clauses apply to the safeguarding of contractor/supplier information systems that process, store or transmit Controlled Unclassified Information (CUI). These security controls must be implemented by both you, the contractor, and your subcontractors according to levels based on information security guidance developed by the National Institute of Standards and Technology (NIST).

Finding everything you need to know about DFARS regulations and NIST cybersecurity guidance to ensure that your technology is compliant can be a daunting task. Using the services from a Technology Solutions Provider who has expertise in DFARS and NIST requirements is essential if you want to attain compliance and remain compliant.

Complying with DFARS and NIST requirements isn’t easy. You and your subcontractors must meet DFARS cybersecurity standards and NIST Guidelines, or you can’t apply for DoD contracts. To do this requires a complete scoping and readiness assessment to measure your compliance. You must then remediate any identified gaps in security.

To do this requires the support from a Technology Solutions Provider who specializes in providing compliance solutions. The right IT Provider will help you understand the risks of storing Controlled Unclassified Information in your IT system, and what you must do to comply. Your Provider should also be adept at conducting gap analyses services, vulnerability scans, and penetration testing to ensure your IT security.

Your Requirements as a DoD Contractor

Cyber attacks have reached epidemic proportions in the U.S. Even government agencies are at risk of breaches. This poses a real risk to National Security. It’s imperative that you, your personnel and your subcontractors safeguard classified information and Controlled Unclassified Information. The security of the U.S. Government depends upon the measures you take as a contractor, as well as those in your supply chain. Unfortunately, many businesses don’t have the right cybersecurity controls in places like firewalls, anti-virus and anti-malware, and identity-authentication processes. They also lack detection and response controls for IT exploits.

Until now, strict security processes, controls, and standards that applied to federal information systems weren’t required for CUI. The DFARS 225.204-7012 and NIST SP 800-171 regulations were developed to cover unclassified federal information for nonfederal organizations. You must implement the security controls outlined in the NIST SP 800-171 to be compliant with DFARS.

The U.S. Government provided a disciplined and structured process for contractors to follow. If you want to comply and be accepted for DoD projects, you must leverage the following IT solutions.

  • Security Information and Event Management
  • Intrusion Prevention System
  • Vulnerability and Threat Management
  • Database Security Controls
  • Log Management
  • File Integrity Checking
  • A Tested Incident Response Plan

The Right Technology Solutions Provider Will:

  • Identify Information Security Gaps in your system design, architecture policies, and planning exercises.
  • Utilize Advanced Security Engineering for remediation and enhancements so there are no interruptions in IT service.
  • Deploy Cyber Operations Support with proven methods to maximize your operational security.
  • Conduct Continuous Risk Management with a proactive rather than reactive approach.
  • Use Advanced Cyber Security Testing to identify vulnerabilities in your IT assets that are at risk for cyber attacks.

What Specifically is Covered by the DFARS/NIST Regulations?

The DFARS 252.204-7012 | NIST SP 800-171 requirement for CUI includes any information related to a DoD performance contract, as well as anything that supports the contract. This is a very broad requirement and could have a dramatic impact on the number of systems that must be covered.

These systems are broken down into four categories:

  1. Controlled Technical Information: Any and all technical information as defined by DoD, including those with space or military applications.
  2. Operations Security Information: Any intentions, capabilities or activities that an attacker could use to guarantee failure or unacceptable consequences.
  3. Export-Controlled Information, like biochemical or nuclear data.
  4. Any additional information specified in the contract.

The new rule also applies to your subcontractors. They must meet the same applicability definitions described above.

As a DoD Contractor, you must know what CUI you store, process, or transmit in the course of performing your duties. You and your subcontractors must be prepared to apply NIST SP 800-171 security controls to your information systems. You must create and sustain an environment for the proper storing, processing, or transmitting of CUI. This includes ensuring your employees or any individuals involved in the contract practice security and privacy when it comes to information systems.

As you can see, this broad scope of requirements demands the expertise of a Technology Solutions Provider who can develop, deploy and enhance a secure and compliant environment for your CUI processing needs. You need one who can engage with stakeholders to identify the key security objectives and critical requirements to develop a prioritized IT roadmap, information security architecture, security controls and operations that comply with the DFARS 225.204-7012 and NIST SP 800-171 Guidelines.

Minimum cybersecurity standards are described in NIST Special Publication 800-171 and broken down into fourteen areas:

  1. Access Control– You must limit system access to authorized users.
  2. Awareness & Training– You are required to promote awareness of the security risks associated with users’ activities, train them on applicable policies, standards and procedures, and ensure they are trained to carry out their duties.
  3. Audit & Accountability- You must create, protect, retain and review all system logs.
  4. Configuration Management– You are required to create baseline configurations and utilize change management processes.
  5. Identification & Authentication-You must authenticate information systems, users, and devices.
  6. Incident Response– You’re required to develop operations to prepare for, detect, analyze, contain, recover from, and respond to incidents.
  7. Maintenance-You must perform timely maintenance on your information systems.
  8. Media Protection– You must protect, sanitize and destroy media containing CUI.
  9. Personnel Security– You’re required to screen individuals before authorizing their access to information systems, and ensure these systems remain secure upon the termination or transfer of individuals.
  10. Physical Protection-You must limit physical access to and protect and monitor your physical facility and support infrastructure that houses your information systems.
  11. Risk Assessment– You are required to assess the operational risk associated with processing, storage, and transmission of CUI.
  12. Security Assessment– You must periodically assess, monitor and correct deficiencies and reduce or eliminate vulnerabilities in your organizational information systems.
  13. System & Communications Protections– You must monitor, control and protect data at the boundaries of your system, employ architectural designs, software development techniques and system engineering principles that promote effective information security.
  14. Protection System & Information Integrity– You’re required to identify, report and correct information and any flaws in your information in a timely manner. You must also protect your information systems from malicious code at appropriate locations, and monitor information security alerts and advisories so you can take appropriate actions.

Plus, there are specific security requirements comprising 110 individual controls that you and your subcontractors must implement in each of these areas.

Large enterprises probably have these security systems in place. Smaller businesses probably don’t–And this is a big undertaking. With the right experience in CUI requirements, your TSP can help by handling these responsibilities for you. They can:

  • Periodically assess the security controls in your company’s systems to determine if the controls are effective in their application.
  • Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in systems.
  • Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
  • Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.

As a DoD contractor, you and your authorized employees must fully understand what Covered Defense Information you store, process, or transmit in the course of doing business with the Department of Defense. You must also be ready to provide adequate security using controls outlined in the NIST SP 800-171, Security and Privacy Controls for Non-Federal Information Systems.

Your Technology Solutions Provider must be adept at integrating methodologies for incorporating security and privacy into business solutions. They should leverage the following services:

  • Compliance Services that include security awareness training, information technology security training, computer-based training classes, IT oversight, system registration and categorization, and continuous monitoring planning.
  • Risk Management Services via successful risk management programs and concise, actionable risk assessments.
  • A 24/7 Virtual Network and Security Operations Center (VNSOC) with a team of highly trained, certified and experienced network and security analysts that monitor your network and systems around the clock with log management.
  • Security Assessments that utilize the latest trends in data protection, technology advancements, and legislative changes, and that test the security posture of your information systems.
  • Security Controls that determine how to implement NIST SP 800-171 R1 security requirements.
  • Identity, Credential & Access Management (ICAM) to simplify the identification, credentialing and assessment of your IT infrastructures to ensure privacy, security, privacy, compliance, and efficiencies.
  • Cyber Incident Reporting to plan, develop and execute testing of a cyber-incident plan.
  • Response and Recovery Service if a cyber event is confirmed. Your TSP should support and advise you during the Incident Response lifecycle. Your TSP should immediately preserve and protect all evidence and capture as much information about the incident as possible. They should review your networks to identify compromised computers, services, data, and user accounts and identify specific covered defense information that may have been lost or compromised. You must always be helpful and transparent with the DoD and cooperate with them to respond to any security incidents.

Meeting the SP 800-171 is not a one-time fix–Rather it’s a continuous assessment, monitoring and improvement process. Your TSP should periodically assess the security controls in your company’s systems to determine if the controls are effective in their application. They should develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in systems. They must monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls that are in place. And, they should develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with connections to other systems.

If the Department of Defense determines that other measures are required to provide adequate protections and security, you and your subcontractors may also be required to implement additional precautions. It’s essential that you stay up to date on these requirements if you want to keep your standing with the DoD or to bid on future contracts. Again, your Technology Solutions Provider is your best friend where this is concerned.

 

7 Ways to Reduce Your Paper Usage

In spite of the move toward living digitally, Americans still use over 90 million tons of paper each year. Everyone nowadays seems to be reading everything online, and yet more than 2 billion books are printed each year. In addition, over 24 billion newspapers are printed annually, along with 350 million magazines. Only about half the available waste paper is recycled each year, leaving the other half to end up in local dumps and waterways.

Paper Usage

Of course, much of this wasted paper originates from commercial enterprises, such as offices, publishers, schools, colleges, and manufacturing. The average consumer has cut way back on their personal paper usage.

Saving Trees

You may have learned this stuff in grade school but forgotten it. Trees make oxygen, the air we breathe. They filter out harmful pollutants. They also produce foods like maple syrup, walnuts, pecans, and almost all fruits. A tree has its own self-replicating technology: it drops seeds each year so that new trees can be born. Many birds and small animals call a tree their home.

When we slash and burn a rainforest, we do irreparable harm to our planet. Rainforests are precious and delicate eco-systems that are simply remarkable on every level. There’s no way for humans to cheaply create, build or invent the machine that does what one common oak tree does. These are just a few of the reasons why it’s so important to save every tree possible. By taking strong actions now, we can ensure that our grandchildren will be able to walk through a lovely forest of aspens or look out on a field of evergreen trees and smell that unmistakable essence of evergreen.

Saving Other Resources

Each time someone prints something, there is other waste involved. You can’t print out a letter without using ink. You also need electricity. In the end, there are numerous direct and indirect costs associated with printing anything. And there are always harmful effects to the environment, such as the pollution caused by a single paper mill. When you add it all up, the cost to print a book includes damage to the eco-system, waste of natural resources, and it adds to the landfills. Instead, let’s all look for ways to reduce our paper usage so we can save as many trees as possible. We begin with these seven timely suggestions.

One: Recycle Phone Books

In this day and age, very few people use a phone book, yet most cities still print them. They are rarely recycled, but it’s possible to save approximately 30 trees simply by recycling 500 phone books of average size. Each year, when the new phone books arrive, be sure to throw the old ones in your recycling bin. These items can be recycled just like any other paper product. There’s nothing hard or complicated about the process. Most of us simply forget.

Two: Opt Out of Junk Mail

Many of us can fill a trash can with the junk mail we get in just one week. It’s time-consuming to open all those letters, plus it’s wasteful. Simply opt out. You can stop receiving certain emails, but many people are not aware that you can also do this with printed junk mail. It’s dangerous in this day and time to allow companies to send you pre-approved credit card applications through the mail. These can be stolen and used by thieves to obtain credit cards in your name.

The consumer reporting companies maintain a website and a toll-free number that consumers can call to opt out of receiving these offers. Simply by calling the toll-free number, you can opt out for five years. If you’d like to stop receiving junk mail permanently, then you must go to the website. The process is a bit more complicated but still worth it.

Three: Go Paperless

Many people have already done this, but it’s simple to go paperless at your bank and all creditors. Since it’s much cheaper for businesses to send your statements and bills by email, most companies make it very simple to choose “go paperless”. Go to their website and look for information about this on the homepage. Usually, you need to log into your account and then set up the paperless option there. It’s normally just a matter of a few clicks and you’re all done.

Four: Stop Printing So Much

The average consumer has a much better handle on this concept than the average business. Most homeowners barely use their printer these days. At the office, it’s a totally different story. The average office still prints out reports, surveys, journals, meeting notes and many other items. When you do need to print something out, you can easily adjust margins to .75 inch and thereby get more writing on each page. This reduces the number of pages on every document.

Five: Sign Up for Online Magazines

Who among us has a dusty pile of old magazines somewhere in our home? This is quite a common problem. You can eliminate this problem by signing up for online magazines. When you think about it, online publications make more sense. Once a document is digitized, you can quickly search through it for information. We’ve all read something interesting that we wanted to go back and look at again, but just can’t find the correct book or magazine. It’s easy to search through digital documents of any length using a single keyword and find exactly what you’re looking for. If you’re one of those people who hate to throw away old magazines, this is the perfect solution. Just choose digital publications from now on.

Six: Use Electronic Storage

Occasionally, we all get receipts, instructions, forms, and other important documents that we need to save. It’s very easy now to snap a photo of these types of items and then store them on your hard drive. You can create files specifically for warranties, receipts, or whatever it is. There are a number of handy apps now available that can make this even more convenient to use. Once you get these copies on your computer or phone, they can be saved by the date or type of item. This is much better than having a shoebox full of old receipts lying around gathering dust.

Seven: Buy Recycled Stuff

Recycled items are good for the environment. Because of the lower costs involved, you can now purchase countless recycled items that you use every day. These products include paper plates, envelopes, greeting cards, books, notebooks, household paper products and others.

The average person simply doesn’t think to look for this on the packaging. These recycled items are for sale on the shelf, right alongside products of the same type. It’s just a matter of looking for the phrase, “Made from Recycled Materials”.

Tips for Success

Sometimes we all receive important papers and worry that we’ll lose or misplace them. This happens with printed documents as well as digital items. To keep track of your important papers at home or at the office, purchase a small filing cabinet. For each topic or item, create a single file folder. You can include the date and any other important information like PIN numbers or due dates.

Saving digital documents is simple too. If you have a word processing program like Microsoft Word, be sure to save these items to your hard drive. If you already have too much on your hard drive, programs like Google Docs allow you to store everything in the cloud. A number of companies have created apps and software for saving important documents. It’s just a matter of finding the program that works best for you.

Of course, it goes without saying that we should all back up our phones and computers on a regular basis. It can be helpful to have a few blank thumb drives lying around for this purpose. Blank DVDs are cheap and you can store from 4.7 GB to 9.4 GB. These disks can last for years but be sure to stick them in a paper sleeve so they aren’t accidentally scratched. No paper sleeves available? Plastic lunch bags work perfectly.

Electronic document collaboration is superior to paper document collaboration. Here at Vision of Earth, we use Google Docs for all of our writing. It is a simple system that allows us to cooperatively edit documents, as well as track the changes made by each person. For more information on how we at collaborate, see our post on software tools that we use to collaborate across the world.

It is possible to do effective editing and collaboration even using standard word processors. For instance, you can learn to use “track changes” in Microsoft Word, or Edit->Changes in OpenOffice Writer. This lets you put editing marks in documents, and also view the editing changes that have been made by other people.

Use email (electronic mail) rather than paper mail when you can. Most businesses and even governments are in the process of transferring over to electronically available services. This will drastically reduce the costs of postal service as well.

Use a USB stick, also known as a ‘thumb drive’, to move around or share electronic documents rather than printing them. Encourage people coming to meetings to bring their reports in electronic format, and for attendees to bring electronic storage of their own (or share via an Internet-based document storage). Many companies are utilizing an ‘intranet’ now, allowing them to securely distribute documents to company employees only.

Use electronic fax services. There are a number of them available, some of which are even free for one-page faxes such as fax zero. The quality can sometimes be a bit low with the free services, so it is recommended that you phone the fax receiver to make sure that they can read the sent document.

Don’t place paper contacts on business cards (such as a postal mailing address). Only put email, and phone. This forces people to contact you through these electronic mediums.

Home

Use cloth napkins.

Use rags instead of paper towels.

Try to not use paper plates. Use durable washable ones if you need something for a BBQ. In terms of environmental impact, the trend usually goes like this: Reusable plates are better than paper plates which are better than plastic plates.

Use a handkerchief instead of kleenex.

Use a whiteboard for lists/notes/announcements.

Buy bulk foods using your own reusable containers rather than buying supermarket boxed

How Much Paper Does Your Office Use Each Year? Tips For Reducing Paper Use

Are you an average worker? If so, statisticians say you use around 10,000 sheets of paper every year.

If that sounds like a lot, that’s because it is. The bottom line is that the average American worker uses way too much paper. To put it in perspective, here are some facts to consider:

4 billion trees are cut down each year to make paper

16% of landfill solid waste is comprised of paper

In one year, the average American citizen will consume 800 million pounds of paper

If you’re having a hard time visualizing how much paper that really is, imagine 5.5 million printed copies of the Hunger Games Trilogy. In terms of trees, you would have to cut down every tree in New York City’s Central Park, or enough trees to build a city with 25,000 houses.

No Office Is Alike

The real issue is how that paper is being used or, in this case, not used. According to a recent survey, 70% of the total waste in offices is made up of paper and as much as 30% of print jobs are never even picked up from the printer. Even worse, 45% of printed paper ends up in the trash by the end of the day. When you consider that the total amount spent annually by U.S. companies on printed documents is $120 million, it’s clear that there is a lot of pointless printing in modern offices (and a lot of wasted money).

Of course, no one is an average worker and there is no such thing as an average office.

I recently visited a small startup that operated out of two different offices. In one office, the company’s engineering team does the coding and support for a Cloud-based software system. These workers are coding all day and hardly ever speak to one another — that’s done on chat — and they almost never print anything. The lead programmer could barely understand why he needed a printer at all and was satisfied with an inexpensive multifunction machine.

Meanwhile, in the same company’s main office, marketing, sales and support staff had multiple printers running all day to publish reports, marketing materials, and more, and stacks of unread documents ended up being piled in bins next to the machines. These are two very different offices within the same company with very different needs: one office barely needed a printer while the other was in desperate need of a Managed Print solution.

It might surprise you to know that even though we sell and service printers, we want you to print less.

Reducing paper usage isn’t just good for business; it’s good for the planet. Take a look around the office. What do you see?

Reams of wasted paper in the recycling bin?

No strategic supply management process?

Underutilized or inefficient printers?

Color copies that should be printed in black and white?

If that sounds familiar, then you need to manage your printers more effectively. We recommend a three-step approach to designing a print strategy that eliminates wasteful printing and matches your business needs.

Evaluate your device use, output, supplies, and viability to align them with a purchasing process

Integrate best-of-class software and printer hardware into your current system

Continuously assess your consumption based on actual usage — because it will always be in flux

Managed Print is ideal for controlling costs and can help ensure that your machines are helping you better serve your clients. To see how such a print partnership can benefit your company, download the Major Signs You Need Managed Print infographic below.

How much paper can be made from one tree?
It is impossible to specify how much paper can be made from one tree, due to its complicated process and multiple factors which impact production.  However,  if we assume that the following paper products have been produced using 100 percent hardwood. A cord of wood is approximately 8 feet wide, 4 feet deep, and 4 feet high. A cord of air-dried, dense hardwood (oak, hickory, etc.) weighs roughly 2 tons, about 15-20 percent of which is water.

It has been estimated that one cord of this wood will yield one of these approximate quantities of products:

  • 1,000-2,000 pounds of paper (depending on the process)
  • 942 100-page, hard-cover books
  • 61,370 No. 10 business envelopes
  • 4,384,000 commemorative-sized postage stamps
  • 460,000 personal checks
  • 1,200 copies of National Geographic
  • 2,700 copies of an average daily newspaper

Notable features of Windows 10

Over the years there have been many versions of Windows such as Windows 8, Windows Vista, and Windows XP. Windows 10, the latest update from Microsoft, has many unique features that distinguish it from its predecessors. While the previous versions ran mainly on laptops and desktops, Windows 10 is designed to run on tablets equally as well. One of the best features of this update, which is also known as Spring Creators Update, is that takes very little time to install – just under thirty minutes. While the previous updates used to take a lot of time, this new version is very time effective.

Notable Windows 10 Features

Windows 10 has many other distinctive features that are very useful for many small businesses.

Cortana on Desktop

Windows 10 brings voice-controlled digital assistance in the form of Cortana to computers. Now you can interact with or give commands to your computer without lifting a finger. You don’t need to type – just tell your computer if you want to launch a PowerPoint presentation, need a specific file, or want to look at specific photos. Your PC can do all this while you work on, say, an interdepartmental email.

Timeline

Timeline has replaced the Task Viewer icon beside the Windows taskbar. This new feature allows the user to view the activity history of their desktop. If you are looking for a file that you were working on last week, Timeline will help you find it quickly. Just click on the Task View button on the taskbar, and you will be able to see all your open files and applications. It is a convenient way to see what applications are running. Windows will display photos, folders, and documents according to the date that they were last used.

Privacy

Another security feature of Windows 10 is the new Windows Diagnostic Data Viewer. This feature allows you to view the amount of information that Microsoft can access from your computer. You can keep your data safe by fine-tuning privacy settings which concern application usage, browser history, web permissions, and connected devices.

The Start Menu is back!

In the previous update the Start Menu was eliminated, but in Windows 10 we can see its revival. The bottom left shows the Start Button, and when you click on it, two panels appear side by side with the left side showing the most used applications. The right side displays a list of live tiles that you can resize, reorganize, and customize. There is a power button at the top similar to Windows 8 for features such as Standby, Hibernate, and Shut down.

Nearby Sharing

Another simple feature that makes office work so much easier is Nearby Sharing, which you can enable from the Control Panel. Select the computer you want to send the file to and then click on the Share button in the Photos app or the Edge browser. The computer will receive a notification asking it to accept or decline the file. This ensures that file transfers can happen without unreliable network folders, beat-up USB devices, or empty email messages.

Snap Assist

In this update, the Snap View feature has also been updated which allows users to open multiple windows side-by-side without being limited by your screen’s resolution. This feature also suggests different apps that you can open to fill the available space.

Swift Pair

This feature allows you to connect to a Bluetooth device within the desktop’s range. You will automatically receive notifications whenever there is a connection opportunity. With Windows 10 you can use wireless headphones to make a call or try out a wireless keyboard by just clicking connect.

Microsoft Edge

The new browser called Microsoft Edge has replaced the old Internet Explorer. This browser has many impressive features such as Cortana integration, which allows you to pull up contextual information without having to search through emails. It has an annotation tool which lets you write anything and share it with your friends on social networks without leaving the browser, and PDF support which makes reading easier by improving the layout of long articles.

Tablet Mode

Windows 10, unlike Windows 8, makes a clear differentiation between tablets and desktops. In Windows 8, if you happen to be using a mouse and keyboard, by default, you will be in desktop mode.

Action Center

The Action Center in Windows 10 has been expanded to allow easy access to frequently used settings such as tablet mode and Wi-Fi connectivity. It also shows all essential notifications as soon as your computer receives an update.

Windows 10 has many impressive features which were missing in the previous update. It is faster, provides invaluable security protection and makes multitasking much easier. Update your computer today to enjoy all the benefits of this new operating system.

Q & A: What is Intelligent Business Continuity?

Is a backup enough to support your business?

Absolutely not.

What causes data loss?

45% is due to human error

45% is due to server failures

50% is due to network outages

 

Can you risk time, security and peace of mind?

No. If your technology comes to a halt, so does your business.

Can you afford to wait for the slow wait times of traditional backups?

No. Time is money. Plus, traditional backups may not be secure.

Can you risk using an untested backup?

No. Because over 50% of tape backups fail.

Can you risk using only one backup location?

No. Your data will be in jeopardy.

Can you afford to wait hours, days or weeks to recover?

No. Your customers will leave and go to your competitors.

What Exactly is Intelligent Business Continuity?

Intelligent Business Continuity is more than a backup. It’s an image-based backup that’s saved as a VMDK (Virtual Machine Disk) that can be instantly virtualized.

Intelligent Business Continuity tests each backup and sends a screenshot to report success.

Intelligent Business Continuity is a Hybrid Cloud Solution that guarantees complete uptime. It utilizes end-to-end encryption protections for your data in transit and in the Cloud.

How does Intelligent Business Continuity with VMDK work?

It preserves your disk file system and system memory of your virtual machine and lets you revert to the snapshot in case of a disaster, deletion or other error that could otherwise erase your data.

 

 

Intelligent Business Continuity is thinking about your business on a higher level.

 

Top security officials advise that businesses like yours in Dallas/Fort Worth strengthen your IT defense structure with Intelligent Business Continuity. Your data will be preserved, protected and easily recoverable 24/7 no matter what.

For more information, contact the Business Continuity Experts at VersaTrust.

 

Datto Siris Data Protection Services from VersaTrust

Your business is at risk every day.

Simple daily backups are no longer enough to ensure your business can keep running in the event of IT equipment failure– equipment fails due to:

  • Human Error
  • Fire
  • Flood
  • Cybersecurity Threats

If a disaster strikes, how will you ensure that your IT environment has enough flexibility, redundancy, and resilience to protect your data, while remaining simple to set up, use and recover?

You can with Datto Siris–the first fully featured, Total Data Protection platform in one integrated solution.

With Siris, you can choose from a family of physical, virtual and software appliances, as well as a variety of storage options to craft a unique data protection solution tailored to your business.

Siris supports a wide array of operating systems, including Windows, Mac, and Linux.

It protects and restores both physical machines and virtual environments. You have the option to restore no matter where your business data lives.

 

Your backups are scheduled every 5 minutes.

They’re tested, stored locally and replicated to the secure Datto Cloud.

And, this isn’t just any cloud. It’s stored within Datto’s Globally Distributed Data Centers.

With Datto Infinite Cloud Retention, you can store your data for as long as your business requires.

You can’t risk losing any piece of data to corruption.

Outdated data backup methods force you to restore an entire system from a single restore point. This results in data loss for any files created after the restore.

Siris uses Inverse Chain Technology and ZFS Snapshots to make each file interdependent. Each snapshot saves the changes between each data point, ensuring that any individual piece of data can be recovered from any previous backup without losing the most recent data.

When disaster strikes your business, there’s no time to waste waiting on outdated technology to restore backups–even 15 minutes old.

With instant virtualization, your business can restore within seconds from your local device or by using Datto’s powerful cloud.

While a complete image of your system runs through a virtual machine, regular backups continue.

And, if you lose the entire source machine, Siris also provides the option for Bare Metal Restore, into new hardware or a virtual destination.

Detect ransomware threats before they happen.

Siris monitors and targets specific patterns of ransomware within a single backup.

Plus, it notifies you and helps you get back to business without paying a ransom.

Imagine the power to backup, restore and secure your business data integrated into one solution.

And supported by a world-class, 24/7/365 tech support group.

With Datto Siris, your business can run anywhere, protect anything and restore any time.

Find out more by contacting the Datto Experts at VersaTrust.

Canada’s Public Emergency Alert System Test Scheduled For May 7th, 2018

On May 7th, all smartphones on an LTE network will receive a test notification for the new Public Emergency Alert System.

Canadian Emergency Broadcast

Don’t let it catch you off guard – coming up on May 7th, 2018, if you live in Ontario or Quebec, your smartphone will receive a test alert for Canada’s Public Emergency Alert System. The same test will run in the rest of the country on May 9th.

Be aware that this first notification will simply be a test by all major broadcast and telecom companies that offer LTE service. In some cases, you may be required to acknowledge receipt of the alert. Depending on your service provider, the alert may also make a notification sound that circumvents the settings on your phone (i.e., even if you have your phone set to silent, in some cases it may still notify with a noise).

These notifications will be sent out as a part of the Alert Ready Emergency Alert System. According to their website, Alert Ready is “designed to deliver critical and potentially life-saving alerts to Canadians through television and radio. The Alert Ready system is developed in partnership with federal, provincial, and territorial emergency management officials, Environment and Climate Change Canada, The Weather Network, and the broadcasting industry and wireless service providers, to ensure you receive alerts immediately and know when to take action to keep yourself and your family safe”.

Once tested and verified, these types of alerts will be sent to Canadians to inform them about a range of types of emergencies and imminent threats, including:

  • Natural Disasters
    • Tornado: a vortex of violently rotating winds, often forming a funnel-shaped cloud that is capable of damaging property and injuring people.
    • Flash Flood: Usually caused by river ice jams and excessive unpredicted rainfall, a flash flood is a sudden onset of water causing immediate flooding of the local area. The danger is in the little to no warning to local residential areas.
    • Earthquake: A sudden release of violent seismic waves due to energy generated by the movement of plates in the Earth’s crust, which can cause extensive damage in urban environments.
    • Hurricane: A violent storm made up of intense winds and heavy rain that can lead to storm surge, floods, coastal erosion, and landslides.
  • Fires
    • Urban Fire: Any urban fire that presents a threat to multiple residential and/or commercial properties.
    • Industrial Fire: A large fire in an industrial building or complex that poses a threat to human health.
    • Wildfire: A large natural fire involving combustibles such as grass, brush, and trees.
    • Forest Fire: As opposed to a wildfire, a forest fire burns in a forested area, grass or alpine/tundra vegetation and poses a threat to human safety.
  • Biological
    • Biological: A potentially dangerous or poisonous substance that is both unstable and easily transferred between living organisms.
    • Chemical: The misuse or release (unintentional or otherwise) of a chemical substance that could result in serious injury or death.
    • Radiological: A radiological (radioactive) substance with sufficient concentration to do serious or lethal harm to exposed populations.
    • Drinking Water Contamination: In the event that drinking water is negatively affected and as such, a boil-water advisory is raised, cautioning use by the public.
  • Hazardous
    • Explosive: A potentially dangerous substance or device that may explode within an affecting radius of an urban environment or concentrated population.
  • Terrorist
    • Terrorist Threat: The use of violence or threat of violence by individuals or groups against civilians or infrastructure.
  • Environmental
    • Air Quality: Caused by an elevated particulate count in the atmosphere that could negatively affect visibility or the health of individuals.
    • Falling Objects: Natural or human-made materials at risk of falling, which may threaten people or property.
  • Civil
    • Civil Emergency: Occurring when humans cause a disruption of services or require varying levels of support, law enforcement, or attention.
    • Animal Danger: Occurring when a wild or domesticated animal poses a threat to human life or property.
    • Amber Alert: Issued when a child has been abducted and police services believe that the child’s life is in grave danger. This type of alert gives the public immediate and up-to-date information about the abduction in order to gain their assistance in ensuring a fast and safe return of the child.
    • 911 Service: This type of alert occurs when there is a disruption or outage of telecommunication services between public and emergency responders.

Check out the Alert Ready website to hear an example of the specific alert tone that will play through television, radio, and wireless broadcasts to notify Canadians of an impending emergency.

Be sure to take note of how the test occurs – it is the public’s responsibility to ensure that they understand what the alert is informing them of, to consider it carefully, and to respond appropriately and as directed.

For more information about Alert Ready, check out their website here.

Is The U.S. Government Planning A Special Tax On Paper Waste?

Do you use 800 million pounds of paper each year? That’s the latest estimate for the average professional – and nearly 20% ends up in landfills. Would your habits change if you were taxed on paper consumption?

Paper Waste

The use of paper to record thoughts, plans, transactions, agreements, or anything at all, is nothing new. Ancient Egyptians invented the earliest known type of “paper”, named papyrus from the plant which the material was created. The more modern forms of paper are likely created from a process similar to that invented by the Chinese, who remain the leading paper manufacturers today.

The ability to document everything from knowledge and information to financial transactions and taxes brought the foundation of the technological era – though not quite as we see it today. For the first time in history, accountability no longer relied on memory or spoken word, but the origin of the “paper trail” concept.

One of the earliest modern ways we’ve found to scale back paper use is the predecessor to the smartphone, the personal digital assistant (PDA), like the Palm Pilot. Migrating from paper planners to a handheld organizer enabled professionals to have easy calendar access, along with a variety of other resources like the Internet and telephone.

  • Would it surprise you to know that the first person to coin the phrase “PDA” was a former Apple CEO, John Sculley?

The intended purpose of technology is to improve our lives and simplify our tasks. For example, email was designed, in part, to expedite communication in a cost-efficient manner. Written communication that previously took more than a week to deliver via U.S. mail with the added cost of a postage stamp and envelope – also relying on the correct mailing address of the recipient – was now nearly free and instantaneous. The fax machine was intended to serve this same purpose of timely delivery, but still involved paper waste. In fact, fax machines created a unique problem: the sender had to have a print copy to scan and fax, and the recipient thus received a paper copy of the message. In the case of email, technology should decrease the use of paper, and successfully has.

The average professional has indeed cut back on paper use. Statistics vary, but no matter how you look at it, we consume far too much paper for the amount of technology we have at our disposal. Notice the word “consume”? The sad reality is that not all consumed paper is used. Have you ever visited a print station only to have to dig through sheets to find the printed document(s) you’re looking for? How many times do you see the same sheets that never get picked up?

  • Every year, organizations look to trim costs from their budget in unique ways, but rarely are paper costs fully considered. It’s estimated that U.S. companies spend $120 million annually on printed documents – a number that can, and should, easily be reduced.

Companies like Microsoft are trying to facilitate less paper consumption, and therefore, less waste. From online storage with Microsoft OneDrive or SharePoint, where users can store, share, and access files from anywhere without needing to produce paper copies, to collaborative software solutions like Microsoft Teams or Microsoft Project which help groups jointly communicate in real time, modern solutions are geared toward less paper consumption.

One industry where paper consumption has significantly decreased in recent years is the medical field. Patient charts used to be entirely paper, including test results, office visit notes, and full patient history. For large medical practices, this involves a lot of expensive real estate for a physical item that isn’t often used. The movement toward electronic health records is more efficient in every way: cost savings for less paper and less space taken, easy to share and access from anywhere, and less chance of a test result or document getting lost or damaged.

Banking is another industry to vie for the record of worst offender in terms of paper consumption. Between lending for auto purchases or mortgages and account statements, banks recognize the high-consumption of paper and have (slowly) been moving toward online signatures, email statements, and digital records.

Even major metropolitan areas are jumping on the “green” bandwagon. Bike lanes are being rolled out in cities across the country. Mass transit light rail systems are being installed and adopted for easy navigation and decreasing carbon footprints and toxic emissions. On the smaller scale, but no less important, it’s becoming more common for consumers to be emailed a receipt at a point of purchase, rather than have a paper receipt printed at the time of transaction. Most cities have designated locations to return printer ink cartridges for recycling to help cut down on waste.

  • Commonly purchased with large print workstations are service agreements to maintain the printer. Rather than a set cost, these agreements are based on use and consumption, with fees for black-and-white documents ranging from 5¢ to 12¢ on average, and color documents ranging from triple to more than five times the cost of black-and-white fees. By comparison, cloud storage costs are far more economical!

So, what can you do to help cut down on paper waste, thereby cutting costs for your company?

  • Evaluate who uses a printer at your organization and for what purposes.
  • Determine if your printer(s) are the most efficient available, and if they are maintained for efficiency.
  • Monitor overall usage, and then assess how usage can be decreased.

There are so many ways technology can help decrease print usage and costs, and here are a few to get started:

  • Cloud storage
    • This cannot be stated enough. Moving file storage to the cloud is a big leap, but can save you time and money.
    • No more file cabinets taking up real estate.
    • Documents are easier to find, access, and share from anywhere.
  • Reusable notebooks
    • Do you or your team still prefer to take handwritten notes? Using a smart notebook like the Rocketbook Wave propels your note-taking into the next century. Once captured, notes can be shared to the cloud using your smartphone. Once the notebook is full, a quick run in the microwave and it’s empty to use again!
  • Collaborative platforms
    • We mentioned Microsoft Teams already, but there are countless options available. From Slack to Basecamp, most offer users a similar feature base intended to encourage digital collaboration and eliminate paper waste.

It’s not unheard of to offer incentives to decrease waste, but the greatest incentive is decreasing costs for the organization resulting in increased revenue – and hopefully increased salaries! Decreased paper waste shouldn’t have to rely on staff incentives – and hopefully, it won’t come to taxation, but you never know…so let’s get ahead of the game and help ourselves while helping the planet. Saving two kinds of green – money and Mother Earth – with one effort!

Is Your Company Compliant with California’s “Shine the Light” Law?

Recently, several big class-action lawsuits have been filed in California over whether adequate notices are being given to consumers when their personal information is sold. With the major controversy surrounding Facebook and the use of its users’ personal information during the 2016 presidential campaign, the public has become more aware and informed about this topic.

California Shining the Light

A recent Newsweek article reports that data brokers typically try to stay below the radar so as not to draw attention to what they do for a living. This may be partly responsible for the fact that over half of all Canadians and Americans say that they do not know exactly what happens when they give their name, address, phone number and email address to a website or company.

Recent lawsuits use California’s Shine the Light Law (S.B.27) to object to how these marketing companies use all our data. The lawsuits allege:

“The company failed to properly identify a method for obtaining a disclosure as to how the company shares its customer’s personal information.”

With the publicity surrounding these lawsuits, other consumers are taking notice and filing their own suits, many of them class-action suits. Before deciding whether to file or not, it’s important to know exactly what S.B.27 is and how it works.

Overview of S.B. 27

According to S.B. 27, certain companies must disclose how they share their customer’s information each time a customer asks for it. Each time a company receives a request from a customer wanting to know how the company has shared their information with marketers, they must provide the information. This only covers the previous twelve months. In addition, S.B. 27 only allows consumers to make these requests in cases where the customer was not given access to the company’s privacy policies containing opt-out notices.

In order to be compliant with S.B.27, a company must create a privacy policy that includes opt-out rights, and provide that to their customers in an acceptable manner. It’s important for the consumer to fully understand the privacy notice and how they should proceed with opting out if desired. Many consumers are claiming that they were not notified about how their personal information is being used and who it is being sold to.

Who must comply?

Not all businesses must meet the terms of S.B. 27. Those affected will have these four things in common:

  1. 20 or more employees
  2. Business relationships with customers in California
  3. Have in the past, shared a customer’s personal info with other companies for the purpose of marketing
  4. The incident must have taken place within the previous calendar year

There are some businesses who are exempt from the bill’s requirements. These include:

  • Financial organizations subject to certain provisions of S.B. 1, the California Financial Information Privacy Act.
  • Those administering business-related disclosures to third parties. For instance, administrative or customer service personnel who do not use the information for their own direct marketing needs.

Rights of each individual under S.B. 27

Consumers have the right to be notified by the business using a designated contact method such as email, phone, and regular mail. In the notification, the company should outline how it shares the personal information of its customers with other businesses for the purposes of direct marketing.

Notifications can be completed in any one of several ways:

  • A customer service representative from the company may contact customers who request this and go over their full policy for sharing customer personal data with third-party marketers.
  • Customers may view the company’s privacy policy by visiting a store or branch and asking to see it.
  • Customers may be directed to view the privacy policy statement by visiting the company’s website. The website must clearly show a link to “Your Privacy Rights” or “Your California Privacy Rights”. The privacy notice can be posted on the company’s website or on another web page that includes all this information. The disclosure must include wording that clearly indicates that the information is being given at no cost and is updated regularly with any changes to the law.

Consumers also have the right to request the following information each year from any California company they do business with:

  • Customers can contact the company to find out whether they implement and comply with S.B. 27.
  • Customers can request information about how to opt-in or opt-out of information sharing. The company is then responsible to notify the customer free of charge and in writing about opting in or out of sharing personal information.
  • There are additional requirements for a business that does not provide their consumers with the opt-in and opt-out information. This information must also be provided free of charge in writing or by email.

Companies are required to go into some detail about exactly what customer information they are sharing. They must provide:

  • Names and addresses of all third parties that obtained personal information during the preceding year from the business for direct marketing purposes.
  • Exactly what information they shared, i.e., the customer’s name, address, phone number, birth date, etc.
  • They must ensure that the customer understands what type of business they’re private info has been sold to. For instance, in cases where an individual might not readily recognize the business name, the company must provide examples of the types of products and services the third party vendor sells.

For those who wish to contact one or more companies to ask about how their personal information is being used, the Privacy Rights Clearinghouse has drafted a letter that can be used to request this information from any company.

The Penalties for Failing to Comply

There are legal remedies provided under the law when S.B. 27 is not properly followed. If a company fails to respond to a disclosure request, the customer is entitled to recover a civil penalty of up to $500 per violation. If the court decides that the company was willful, reckless or intentional in not adhering to S.B. 27, those filing lawsuits may be able to get $3,000 per incident. In some cases, the plaintiff’s attorney fees are also included in the award. A suit should be filed within 90 days of learning that an individual’s personal information was bought or sold without the person’s knowledge.