Companies of all sizes are bound to a non-disclosure agreement to ensure the privacy of their clientele. These customers trust that their records will not be publicly released, but unexpected events can happen. It is crucial for businesses to have a strong disaster recovery plan in place, so that any recovery process can be as smooth as possible.
The Department of Motor Vehicles in Utah and New York are currently trying to bounce back after suffering from internal data breaches.
In New York, Patricia Bourne was a license clerk who accessed information between December 2012 and January 2013, according to Catherine Scott, the New York State Inspector General. When questioned why Bourne repeatedly accessed records of a single individual, Bourne said that she was doing a friend a favor, based on Scott's statement. Bourne was charged with 11 felony counts of computer trespass and one misdemeanor count of official misconduct.
Former Utah employee regularly accessed private information
Utah has a similar situation to work on because they are involved in a data breach that stems back 14 years, Charlie Roberts, a DMV spokesman told FOX 13.
The former employee used to collect car registration information from specific individuals. "… for the sole purpose and with the understanding the information would be used to commit crimes against the unsuspecting private citizen," a fire investigator wrote in an affidavit.
Roberts confirmed that the woman worked as a customer service clerk for 14 years and is unsure how many people were affected by the woman's actions.
Utah's DMV was already in the midst of upgrading their software security prior to this report and will launch the program in October.
Disaster recovery planning must also include comprehensive employee training, so all workers understand how their actions can affect customers and the company as a whole.