County to update data breach policy
Published 9:00 am Wednesday, August 2, 2023
Getting your Trinity Audio player ready...
|
In order to satisfy conditions for some federal grants, Troup County will formally adopt a new Data Breach Policy.
Grants Manager Denise Smith said the county has had informal data breach policies for some time. The new policy will just codify the processes that are already in place, she said.
The policy outlines the steps taken to protect personally identifiable information (PII) and the processes for responding to reported security breaches.
The new Troup County Data Breach policy has been developed to satisfy these grant requirements and ensure compliance. The policy outlines the best practices of the City of LaGrange IT, which provides IT services for the county.
Smith said the policy covers a wide variety of ways data could be breached, whether by human error, hacking or natural disaster.
“There are many different scenarios. There are lots of decision trees [in the policy,] but it would start at the top, either at the IT level or at the department head level and decisions get made from there,” Smith said.
The policy makes sure that the county has a process to inform folks if personally identifiable information has been breached.
Commission Chairman Patrick Crews noted that the vast majority of the data that the county holds is public record anyway.
He said personnel records at human resources would likely be the greatest risk in terms of security.
Smith noted that the policy isn’t a response to a recent data breach that has occurred, although the county has had its issues with hackers.
In 2017, international hackers demanded nearly $30,000 in Bitcoin to unlock the county’s servers after hacking into the system.
Instead of paying the ransom, the county had the virus safely removed and updated its security software to prevent future breaches.
“The federal grants just want to see that we have a policy, and we want to be in compliance with that, and this is just a way to formalize that,” Smith explained.