Once More Into The (Data) Breach
Data breaches are on the rise, and the numbers are staggering:
“According to Symantec, approximately 1.1 million identities were stolen per data breach on average in 2011, and hacking incidents exposed 187 million identities in 2011 — the largest number for any type of data breach in 2011. Now here comes the ‘kicker’…….the most frequent cause of data breaches was theft of loss of unencrypted data on a computer or other medium on which data is stored or transmitted, such as a smartphone, USB drive, or a backup device.” (Symantec: Malicious Cyber Attacks Increased by 81 Percent in 2011 and Data Breaches Up by Mintz Levin)
For your reference, a roundup of recently legal commentary and analysis on the problem and possible solutions:
Data Breaches: Will You Be Sued, And Can You Lower Risk? (Bryan Cave)
“Statistics regarding data security breaches can be sobering. For instance, according to one widely reported study conducted by the Ponemon Institute, 90 percent of organizations have had at least one data breach in the last year. More troubling is that the study concluded that the majority of organizations (almost 60 percent) had two or more breaches over the year.” Read on»
Navigant: Reports of Data Breaches On the Increase Across Industries (Mintz Levin)
“Navigant recently published the latest update of its comprehensive Information Security and Data Breach Report, which adds yet another analytic view of the data breach picture. And the view is not a pretty one. ” Read on»
Data Breach Case Research Paper Sheds Light (Proskauer)
“In a draft research paper titled ‘Empirical Analysis of Data Breach Litigation’, three prominent scholars have collected and analyzed a sample of over 230 federal data breach lawsuits in order to deduce just what makes them tick… As an interesting example, they found that the odds of a company being sued over a data breach are six times lower when the company offered free credit monitoring following the breach.” Read on»
Data Security Breach Alert: 1.5 Million Credit Card Customers Affected (Mintz Levin)
“Global Payments, Inc. (‘Global’) has reported a significant data security breach for approximately 1.5 million credit card customers. According to a statement that Global released on Sunday, their investigation has revealed that ‘Track 2 card data may have been stolen, but that cardholders’ names, addresses and social security numbers were not obtained by criminals.’ Using Track 2 data, a hacker can transfer a credit card’s account number and expiration date to a fraudulent card, and then use the fraudulent card for purchases.” Read on»
Rapid Response to Data Breach Pays Off (Davis Wright Tremaine LLP)
“The Oregon Supreme Court last week affirmed the dismissal of a class action lawsuit against Providence Health & Services-Oregon arising out of the theft of patient data on backup media that were stolen from an employee’s car in late 2005. The case underscores the importance of taking prompt and effective action to protect patients after a data breach. The Supreme Court noted approvingly the substantial—and costly—steps Providence took to protect its patients in the wake of the theft.” Read on»
Massachusetts Office of Consumer Affairs and Business Regulation Publishes Report on Data Breaches (Mintz Levin)
“The Massachusetts Office of Consumer Affairs and Business Regulation received nearly 2000 data breach notifications affecting nearly 3.2 million individuals between October 31, 2007 and September 30, 2011, according to a report released on Monday. The health care industry experienced only 214 of the nearly 2000 breaches, but it had more affected individuals than any other industry.” Read on»
Data Breach Laws Become Even Stricter For All Companies With California Or Massachusetts Customers Or Users (Fenwick & West LLP)
“How can a 21st century U.S. company do its best to comply with data-security-related obligations imposed by the various laws of 46 states? A company can implement practices and procedures designed to achieve maximum compliance with the laws adopted by the two states widely acknowledged to impose the strictest obligations: California and Massachusetts.” Read on»
Massachusetts Data Security Regulation: New Requirements for Service Provider Contracts (White & Case LLP)
“Effective as of March 1, 2012, organizations that own or license personal information about residents of the Commonwealth of Massachusetts must include in all agreements with vendors and other third-party service providers contractual provisions that require those providers to maintain appropriate security measures to protect personal information.” Read on»
Massachusetts Attorney General Data Breach Investigation Results in $15,000 Settlement with Property Management Firm (Mintz Levin)
“Last October, a Maloney Properties, Inc. (‘MPI’) company laptop was stolen containing unencrypted personal information, including social security numbers, for over 600 Massachusetts residents… Massachusetts Attorney General Martha Coakley … alleged that MPI violated the Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth, and the Massachusetts Consumer Protection Act by (a) maintaining personal information on an unencrypted laptop, and (b) failing to follow its own Written Information Security Program.” Read on»
When a Client Suffers a Data Breach (Gregg Rapoport)
“Companies unwittingly heighten their vulnerability in the name of productivity and efficiency by integrating cloud-based services and embracing the use of consumer-friendly smartphones and ever-evolving tablet devices which rely on those services and/or provide access to corporate networks. In 2011, the risk of outsourcing the custody of sensitive customer data was exposed by incidents involving ‘secure’ cloud vendors Epsilon5 and Dropbox.” Read on»
Credit Processor Pays $1 Million for Data Breach (Lawyers.com)
“Think your credit card information is secure? Think again. Last month, Heartland Payment Systems, a national credit processor, settled a class action lawsuit to the tune of $1 million after a staggering 130 million credit card numbers were stolen from its system by hackers in December 2007.” Read on»
—-
Find related law news and updates on JD Supra»
