BreachExchange mailing list archives
You Could Lose More Than Just Customers: Why You Should Lock Up to Crack Down on Cyber Risks
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 9 Feb 2016 18:48:27 -0700
http://www.jdsupra.com/legalnews/you-could-lose-more-than-just-customers-49553/ The most searched word around the office is “cybersecurity”. This year promises to hear myriad cases centered on this suddenly-forefront topic. The issue of security for virtual information has been around for years, but with major advancements made by the less-scrupulous crowd in just the past year, cybersecurity demands attention now. Previously, lawsuits had to prove that the illegally-accessed data had to be actually seen by unauthorized parties. That has now changed. The Massachusetts Superior Court held that a plaintiff—a patient at Boston Medical Center Corp.—has grounds to sue based on the exposure of private medical information, despite not showing that an unauthorized person had accessed or seen the information. The courts indicated that the exposure of patient data to the potential to be accessed by unauthorized persons may be sufficient to adequately plead an injury. This Massachusetts court finding is directly contrary to the Supreme Court’s finding in Clapper v. Amnesty International USA, 113 S. Ct. 1138 (2013), but shows that more States may still rule as Massachusetts has. What does this mean if your company has been entrusted with the personal information of your customers? You must step up your cybersecurity that much more; it is no longer acceptable to be reactionary to breaches by taking steps to curtail the stolen information from making it to illegal online warehouses where other people also lacking in the scruples department go to buy said information (yes, scarily, they do exist). You must be proactive in protecting your data from breaches in the first place. Companies are being held liable not only for the breaches (such as in the Massachusetts case), but also for actual damages incurred by their customers if the information is used illegally, including identity theft and fraud. The legal costs can quickly cripple a company, and that doesn’t touch on the crippling effect of the company’s reputation and future customer base. And remember, even if you are a relatively small company, you are still subject to your State’s laws concerning data breaches. So what should your major steps be now? First and foremost, seek out the guidance of an attorney who has experience with cybersecurity; with the rise in cases, more and more attorneys are getting their fill. Also, consider purchasing Data Breach Insurance; many of these insurance plans include access to professionals with knowledge on compliance, prevention, and response, as well as defense and liability expenses in case you’re sued due to a breach. If your company is large enough to afford or justify one, you should also consider hiring a Chief Information Security Officer or Chief Compliance Officer—someone whose sole focus is maintaining the integrity of your company’s data. In summary, as recent high-profile breaches such as the ones with Target, Ralph Lauren, and even Ashley Madison have shown, cybersecurity must be at the top of mind for any company that stores even the smallest amount of personal data. The liability that a company may face for a breach can come from multiple sources. Be sure to implement a data theft plan, and draw on the expertise of your attorney to cover all bases. A solid plan can not only help to avoid potential breaches in the first place, but also help in how your company responds to a threat. Protect your own assets while protecting those of your customers.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- You Could Lose More Than Just Customers: Why You Should Lock Up to Crack Down on Cyber Risks Audrey McNeil (Feb 10)