You Could Lose More Than Just Customers: Why You Should Lock Up to Crack Down on Cyber Risks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.jdsupra.com/legalnews/you-could-lose-more-than-just-customers-49553/

The most searched word around the office is “cybersecurity”. This year
promises to hear myriad cases centered on this suddenly-forefront topic.
The issue of security for virtual information has been around for years,
but with major advancements made by the less-scrupulous crowd in just the
past year, cybersecurity demands attention now.

Previously, lawsuits had to prove that the illegally-accessed data had to
be actually seen by unauthorized parties. That has now changed. The
Massachusetts Superior Court held that a plaintiff—a patient at Boston
Medical Center Corp.—has grounds to sue based on the exposure of private
medical information, despite not showing that an unauthorized person had
accessed or seen the information. The courts indicated that the exposure of
patient data to the potential to be accessed by unauthorized persons may be
sufficient to adequately plead an injury. This Massachusetts court finding
is directly contrary to the Supreme Court’s finding in Clapper v. Amnesty
International USA, 113 S. Ct. 1138 (2013), but shows that more States may
still rule as Massachusetts has.

What does this mean if your company has been entrusted with the personal
information of your customers? You must step up your cybersecurity that
much more; it is no longer acceptable to be reactionary to breaches by
taking steps to curtail the stolen information from making it to illegal
online warehouses where other people also lacking in the scruples
department go to buy said information (yes, scarily, they do exist).  You
must be proactive in protecting your data from breaches in the first place.
Companies are being held liable not only for the breaches (such as in the
Massachusetts case), but also for actual damages incurred by their
customers if the information is used illegally, including identity theft
and fraud. The legal costs can quickly cripple a company, and that doesn’t
touch on the crippling effect of the company’s reputation and future
customer base. And remember, even if you are a relatively small company,
you are still subject to your State’s laws concerning data breaches.

So what should your major steps be now? First and foremost, seek out the
guidance of an attorney who has experience with cybersecurity; with the
rise in cases, more and more attorneys are getting their fill. Also,
consider purchasing Data Breach Insurance; many of these insurance plans
include access to professionals with knowledge on compliance, prevention,
and response, as well as defense and liability expenses in case you’re sued
due to a breach. If your company is large enough to afford or justify one,
you should also consider hiring a Chief Information Security Officer or
Chief Compliance Officer—someone whose sole focus is maintaining the
integrity of your company’s data.

In summary, as recent high-profile breaches such as the ones with Target,
Ralph Lauren, and even Ashley Madison have shown, cybersecurity must be at
the top of mind for any company that stores even the smallest amount of
personal data. The liability that a company may face for a breach can come
from multiple sources. Be sure to implement a data theft plan, and draw on
the expertise of your attorney to cover all bases. A solid plan can not
only help to avoid potential breaches in the first place, but also help in
how your company responds to a threat. Protect your own assets while
protecting those of your customers.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.