All too often companies, misunderstand their notice obligations and make the mistake of over or under-reporting.
Southlake, Texas (PRWEB) April 25, 2013
Various studies have shown that companies that suffer a data breach lose customers and suffer financial and reputational damage. The headlines are filled with data breach stories ranging from sophisticated malware schemes to simple employee or vendor negligence.
Today’s increasing data breach cases should serve as the impetus for companies to implement data security and incident response planning to secure confidential data from a potential breach.
“Although 100% protection against data breaches is not realistic, companies must implement adequate security measures and incident response plans to protect confidential customer information from a potential breach. Measures such as password protection, password change dates, and data encryption should be on the priority list,” said Robert J. Scott, Managing Partner, of intellectual property and technology law firm, Scott & Scott, LLP.
Data Breaches Cause Major Financial Damage
A recent study by the Economist Intelligence Unit showed that 35% of respondents who had experienced a personal data breach no longer did business with the company involved. In addition, 46% of those affected told people they knew to be careful.
In a Survey on the Business Impact of Data Breach of more than 700 US-based C-level executives, managers, and IT security officers in mid-size to large businesses spanning all industries commissioned by Scott & Scott, LLP and conducted by privacy and information management research firm the Ponemon Institute revealed that many businesses may be discounting the long-term threat to customer retention and corporate reputation.
One of the key findings was that organizations experiencing a data breach incurred costs across the board:
*74% report loss of customers
*59% faced potential litigation
*33% faced potential fines
*32% experienced a decline in share value.
“While every incident is different, it is clear that the cost of data breach incidents is very high”, said Scott.
Establishing Policies in a Multi-Regulatory Environment
In recent years, there has been an explosion in anti-identity theft and privacy and security related legislation at both the state and federal levels. This patchwork of laws makes it very difficult to understand what to do in the event of an incident. Here is a quick check list for determining your legal obligations in the event of an incident:
1. Determine the nature and extent of the data lost
2. Determine whether the data was encrypted
3. Determine the state of residence of potentially affected customers
4. Analyze state and federal law potentially applicable to the facts
5. Develop a strategy for notice
6. Offer credit monitoring and identity theft recovery
“All too often, companies misunderstand their notice obligations and make the mistake of either over or under-reporting", said Scott.
About Scott & Scott, LLP:
Scott & Scott, LLP is an international law and technology services firm dedicated to helping senior executives assess and reduce the legal, financial, and regulatory risks associated with information technology issues. An innovative approach to legal services, Scott & Scott believes that collaboration between legal and technology professionals is necessary to solve and defend against the complex problems our clients face, including privacy and network security, IT asset management, software license compliance, and IT transactions. Legal and technology professionals work in tandem to provide full-service representation. By combining these resources, Scott & Scott is better able to serve clients' needs than law firms and technology services firms working independently of one another. Visit Scott & Scott online at http://www.scottandscottllp.com.