Hellish Hack

July 1, 2011 – In The News
Inside Counsel
When headlines announced that more than 77 million Sony user accounts were hacked into, customers, companies and the government began to worry. The growing number of data breaches has spurred companies to reevaluate their corporate data security efforts and put emphasis on risk assessment. By building effective defense systems, companies can locate vulnerable data and detect unusual activity before its too late.

The recent high-profile breaches have also spurred government concern about the safety of sensitive consumer information and has representatives pushing for better security standards.

"When Obama's administration came in, they made a pledge that data responsibility and data security was going to be a top priority. Then we had a little problem with the economy, and that got sidelined," said Mark McCreary.

But despite the slow approach, the efforts by the White House to address data security seem to be returning.

Standardized security would also make it easier for companies to report breaches. As of now, reporting laws vary across the country.

"If I have a data breach and I have information from people from 30 different states, there are 30 different laws I have to look at, and they conflict with each other," McCreary said.

"I've seen a few cases where people start putting out notices only to find out later on that they were able to confirm that there was no data breach."

A statement too soon or too late could cost a company its reputation and cause consumers to distrust the brand--proving the costs of data breaches stretch beyond the price of lawsuits.

Companies should also remember that those wishing to sue must establish true damages in order to have a case.

"The overwhelming majority of decisions say there has to be clear and present harm as a result of a breach," said McCreary. "In other words, you must prove that your identity was stolen, not that you just have a fear that it could be stolen in the future."