Liisa Thomas, chair of Winston’s Privacy and Data Security Practice, spoke at the U.S. Chamber of Commerce’s Institute for Legal Reform’s 16th Annuual Legal Reform Summit in Washington, D.C. recently on the topic of data privacy liability. Liisa presented a report, created by herself, and Associates Robert Newman and Alessandra Swanson: “A Perilous Patchwork: Data Privacy and Civil Liability in the Era of the Data Breach.” This is a topic we’ve been speaking on at length here at InTelligence, examining the growing complexities of compliance and liabilities in an era of multiple regulators as well as State / National and Global laws.
Compliance is a moving target for organizations today. Not only do we have State and National laws constantly in flux, but organizations must pay attention to industry regulators and regulations (HIPAA, SEC, the GrahamLeach-Bliley Act) in terms of compliance. Given the global nature of many organizations, laws such as the EU GDPR even have their impact on US organizations. Post-breach, the potential litigation net is even wider, with investigations and potential fines coming from the FTC, industry regulators, state attorney generals and the class action bar.
The Bett Asia Leadership Summit is a Microsoft-partnered event which brings innovative products, services, and insights to the Asia Pacific education community. At this year’s summit, you will be able to connect with Absolute in a few different ways.
Sign up for this webcast and learn how successful organizations extend their risk management and compliance programs beyond regulatory requirements to what actually matters to the business.
“We trust our employees, that’s why we don’t… “ restrict their access / secure their personal devices / restrict the movement of data. Trust is an interesting thing, when it comes to data security. Can you rely on trust alone? The answer is no, and not because employees can’t be trusted (though sometimes malicious intent does compromise data), but most often because employees make mistakes.
Information security incidents continue to spike; there has been a 38% increase in detected information security incidents in the past year. Attacks on mobile devices went up to 36% of incidents, up from 24% just a year prior; the result is more adept assaults, combined with new risks to data introduced by the digitization of business functions, mobility, the cloud and greater user of data analytics. We are seeing a realization that combating these threats is about more than just technology, but rather an approach that requires organizations to rethink their approach to information security from the top-down.
Data is the lifeblood of today’s digital businesses. Protecting it from theft, misuse, and abuse is the top responsibility of every S&R leader. Hacked customer data can erase millions in profits, stolen intellectual property, can erase competitive advantage, and unnecessary privacy abuses can bring unwanted scrutiny and fines from regulators while inflicting reputational damage.
In December of 2009, two laptops containing sensitive information were stolen from the health insurance provider AvMed’s corporate headquarters, leading to a breach of 1.2 million customer records. Though this breach happened some years ago, AvMed suffered significant financial, reputational, and organizational hardship for years afterwards. What’s more, the subsequent class-action suit has set a new legal precedent for monetary reimbursements for breach victims.