Pending litigation highlights consumer demand for more stringent enforcement of privacy and network security policies; reiterates need for corporate risk mitigation strategies.
DALLAS-LAWFUEL – Law News Network -In response to a recent class action lawsuit filed against discount retail giant TJX, Scott & Scott, LLP (www.scottandscottllp.com), a Dallas-based legal and technology services firm specializing in privacy and network security, reminds businesses that there is no such thing as a completely secure network. Businesses must implement proactive processes and controls to minimize the risks of legal liability and resulting damage to the corporate brand that can be caused by a data security breach.
With compromised accounts estimated to reach into the millions, the suit accuses TJX Companies, Inc. of negligence for failing to maintain proper data security and for withholding announcement of the breach discovery for one month.
With security events like the one at TJX on the rise, consumers are demanding corporations take ownership of the inherent responsibility, accountability and liability they assume when they collect customers’ confidential information. Corporations must implement policies and controls beyond standard compliance regulations, such as those issued by the Payment Card Industry, to ensure data is safeguarded, financial risks are mitigated, and the corporate reputation is protected.
Every business utilizing electronic data is at risk of a data security breach and should consider the following steps in arming their business against the potential risks.
Recognize All Potential Threats: Employees pose one of the largest threats to data security. One-third of all employees steal from their employers, including the theft of corporate information. Employees often have unrestricted access to confidential customer information and easy access to the internet. Transferring data to an outside source, such as an internet e-mail account, is simple even for amateur network predators.
Perhaps even more threatening are employees’ inadvertent violations of security policies. An astonishing 75-95% of all corporate e-mail traffic is dangerous. Any employee who opens a personal e-mail at work can potentially download a virus, leaving the network highly vulnerable to data security breaches. Lost or stolen laptops or mobile devices also account for hundreds of thousands of compromised accounts each year.
Minimize Notification Liability With Encryption: To minimize liability, costs, and brand damage associated with a data security breach, Scott & Scott recommends that companies equip every electronic device containing confidential information with desktop security protection, including proper authentication and encryption technology. In addition to safeguarding information, in many states encrypting data eliminates the requirement for companies to alert their customers in the event of a data security breach. Maintaining confidentiality can significantly reduce the risk of potentially catastrophic business and public image implications that are associated with legally required breach notifications.
Implement Crisis Management Controls: Even companies with the most advanced security initiatives in place remain at risk for a security failure. Strategies to protect the enterprise should include proactive steps to review and revise privacy policies, implement stringent security policies and controls, and develop and follow a formal notification and crisis management plan in the event a breach occurs.
Mitigate Financial Risks With Insurance: Scott & Scott strongly recommends companies consider investigating and purchasing insurance coverage for potential corporate security failures to help mitigate the financial risks of a network security breach. Many forward-looking insurance providers have recognized the need for network security insurance coverage and are offering a variety of types, including inside job coverage, service provider coverage, employee claimant coverage, regulatory coverage and third-party handling coverage.
Because nothing is failsafe, even the select businesses that have implemented the most aggressive encryption, firewall and authentication technologies are well advised to consider obtaining data security and privacy insurance to help mitigate the financial risks of a network security breach. Of the estimated 75% of companies that are less prepared, they should strongly consider insurance as a first step to protecting their valuable enterprise.
An expert in privacy and network security, Julie Machal-Fulks vigorously represents Scott & Scott’s clients on all issues pertaining to network security, software compliance, and audit defense. She has co-authored numerous articles addressing the legal, financial, and regulatory risks associated with network security breaches, including her article entitled “Privacy, Network Security, and the Law,” on which she is often asked to present. Julie graduated with honors from Texas A&M – Corpus Christi, earning a B.A. in English. She received her law degree from The University of Houston Law Center, where was a member of the Order of the Barristers and served on the Executive Board of Advocates in 1998, 1999, and 2000. Julie is admitted to practice before all Texas State Courts.
About Scott & Scott LLP
Scott & Scott is a leading national law and technology services firm dedicated to helping senior executives assess and reduce the legal, financial, and regulatory risks associated with information technology issues. An innovative approach to legal services, Scott & Scott believes that collaboration between legal and technology professionals is necessary to solve and defend against the complex problems our clients face, including privacy and network security, IT asset management, software license compliance, and IT transactions. Legal and technology professionals work in tandem to provide full-service representation. By combining these resources, Scott & Scott is better able to serve clients’ needs than law firms and technology services firms working independently of one another. Visit us on the web at www.scottandscottllp.com.