By: Linda L. Goodman
In July, the New York Attorney General issued a tough report to data collectors. The report titled “Information Exposed: Historical Examination of Data Security in New York State,” analyzes the past eight years’ of data breaches by the Attorney General and the impact of those breaches upon New Yorkers. The report states that the number of security breaches reported in New York more than tripled between 2006 and 2013, most occurring between 2011 and 2013.
The report further found that the leading causes of the data breaches were the result of third party hacking, lost or stolen equipment or documentation. Further, the report found that company insiders were involved in at least 10 percent of all breaches. The largest verticals affected were retailers, healthcare providers and their payment systems.
The Attorney General also reported on the financial consequences of the expanded breach issue. The report estimates that in 2013, data breaches cost organizations doing business in New York over $1.37 billion. This figure included damage to individual consumers, investigation and attorney fees to the companies and indirect economic consequences related to consumer and investor confidence.
The New York Attorney recommends the following 5 steps be followed by businesses to protect against data breaches and to mitigate the consequences for the consumer:
- Determine what data your company collects, maintains and stores; then review the steps your company has taken to ensure security.
- Minimize the collection and retention of data – collect and use but store for only the minimum time that is needed and delete any information no longer used or needed.
- Create a comprehensive information security plan that includes encryption of data and limitation of access to the data.
- Develop and Implement a data security plan which includes the training of employees, review of vendors security practices and continuing audits.
- Be sure you have a mitigation plan that will offer services to affected consumers when a data breach arises.
______________________________________________________________________
This article is a publication of The Goodman Law Firm and is intended to provide information on recent legal developments. This article does not create an attorney-client relationship, nor should it be construed as legal advice or an opinion on specific situations. This may constitute “Attorney Advertising” under the Rules of Professional Conduct and under the law of other jurisdictions.
Linda L. Goodman is the founder of The Goodman Law Firm, concentrating its practice in internet business and law. Her firm’s clients include Advertisers, Affiliates, Affiliate Networks, and ISP’s.
© 2014 TGLF, A.P.C.