Search Team

Search by Last Name
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Client Alerts

Data Privacy and Security: Litigation on the Rise

May 17, 2012

Client Alerts

Data Privacy and Security: Litigation on the Rise

May 17, 2012

Back to News Listing

 

Data Privacy and Security: Litigation on the Rise
Data Privacy and Security: Litigation on the Rise
The personal records of millions of Americans have been compromised through data security breaches in recent years. This in turn has caused an astronomical rise in identity theft – 8.6 million U.S. households were victimized in 2010.

In response, 47 states have enacted laws requiring that persons be notified promptly whenever someone obtains unauthorized access to sensitive personal information (e.g., Social Security numbers, credit card numbers). These laws apply to any organization – profit or non-profit, irrespective of physical location. Some states require notification within specified time frames; others require notices be sent to credit reporting agencies and state law enforcement officials. Businesses that fail to comply with these laws or have lax data security practices are increasingly being held accountable.

Suits and Penalties
Class action lawsuits are becoming more common. Any time there is a security breach, organizations must consider the risk of litigation and may also become embroiled in contractual disputes with third-party service providers or IT vendors.

Government penalties for non-compliance can also be significant. Virginia permits the attorney general to seek up to $150,000 in civil penalties per violation. Other states set higher limits (a $500,000 cap in Florida; a $750,000 cap in Michigan). In Ohio, an intentional or reckless failure to notify customers for more than 60 days may result in penalties of $5,000 or $10,000 per day.

How to Protect Personal Data
The first line of defense is to identify internal and external data security risks and then take proactive steps to mitigate those risks – before there is a problem. A good data security plan will (1) include procedures for the safe storage and transport of data; (2) limit the amount of data collected and how long it will be retained; (3) limit employee access to data; (4) provide for encryption of data stored on laptops and other portable storage devices; and (5) provide for employee training, compliance, and monitoring. In Massachusetts, a written data security plan is mandatory for any organization that collects personal information on Massachusetts residents (regardless of the company’s location). See http://www.fr.com/data-security-program/.

Our team regularly advises clients on how to (1) manage and secure personal information, (2) respond to data security breaches, and (3) maintain effective data security and privacy policies.

For more information, please contact your Fish & Richardson attorney or:

Ed Lavergne
Principal
Washington, DC
202-626-6359
lavergne@fr.com

© Copyright 2012 Fish & Richardson P.C. These materials may be considered advertising for legal services under the laws and rules of professional conduct of the jurisdictions in which we practice. The material contained in this newsletter has been gathered by the lawyers at Fish & Richardson P.C. for informational purposes only and is not intended to be legal advice. Transmission is not intended to create and receipt does not establish an attorney-client relationship. Legal advice of any nature should be sought from legal counsel. For more information about Fish & Richardson P.C. and our practices, please visit www.fr.com.

 

Stay current with Fish Sign up for our Newsletter