About us Practices Attorneys Offices News & Publications Careers





DATA SECURITY AND PRIVACY Related Services
Data Security and Privacy

Data theft is growing at a staggering rate.  According to the Identity Theft Resource Center, from 2007 to 2008, reported data breaches increased more than 45%.  Last year, more than 35 million records were breached in publicly reported incidents.  Based on our work in this area for more than a decade, we know that many data breaches are not reported, so available statistics significantly understate the problem. 

 

Organized crime and others target computer systems, gather personal identifying information, and use the stolen identity information to commit fraud.  Debit card data is used to drain bank accounts; other information is used to make fraudulent credit card purchases, open bank accounts, and obtain loans.  Other crimes also are committed using unlawfully obtained personal data. 

 

Data theft criminals originally tended to target health care operations and financial institutions.  As these organizations took steps to protect data, criminals increasingly have targeted businesses.  The Identity Theft Resource Center notes that in 2009, business (36%) accounted for more data breaches than health care operations and financial institutions combined (27%).

 

In response to this exponentially increasing problem, data breach notification laws have been enacted in 46 states, with legislation likely in other states this year.  Federal laws also have been updated to apply to data breach situations.  Many countries in addition to the United States have breach laws.  Frequently, when a data breach takes place, more than one jurisdiction’s data breach laws will apply.

 

Our experience in data security and privacy helps clients make the right decisions.  For more than a decade, we have advised clients on situations generated by computer use, including data breach claims.  Most of the claims with which we have been involved have not received wide public attention, to our clients’ benefit. 

 

Following a data intrusion, quick action is important.  Forensic analysis is needed to learn how the breach happened and what data was accessed.  Steps need to be taken quickly, in a manner that protects privileged and private communications.  Further data intrusion needs to be prevented.  Other steps also must be taken, including:  

 

            1)  communicating with operational, legal and executive leaders about the breach;

            2)  deciding when and how to involve law enforcement;

            3)  crafting notification letters;

            4)  determining the structure and kinds of assistance to provide to potentially impacted individuals; and

            5)  communicating with stakeholders and the press.

 

Decisions made in the heat of the moment following a data breach have a significant impact on litigation outcomes.  Don’t let counsel learn on your case.

   中文事务所简介    Français    Deutsch    日本語    Español    Português