  |
 |
|
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: | ||
 |
|
A DATA BREACH DOESN'T HAVE TO BE A DEATH SENTENCE FOR BUSINESSSource: Washington Business JournalPosted on October 15, 2010 In today's high-tech era, data breaches have become increasingly more common, and increasingly costly, with the average breach costing more than $200 per compromised record, according to estimates by the Ponemon Institute. These estimates do not take into account the increasing possibility that a company that experiences a breach could become a target of an investigation by law enforcement, including state attorneys general, incurring additional costs and harm to the company's reputation that can accompany such investigation. Attorneys general have become increasingly aggressive in enforcing their states' data breach notification and data privacy laws, and they are using those laws to justify investigations into how those data breaches occurred. The attorneys general in D.C., Maryland and Virginia are no exception, and they have acted both independently, and with their brethren in other states, to punish businesses they believe have been lax in data security matters. For example, last year 42 attorneys general, including Peter Nickles in D.C. and Doug Gansler in Maryland, joined together in a $12.25 million settlement with TJX as a result of a massive data breach that exposed more than 94 million transaction records. In 2007, Nickles, Gansler and then-Virginia Attorney General Bob McDonnell joined 41 other attorneys general in a settlement with ChoicePoint that required the company to make significant ongoing changes to its business. Given such actions by attorneys general, all businesses, even those with only a local presence, need to be aware of their obligations under state data breach notification and data privacy laws to ensure they do not incur the significant costs and reputational harm that could result from running afoul of such laws. Most states, including D.C., Maryland and Virginia, have adopted laws that impose information security and notice requirements over personal information. All of these laws require notices to be sent to people whose personal information has been exposed, but they vary on the type of information covered. For example, Maryland and Virginia both require notification to individuals if their name and an additional piece of personal information, such as a credit card number and accompanying security code, has been exposed, while D.C. requires notification if a name, address or phone number, in conjunction with an additional piece of information, has been exposed.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
|
ALERT  WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |