No doubt, you’ve seen the big headlines. Cybercriminals stole credit card information of over 100M Target customers in 2013. Between 500M and 1B Yahoo user accounts compromised in 2013 and 2014. Over 69 million Anthem health insurance records compromised in 2015. Over 143M Equifax accounts compromised in 2017. Whether these stats are totally accurate or not, these headlines are damaging. And, the problem is not isolated to largest companies. Unfortunately, no industry or company size is immune.
According to 2016 Risk Based Security report, there were over 4,000 breaches compromising over 4.2B records. Those are reported incident that suggest the number may actually be much higher. As the frequency of data breaches continues to grow, increased legislative and regulatory action has followed. While privacy laws are struggling to keep up, regulators appear to be focused on pressuring companies to safeguard their data or otherwise face fines, government audits, and potentially criminal liability.
Developing a risk management strategy for cybersecurity and data privacy is no longer an option. Nexio Law Firm has developed a highly effective approach to help businesses of all sizes, focus on three critical and interrelated components:
It all starts with an understanding of baseline cybersecurity and data privacy statutes, but the ongoing challenge is these statutes are continuously evolving. For example, California’s data breach notification statute (Cal. Civ. Code §§ 1798.29(a) and 1798.82(a)) was augmented in 2016 requiring expanded information to be provided in the event of a data breach. Adding to the complexity are data breaches that usually impact user data from several states, requiring one to not only comply with California law, but also comply with multiple jurisdictions. In addition, bills and resolutions are constantly being proposed (over 240 in 2017 alone) which impacts the overall regulatory landscape.
After a baseline of regulations is identified as applicable to your business, an assessment is conducted to isolate where the breach may have occurred, followed by methodology development for uncovering other potential weaknesses. Significant coordination is required between legal and IT teams to employ measures that meet industry standards and this is followed by user training.
Depending on the severity of the problem and importance of information potentially breached, supplemental planning of future progression of architecting systems, software, verification of security systems, and a periodic review of evolutions in the law may all be required.
Our practice is comprised of lawyers who specialize in litigation, corporate, intellectual property, enforcement, employment, and commercial law. Our team is deeply invested in your success at establishing baseline systems to assist with the prevention of data breeches and regulatory compliance in the unfortunate event one ever occurs.
The attorneys at Nexio Law Firm are committed to helping our clients achieve their objectives. We can be reached at (949) 478-6830 or complete the contact form and we’ll be in touch soon.