Data Breach Notification : Technology Law Source

Home > Data Breach Notification >

IMPACT: Measuring the Loss of Brand and Business Reputation after a Data Breach

Posted on November 23, 2011 by Donna Ruscitti

Brand and business reputation suffer following a data breach. A recently released survey puts some numbers to the losses and shows just how much that damage can be, with breach of customer data being the most costly. The study, independently conducted Ponemon Institute LLC and sponsored by Experian® Data Breach Resolution, is believed to be the first study to compare the impact of the loss of confidential customer or employee information and sensitive business information with loss of brand and business reputation.

Tags: Data Breach Notification, Identity Theft, brand, customer information, employer information, personal information, social security number

Porter Wright Information Privacy and Data Security Workshop Series

Posted on January 5, 2011 by Sara Smith

Please join us for this informative series focused on the technical, enforcement, and practical aspects of experiencing and responding to a data security incident. For the complete invitation and details on registration please click here.

IDENTITY THEFT, CORPORATE DATA SECURITY BREACHES AND LAW
ENFORCEMENT: SHOULD I CALL THE COPS?

Learn How to Effectively Utilize Law Enforcement and Private Security Resources to
Protect Yourself and Your Business From Computer Criminals

January 20, 2011
11:30 a.m. - 1:30 p.m. Lunch will be provided
Capital Club - 41 South High Street, 7th Floor
Columbus, Ohio

Focus issues:
Trends in Identity Theft
What Can Lead to a Data Breach
Law Enforcement
Identity Theft Investigations

Tags: Data Breach Notification, Identity Theft, Information Technology, Privacy

HHS Withdrawing Breach Notification Final Rule - Temporarily

Posted on July 30, 2010 by Jeremy Logsdon

The Department of Health and Human Services (HHS) announced yesterday that it was temporarily withdrawing the breach notification final rule from review of the Office of Management and Budget (OMB) to allow HHS further time to consider these regulations. The breach notification rule, among other things, requires covered entities to notify individuals whose protected health information (as defined by HIPAA) has been compromised or breached. HHS's explanation for the withdrawal was that breach notification was "a complex issue and the Administration is committed to ensuring that individuals’ health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur." HHS stated that it intends to publish a final rule in the coming months.

Tags: Data Breach Notification, HIPAA Compliance, Privacy

Data Breach Incidents on the Rise

Posted on June 28, 2010 by Justin Root

This week, the Identity Theft Resource Center released its 2010 data breach statistics report for data breaches through June 22, 2010. According to this weekly report, 2010 has already seen 325 reported data breaches exposing approximately 8.3 million records. Considering that the 2009 report shows 498 reported data breaches for all of last year, it looks like 2010 will see an increase in overall data breaches.

Companies collecting personal information should take proactive measures to avoid data breaches. Proactive measures include maintaining an up-to-date security policy, safeguarding sensitive data, encrypting data, turning on and monitoring system logs, and restricting access to only those who need it. (See our previous post for an example of why security implementations should be kept up to date.)

It is also important to have a preemptive response plan in place to deal with a data breach should one occur. A response plan should include means of investigating the data breach, notifying those whose records or information are potentially affected, addressing legal concerns, addressing public relations concerns, making other required notifications (such as those described here), and ensuring the data breach is not ongoing or recurring.

Tags: Data Breach Notification, Information Technology, Privacy

Security Breach Results in Fine Despite Prior Security Measures

Posted on April 20, 2010 by Justin Root

In January 2008, the Davidson Companies, a financial services holding company, announced that a database containing current and past customer records had been hacked during a SQL injection attack. On April 14, 2010—more than two years after the network intrusion—the Financial Industry Regulatory Authority (FINRA) fined the company $375,000 for the breach.

Tags: Data Breach Notification, Identity Theft, Privacy

Technology Law Source
Porter Wright Morris & Arthur LLP

Cincinnati 250 East Fifth Street
Suite 2200
Cincinnati, OH 45202-5118
Phone: 513-381-4700
Toll Free: 800-582-5813
Fax: 513-421-0991

Cleveland 925 Euclid Avenue
Suite 1700
Cleveland, OH 44115-1483
Phone: 216-443-9000
Toll Free: 800-824-1980
Fax: 216-443-9011

Columbus Huntington Center
41 South High Street
Columbus, OH 43215-6194
Phone: 614-227-2000
Toll Free: 800-533-2794
Fax: 614-227-2100

Dayton One Dayton Centre
Suite 1600
One South Main Street
Dayton, OH 45402-2028
Phone: 937-449-6810
Toll Free: 800-533-4434
Fax: 937-449-6820

Naples 9132 Strada Place
Third Floor
Naples, FL 34108-2683
Phone: 239-593-2900
Toll Free: 800-876-7962
Fax: 239-593-2990

Washington, D.C. 1919 Pennsylvania Avenue
NW, Suite 500
Washington, DC 20006-3434
Phone: 202-778-3000
Toll Free: 800-456-7962
Fax: 202-778-3063

Porter Wright Morris & Arthur LLP offers this blog for general informational purposes only. The content of this blog is not intended as legal advice for any purpose, and you should not consider it as such advice or as a legal opinion on any matters. The information provided herein is subject to change without notice, and you may not rely upon any such information with regard to a particular matter or set of facts. Further, the use of the blog does not create, and is not intended to create, any attorney-client relationship between you and Porter Wright Morris & Arthur LLP or any individual lawyer in the firm. No such relationship will be considered to have been formed until we have had an opportunity to resolve any conflict of interest issues and have advised you, in writing, of the nature and scope of the legal services to be provided. Unless we establish an attorney-client relationship with you with regard to the particular matter, we will not treat any information that you may send to us, or submit as a comment to a blog article or entry, as confidential or privileged, and any unsolicited communications may be disclosed to other persons without regard to confidentiality considerations. Use of the blog is at your own risk, and the site is provided without warranty of any kind. We make no warranties of any kind regarding the accuracy or completeness of any information on this blog, and we make no representations regarding whether such information is reliable, up-to-date, or applicable to any particular situation. Porter Wright Morris & Arthur LLP expressly disclaims all liability for actions taken or not taken based on any or all of the contents of this blog, or for any damages resulting from your viewing and use of this blog.

LexBlog Lawyer Blogs and Law Firm Blog Design

Technology Law Source : Technology Lawyers & Attorneys for Patents, Trademarks & Copyright Issues in Ohio, Washington DC, Florida

Published By
Porter Wright

Mapping the evolving legal landscape

IMPACT: Measuring the Loss of Brand and Business Reputation after a Data Breach

Porter Wright Information Privacy and Data Security Workshop Series

HHS Withdrawing Breach Notification Final Rule - Temporarily

Data Breach Incidents on the Rise

Security Breach Results in Fine Despite Prior Security Measures