In today’s digital world, most Americans leave long electronic trails of private information wherever they go. But too often, that data is compromised. When they shop—whether online or at brick and mortar stores—retailers gain access to their credit card numbers. Medical institutions maintain patient records, which are increasingly electronic. Corporations store copious customer lists and employee Social Security numbers. These types of data frequently get loose. Hackers gain entry to improperly protected networks, thieves steal employee laptops or disgruntled workers pilfer company information. “More and more people are putting their data in electronic form,” says Deirdre Mulligan, the faculty director at the Berkeley Center for Law and Technology. “[This] means the number of instances where we might have a breach is going up.” On the following pages, InsideCounsel takes a look at fallout from some major data breaches, recent legislative and regulatory developments in data privacy law and ways to prevent a data breach before it’s too late. Data Disasters
A “global cyber fraud operation” sounds like something straight out of a James Bond movie. But when cyber crooks recently infiltrated Heartland Payment Systems’ processing system and accessed potentially tens of millions of credit card numbers, company executives learned that type of criminal activity is very real. In January, MasterCard and Visa notified the credit card processing company that suspicious activity occurred during 2008. Heartland launched a forensic investigation with help from the U.S. Secret Service. They found malicious software spying on transactions and recording credit card information as it passed through the processor’s network. While Heartland is still trying to determine how many records were compromised, some speculate this is the largest data breach incident ever. A class action lawsuit filed in New Jersey Jan. 27 seeks to recover the cost of replacing credit cards and reimburse banks for expenses related to any fraudulent activity connected with the breach. Though the Heartland incident is a dramatic example of a data security breach, malicious software placement is just one cause—and not nearly the most common. Only 22 percent of breaches occur as a result of outside hacking, according to a study released in March analyzing breaches by sector. “The categories are virtually limitless,” says Kirk Nahra, a partner at Wiley Rein and chair of its privacy group. “Any company that has information about either customers or employees has to worry. [When I say that,] people stop and think for a second, ‘Well, every company has either customers or employees.’” PDA Problems
Data compromises occur most often through lost or stolen hardware such as laptop computers or PDAs, though many people don’t realize it because those incidents get less attention. “It’s a juicier story if someone was monitoring the wireless network and stealing credit card information,” says Robert Scott, managing partner at Scott & Scott. “Those megastories get big because there are a lot of people affected, and there’s some sort of drama that’s different than just losing a PDA.” The health care industry has the highest percentage of breaches from lost hardware, says Matt Curtin, founder of the Web consulting firm Interhack. Curtin co-authored the recent breach study. “It’s a reflection of the kind of environment they’re working with,” he says, noting the quantity of small devices such as smart phones used in health care. Losing a BlackBerry might not seem like a big legal deal, but without quick action what first appears to be an inconvenience can soon spiral into major litigation. A massive breach hit the Department of Veterans Affairs in 2006 when two teenagers stole a laptop from a VA employee’s home. The data included Social Security numbers, birth dates and spousal information records from 26.5 million veteran and active military personnel. Authorities successfully...
Please join StudyMode to read the full document