Security breaches can often lead to costly lawsuits and other legal headaches, just ask Sony Corp. The company suffered two serious data breaches last summer and is still dealing with the legal and public relations fallout.
Sony’s security breach was ultimately the second-largest online data breach in U.S. history, and could ultimately cost the company close to a billion dollars. Following the breaches, the company faced government scrutiny as well as customer class action lawsuits.
Customers contended that Sony knew it was at increased risk of attack because it had experienced prior, smaller breaches. The lawsuits further alleged that while Sony devoted time and money to protecting its own sensitive information, it failed to do the same for customer data.
As Sony has discovered, a security breach can have dire consequences on a company’s reputation and bottom line. With this in mind, New York and New Jersey businesses should closely evaluate how they share and store sensitive customer information. It is important to have adequate protections in place to prevent a breach as well as a plan of action should data still be compromised.
Below are several proactive steps your New York or New Jersey business can take to address the business and legal risks of a customer data breach:
- Evaluate what customer data you store in your files and on your computer systems, including local and remote servers. Monitor how this information travels into, through, and out of your business.
- Determine who should have access to sensitive customer data and limit access to only those essential personnel.
- Regularly purge sensitive information, keeping only what you need for your business. Having less information to track and store can ease the burden of data management.
- Dispose of customer data properly. Any documents that contain customer data should be shredded or otherwise destroyed so an identity thief cannot later use them.
- Enact robust security controls. This should involve physical security as well as electronic security. For instance, customer data should be kept in locked cabinets, computers should be equipped with firewalls, and databases should be password protected.
- Make sure everyone is on the same page. It is important to also make security a priority for employees, consultants, and outside vendors.
- Have a plan in place to respond to data breaches before they occur. Careful planning may help reduce the impact these incidents can have on your business and your customers. The strategy should include designating a response team to manage the breach and determining the notification process for customers, business partners, and government bodies.
Finally, if your New York or New Jersey business is concerned about its legal obligations in the event of a data breach, it is imperative to contact an experienced business attorney.