Data Security, Privacy and Cybercrimes
Turn the tables on cyber risks with smart prevention tactics, effective defenses and swift responses.
To keep pace with the rate of change associated with the digital world, you need out-of-the-box thinking that results in creative solutions.
The concept of privacy has been recognized in the law since the late-1800s, but make no mistake about it – in the last 10 years few areas of the law have evolved so rapidly and drastically.
Today, businesses face significant challenges in protecting personal information and other sensitive data from the wrong hands. Data breaches are now an unfortunate reality for any business that collects, stores, or uses sensitive information, not just mega corporations like Target, Sony, and Home Depot. The question has become not if a data breach will occur, but when.
The potential impacts of privacy and security breaches, whether done electronically or the old-fashioned way, are far reaching. Business interruptions – including the time and hassle incurred to investigate and deal with a breach, and the lost use of information and systems – are inevitable and unavoidable. So, too, are the losses: lost customers, lost reputation, lost goodwill, lost customer confidence. The total costs of a data breach, estimated at more than $200 per compromised record, can be crippling. Additionally, regulatory enforcement actions and lawsuits could be waiting in the wings.
The Front End: Getting Ahead of the Game
The best way to deal with the problems posed by a data breach is not to have one. But 100% prevention is an unrealistic goal, especially given the prevalence (and, in many cases, sophistication) of potential wrongdoers, the wide and ever-growing variety of exploits, and the sheer volumes of data managed by today’s businesses. For that reason, tackling data breaches from the “front end” – through thoughtful preparation before a breach even occurs – is critical.
DRM can work with your business on all aspects of the preparation, including helping you to:
- identify and set up internal and external data security teams;
- assess potential risks through auditing of data usage and practices;
- gauge compliance with applicable statutory and regulatory privacy requirements, such as those under HIPAA;
- develop security plans and procedures;
- review agreements with third-party vendors who have access to data;
- analyze insurance coverage and related issues.
The Back End: Dealing with Potential Disaster
Even with good preparation and practices, data breaches can still occur. If a breach does happen, it is critical for a business to act quickly to mobilize its data security teams; identify, contain, and investigate the breach; timely notify all applicable parties about the breach where required; repair and minimize damage; respond to any regulatory and legal actions; address critical public relations matters; and place insurance carriers on notice.
As a member of your data security team, DRM can help your business manage these challenges, weather the storm, and get back to business-as-usual.
Legal Ingenuity in Cyberspace
Our team – which includes both legal and IT professionals – is equipped to counsel clients in preventative areas such as identifying their privacy and security risks, as well as the controls they have in place to manage these risks. We can also assist clients in taking appropriate actions in the unfortunate event of a breach, and in responding to claims of alleged injury by affected parties.
We have handled a number of cases involving federal and state computer crime laws. In some instances merely accessing a computer without permission can create a violation. Other, more serious cases concern the theft or deletion of data. Most often these cases arise in the employer-employee context, but they can just as easily happen between businesses and their customers or their competitors.
Downs Rachlin's Privacy, Data and Cybercrimes Litigation Team has been on the leading edge of the legal landscape changes that have occurred over the past decade. Here are some examples:
- Obtained a favorable settlement for high-tech software firm against a former employee who accessed the company’s software control system despite no longer being employed there.
- Advised an auto dealership in a situation where a customer loan file appeared to have gone missing.
- Represented a business in a lawsuit against former employees who accessed the company’s computers, downloaded and deleted various files, installed spyware, and intercepted electronic communications.
- Counseled an individual who was the subject of a slew of on-line blog postings discussing sensitive private information.
- Assisted a large construction company in pursuing claims against a former project manager-turned-competitor who copied and deleted files from his company laptops.
- Successfully obtained a DMCA “take-down” of a website that disparaged the website of a campground.
- Counseled a leading website development company regarding a former employee who accessed the company’s computer system, deleted valuable data, and created unauthorized web links.
- Delivered numerous presentations and articles on issues involving privacy, data security, and cybercrimes.