Employers have long complained about lost productivity because their employees surf the net and check personal e-mail, wasting productivity time and money.

There are now bigger worries computer worries for companies - data security breaches.

Doubled?!

Data breaches have doubled in the last year, costing companies millions of dollars. A study conducted by the Ponemon Institute found the cost of each breach averaged $215. This is 40% more than breaches caused by negligence and 30% more than breaches due to other reasons.

Comparing data to prior years, analysts estimate the situation is only getting worse. Information continues to end up in the wrong hands as employees continuously use e-mail, instant messaging, laptops and blackberries, causing security breaks.

What's a Data Breach?

A breach occurs when an unauthorized person accesses private information, either intentionally or unintentionally. The term usually refers to electronic breaches where data on computers, servers or discs fall into the wrong hands. However, hard copies of data, such as printed materials, can also be seen by the wrong person.

These breaches are a serious security concern for organizations ranging from universities to government intelligence agencies.

Sometimes, a data breach occurs by negligence or mishandling. For example, someone steals information from a laptop lost by an employee. Most companies use passwords and other safety measures to protect themselves from such situations.

Data breaches can also occur on purpose as a result of a deliberate theft by someone who wants to access the information. A breach can range from a minor embarrassment to a national security threat depending on the data stolen.

Typically, data breaches involve stealing personal information to commit identity theft. Others may breach a company’s security system to get access to trade secrets or patents - in other words, corporate espionage.

A larger threat would be if someone tried to log on to classified networks to get national security documents. These documents range from detailed architectural plans of sensitive locations to government codes.

What Happens When There Is a Data Breach?

Most states have laws requiring companies to immediately tell customers in writing about a data breach. In some states such as California, you may be able to sue if your information is compromised.

If you receive a breach notification letter, here are some tips:

  • Find out more information. Call the hotline in the letter and ask exactly what information has been compromised, how long ago, and the steps the company has taken to control damage
  • If just your credit-card number has been exposed, close the account and order a new card
  • If your Social Security number has been exposed. Place a fraud alert on your credit reports with each credit bureau. It’s also smart to check your credit report every few months to make sure no fraudulent accounts have been opened in your name

Personal Data Breaches and Stealing Wi-Fi

Even if you aren't using a work network or notified of a data breach affecting you, you may face other issues relating to technology in your home. There are legal and security issues of your own if you access the internet using your neighbors' or a cafés connection. Some unauthorized users have been sued.

Besides the moral and legal implications of theft, using Wi-Fi legally comes with its own risks. The majority of Wi-Fi data is unencrypted and accessed by anyone. Anyone with a Wi-Fi equipped laptop can download free monitoring programs to show what you're doing on the internet. They could also steal your personal information.

As technology plays an increasing role in our lives, it's important to remember the dangers that come with it. Be aware of the information that you’re giving out and make sure the site and connection is secure.

Famous Data Breaches

There have been many breaches, and the numbers keep growing. Among the most publicized were:

  • In January 2009, Heartland Payment Systems announced it was the victim of a security breach. The intrusion was called the largest criminal breach of card data ever. It affected up to 100 million cards from more than 650 financial service companies
  • In January 2008, GE Money disclosed that a magnetic tape containing 150,000 social security numbers and credit card information from 650,000 retail customers was missing Horizon Blue Cross and Blue Shield of New Jersey disclosed a data breach affecting at least 300,000 members
  • In 2007, TJ Maxx reported that data for 45 million credit and debit accounts was breached
  • In 2007 The Gap disclosed that information for 800,000 job applicants was stolen

Questions for Your Attorney

  • Personal information linked to my child's account with a financial services company may have been breached. The company isn't offering credit monitoring as it does when adults' account information is breached. What can I do?
  • Are there both state and federal laws regulating how companies must safeguard personal information?
  • What are the laws on personal information disposal for old or closed accounts, anything from retail accounts to insurance information? What can I do if these records types lead to identity theft? Who answers for it?

Tagged as: Communications and Media, Privacy Law, internet issues, data breaches, privacy law lawyer