Tuesday, October 27, 2009

Data Secutiy Laps Costs ChoicePoint $275,000 in Fines

In a further sign that the Federal Trade Commission ("FTC") is increasingly serious about regulation and enforcement of data privacy and data security regulations, ChoicePoint was fined $275,000 for a data breach that exposed the personal information of over 13,000 people.

According to a report by the Atlanta Business Chronical, the data breach occurred as a result of ChoicePoint failing to detect that it had deactivated a key security tool used to monitor access to one of its databases.

See the full Atlanta Business Chronical article: http://atlanta.bizjournals.com/atlanta/stories/2009/10/26/daily1.html

While traditionally regulation of data privacy and data security has been applicable to only key industries such as the financial, medical, and legal industries, more and more new regulations are coming into existence on both state and federal levels to draw in more and more businesses in widely varying industries. It is anticipated that new regulation could soon cover any business which accept credit cards for payment for goods and services, subjecting them to stringent data security requirements.

Given the rapidly changing regulatory landscape, it is becoming increasingly important for businesses of all sizes and types to carefully examine the data they handle and/or retain and come up with effective plans to deal with this data from not only a technology standpoint, but also from a legal and business-decision-making standpoint.

As always, an ounce of prevention....

 If you have questions, comments, or general thoughts on the implications and impact of data security and data privacy on businesses, feel free to chime in!

Friday, October 16, 2009

Data Security and Privacy Issues

It is becoming increasingly clear that data security and privacy-related issues will become a matter of concern for more and more businesses, as the states and federal government alike have begun to pass more and more laws and regulations regarding the handling of their clients' and customers' personal information.

States such as Massachusetts and Nevada are leading the charge by extending their laws and regulations regarding the handling of "personally identifiable information" to companies that handle the information of their citizens, even if the company is not located or  even does business within their borders.

Likewise the Federal Trade Commission is implementing more and more regulations and guidelines which will impact businesses in many different fields, ranging from financial institutions to retail stores, which will place very specific requirements on how companies must handle and protect their customers' data.

Businesses of all sizes need to be aware of these developing regulations and have a full understanding of how they may impact the way companies do business. More to the point, business of all types need to identify what sort of new and perhaps unexpected liabilities may now confront them in this changing, information-driven economy in which we now live.

Now more than ever, an ounce of prevention is worth a pound of cure.

Thursday, October 15, 2009

Georgia Technology Law Institute today

Today is the 24th annual Technology Law Institute, sponsored by the Georgia Bar Association. We are participating in this event to gain new tools to enable our clients to better navigate the myriad of legal implications which our information economy is creating for businesses of all type. We are looking forward to bringing some of these new tools and perspectives to bear to give BC&S' clients one more "leg up" in our current, challenging business environment!