In a further sign that the Federal Trade Commission ("FTC") is increasingly serious about regulation and enforcement of data privacy and data security regulations, ChoicePoint was fined $275,000 for a data breach that exposed the personal information of over 13,000 people.
According to a report by the Atlanta Business Chronical, the data breach occurred as a result of ChoicePoint failing to detect that it had deactivated a key security tool used to monitor access to one of its databases.
See the full Atlanta Business Chronical article: http://atlanta.bizjournals.com/atlanta/stories/2009/10/26/daily1.html
While traditionally regulation of data privacy and data security has been applicable to only key industries such as the financial, medical, and legal industries, more and more new regulations are coming into existence on both state and federal levels to draw in more and more businesses in widely varying industries. It is anticipated that new regulation could soon cover any business which accept credit cards for payment for goods and services, subjecting them to stringent data security requirements.
Given the rapidly changing regulatory landscape, it is becoming increasingly important for businesses of all sizes and types to carefully examine the data they handle and/or retain and come up with effective plans to deal with this data from not only a technology standpoint, but also from a legal and business-decision-making standpoint.
As always, an ounce of prevention....
If you have questions, comments, or general thoughts on the implications and impact of data security and data privacy on businesses, feel free to chime in!