Data Security: The Time Is Now

• Posted by Geoffrey G. Gussis on August 2nd, 2005


• Filed in IT/Software/Internet, Risk Management & Compliance

A recent article by Morrison and Foerster LLP highlights why companies should be paying close attention to data security issues:

"*At least 13 states have passed new laws that require businesses to notify customers when personal information is compromised, and at least 22 other states are considering such laws. Several bills are pending in Congress that would impose similar duties on a nationwide basis.

* New Federal Trade Commission ("FTC") rules on proper disposal of customer information took effect on June 1, 2005. The FTC wants to prove that it is serious about enforcing those rules. One or more unfortunate companies will help the FTC prove its point.

* In a complaint against BJ’s Wholesale Club, Inc., the FTC for the first time brought a data security enforcement action against a company that had not promised to protect customers’ information. This action, and a lawsuit by the Ohio Attorney General against DSW, Inc., open an era in which companies that say nothing about their data security are as vulnerable as those that do.

* The media have discovered data insecurity with a vengeance. On
June 15, The Wall Street Journal reported that losses of information,
once publicized, reduce the stock prices of the affected companies for
an appreciable time. On June 30, The Washington Post called for
stricter enforcement of information security laws. On July 4, Newsweek
put "The Scary New World of Identity Theft" on its cover. These print
media reports have been supplemented by innumerable "ID theft" features
on local and network television.

* Spectacular and well-publicized data security incidents have
kept the issue in the spotlight. ChoicePoint and other companies have
suffered data breach incidents that potentially affect tens of millions
of customers. At least 50 such incidents are known to have occurred
since February of this year, with as many as 50 million consumers
compromised.

* On July 5, 2005, an amended class action complaint was filed
against CardSystems Solutions, Inc., Merrick Bank Corporation, VISA and
MasterCard for alleged violations of law in connection with the
compromise of the account information of approximately 40 million
credit card holders. If successful, this action will encourage the
filing of similar suits against any company that suffers a loss of
customers’ personal information.

* The FTC has asked Congress for new, tougher laws to punish
companies that lose customer information. The Congress that returns
from the summer recess will have read the press and heard from their
constituents, and they will be inclined to give the FTC what it wants."   

Consider forwarding this link to your CIO and MIS departments.  Link: Morrison
& Foerster LLP - United States - Data Security: The Time Is Now
(19/07/2005) from Mondaq (free registration required).