A Continued Increase in Data Breaches Requires Proactive Privacy Compliance

By Antonia Dumas, Associate at XPAN Law Group LLC 

A data breach equates to data security and privacy compliance targets. The easiest way for regulators or authorities to make a business a target for enforcement is a data breach (see our previous blog post about data breaches bringing you in front of regulatory eye).  A breach automatically highlights a business’ security vulnerabilities and potential non-compliance with security and privacy regulations. A business’ reaction and transparency with consumers about a breach also triggers potential violations of law, including data breach notification laws. 

It is more important than ever to prepare for a potential breach now that some states have strengthened Attorney General data privacy enforcement authority and created data subject rights for consumers to file suits against businesses on their own. (See our recent blog post and video regarding Attorney General enforcement). 

Most recently, AG enforcement in California as of July 1st has been a top concern for businesses (see XPAN’s step-by-step CCPA guide). But it is not just the CA that poses increased risk of AG enforcement and/or consumer lawsuits because other states have passed data privacy laws and/or task forces (e.g., Nevada, Maine, etc.) or have data privacy laws in review (e.g., Maryland, Hawaii, etc.). Note, many other states across the country have introduced data privacy laws as well. 

Big Name Breaches in 2020

A side effect of Covid-19 has been the increased vulnerability of companies to data breaches. A higher risk of data breaches has resulted due to the shift of entire workforces transitioning to a remote work environment and an increase of reliance on tools and applications for business operations and video communication (e.g., Zoom).

Here is a list of some breaches of big name companies and brands which have already occurred in 2020: 

Other 2020 Breaches and Ransomware Attacks 

In 2020 and the era of Covid-19 there has been an increased number of breaches as a result of viruses and phishing (including ransomware attacks).  

Here is a list of some other breaches and ransomware attacks that have affected companies of all sizes: 

Data Security and Privacy Proactive Measures 

In this modern day, it appears that a potential data breach or unauthorized disclosure of personal data is a question of when and not if. So, for all businesses it is important to take steps to prepare for a breach and any resulting enforcement measures or lawsuits.

In general, “cyber distancing” (i.e., keeping distance from potential vulnerabilities – suspicious requests, unknown contacts, unsolicited information, etc.) and proactive measures to prepare for a potential breach or unauthorized disclosure of data is key.  

Key Steps To Prepare Yourself For When You Experience a Breach 

Here are some key steps to prepare for a potential breach and enforcement: 

  1. Take steps to be compliance with potentially applicable data security and data privacy regulations. 
  2. Ensuring your employees are trained and maintain security awareness to meet regulatory training requirements (e.g., CCPA training requirements).
  3. Take steps to protect your systems from a breach and prevent unauthorized disclosure of personal data. 
  4. Be prepared to respond and resolve to a data breach (including data breach response and notification plans).
  5. Get ahead of an investigation from a regulatory authority or a consumer (i.e., data subject) action by taking steps to maintaining compliance.

Our team at XPAN is prepared to help your business to prepare for potential breaches and address cyber and privacy liability.  And, remember, luck favors the prepared!

* * * * * *

Nothing contained in this blog should be construed as creating an attorney-client relationship or providing legal advice of any kind.  If you have a legal issue regarding cybersecurity, domestic or international data privacy, or electronic discovery, you should consult a licensed attorney in your jurisdiction.