A commercial litigator and member of the privacy and data security group of Osborn Maledon, William Furnish discusses trends and projections from 2018 and the the 2019 regulatory landscape.
There is no perfect security system and data breaches are inevitable. Businesses are under increasing pressure from a patchwork of laws that impose inconsistent requirements on how data is handled and when and how to report data breaches to regulators and consumers. Failure to comply can result in stiff fines, agency investigations and private lawsuits.
Trends and projections from 2018
- Hundreds of millions of consumers had personal data compromised in data breaches over the last 18 months, including breaches of Equifax, Google+, Facebook, Starwood Group and Exactis. The Starwood Group breach alone impacted an estimated 500 million customers.
- Business partners are also a vulnerability as demonstrated by allegations Super Micro Computer, Inc. had supplied compromised motherboards to numerous U.S. companies. Symantec noted that that there was a 78% increase in supply chain attacks in 2018, which demonstrates the need to evaluate risk across the supply chain.
The 2019 regulatory landscape
Arizona enacted a comprehensive data breach notification law that is triggered by an incident involving “unencrypted and unredacted” information. It requires prompt investigation and notification within 45 days of the incident, including notification to regulators as well as affected individuals, unless an independent audit determines there is no substantial economic loss. There are penalties: “knowing and willful” violations of the data breach reporting requirements may result in fines of up to $500,000.
However, Congress has only begun exploring a comprehensive set of national regulations governing data privacy. At the federal level, cybersecurity is nominally centralized in the newly-created Cybersecurity and Infrastructure Security Agency with other federal agencies, including the FTC and SEC, also having limited oversight into some cybersecurity. As a result, state governments continue to drive the debate and enactment of cybersecurity legislation.
To read the article in its entirety published in the Phoenix Business Journal, visit online here.
William Furnish is an associate in the firm’s litigation practice group, focusing on professional liability, complex commercial litigation, and privacy and data security matters. William has a track record of success representing clients in both state and federal court, arbitration, mediation and administrative proceedings. Contact him at 602-640-9341, wfurnish@omlaw.com.