Businesses Fail to Guard Against and Respond to Data Security Breaches at their Peril
CALL: 800-596-6176
HOME CONTACT US SITE MAP

Recent

Posts
Subscribe to this blog
RSS Feed

Privacy & Security Blog
Businesses Fail to Guard Against and Respond to Data Security Breaches at their Peril

Julie_Machal_FulksA complaint filed in the U.S. District Court for the Eastern District of Missouri is a reminder of the importance of implementing a thorough system of procedures and protocols regarding data security and responses to security breaches.

Pharmacy benefits manager Express Scripts is facing a class-action lawsuit filed by an Express Scripts member who alleges that the company failed to use effective measures to protect the secrecy of its members’ confidential information and that it also failed to give reasonable notice of a security breach potentially affecting millions of those members. The complaint alleges that Express Scripts received an extortion demand in October 2008 indicating that an unauthorized third party had gained access to members’ personal data and that some individual members also had received similar threats. The complaint further alleges that Express Scripts failed, in the months following the breach, to send any notifications to its members other than vague statements posted on its website in November.

Currently, businesses with nation-wide operations face a patchwork quilt of federal and state laws regarding both steps required to safeguard personal data as well as steps to be taken in the event of a breach. With regard specifically to post-breach notifications, 44 states, the District of Columbia, Puerto Rico and the Virgin Islands all have enacted their own legislation requiring notification of security breaches involving personal information. Therefore, for large enterprises such as Express Scripts, which is also  subject to complex federal rules such as HIPAA, data security planning can be a daunting undertaking.

However, businesses choosing or needing to retain potentially sensitive customer information nevertheless must make appropriate plans. The alternative, as Express Scripts may learn, entails negative publicity as a result of the initial breach, compounded by negative publicity as a result of an inadequate response. That kind of reputational damage can be difficult and costly to repair, especially if or when attorney’s fees and civil damages enter the equation.

All businesses, large and small, that handle confidential customer information must consult with knowledgeable counsel to ensure that they are protecting against and prepared for data security breaches.

Posted by Marketing Department at 07/27/2009 04:35:18 PM | 

Other

Blogs

Upcoming

Events
Attorney Advertising Notice