The Legal Implications of Data Loss: Real-World Examples and Solutions

A data breach/loss can cover a variety of areas:

  • Personal information
  • Trade secrets
  • Financial information
  • Intellectual property

To name a few.

Data loss has always been around in one form or another but it hit a real, critical mass when information began being shared across the Web. The 80’s and 90’s had their share of high-profile data breaches but recent cyber-attacks and espionage have them pale in comparison.

Data loss happens for a number of reasons:

  • Malicious attacks (personal vendettas or political)
  • Internal disruption (i.e. irate employees)
  • Outdated policies (accidental backups/erasures)
  • Weak security systems (allowing intrusive individuals)

Data breaches happen on a near daily basis; most of which happen on the small scale but sometimes there are major incidents. These smaller incidents can often be quickly handled with remote data recovery to fix broken systems or updating policies and having users change personal login information for good measure.

The major incidents happen to large corporations – many of which we tend to use in our daily lives; these are the incidents where penalties come into play and public outcry reaches a feverous pitch.

Some of the high-profile data breaches include:

  • The Sony Playstation Network which resulted in a breach which exposed 77 million user profiles (potential names, addresses, and credit cards). The hack was massive and met with anger due to the slow response from Sony.
  • The Target breach which exposed nearly 40 million debit and credit cards between Nov 27th and Dec 15th, 2013. Target was struck with a class action lawsuit and force to pay $10mil to affected individuals.
  • The JP Morgan Chase incident exposed personal information (name, addresses, phone, and email) of roughly 76 million records. The attack was as recent as 2014 so it’s still a wonder what will happen to this information.
  • The recent Myspace hack leaked profile information of over 360 million users. The information came during the transitionary period but it’s possible that these user names and passwords are used on different platforms which makes it significant even if Myspace has lost its popularity.

The history of data breaches keep piling up – fairly interesting but also terrifying.

The punishment for companies tend to be rather paltry despite what seems like terrible incidents of data loss:

  • HSBC lost 180,000 client details on finances and were expect to pay £4.5mil
  • Sony reportedly had to pay employees roughly $10,000 a person for identity theft losses
  • Anthem is still processing but has offered 2 years of credit monitoring to those affected
  • TJX was slapped with a $139 million+ lawsuit (fair in this case considering the massive scale)

All of this begs the question: What could one do to protect user information?

When we’re talking about large corporations it can be tricky because we’re talking about enterprise level cyber security. There are teams of individuals keeping information safe though, as noted, there are the occasional cracks. For the average person, however, a basic mix of precautions tend to deter most intrusive individuals.

These basic precautions for cyber security may include:

  • Keeping your antivirus up-to-date and running at regular intervals
  • Using a software firewall (bonus if you also use hardware firewalls)
  • Being vigilant about what files are downloaded to your system
  • Staying aware of common phishing/social engineering techniques and accidental data leaks
  • Rotating passwords on a regular basis
  • Not putting too much information out there to be found

Even a small business that experiences a data breach can be brought to its knees due to legal actions and the loss of customer trust. Try to learn from the large corporations as to how they approach the severity of cyber security and apply that to your business and personal life – you can never be too careful when you’re using the Web.