|[April 25, 2007]
Scott & Scott LLP Issues Response to Data Security Incident at Neiman Marcus
DALLAS --(Business Wire)-- In response to the discovery of a data security breach by luxury retailer Neiman Marcus, Scott & Scott, LLP (www.scottandscottllp.com), a Dallas-based legal and technology services firm focusing on privacy and network security, reminds businesses that there is no such thing as a completely secure network. Businesses must implement proactive processes and controls to minimize the risks of legal liability and resulting damage to the corporate brand that can be caused by a data security breach.
Although no evidence of misuse of the stolen information has surfaced, security events like the one at Neiman Marcus are prompting consumers to demand that the corporations they do business with take ownership of the inherent responsibility, accountability and liability they assume when they collect customers' and employees' confidential information. Corporations must implement policies and controls to ensure data is safeguarded, financial risks are mitigated, and the corporate reputation is protected.
Every business utilizing electronic data is at risk of a data security breach and should consider the following steps in arming their business against the potential risks.
Recognize All Potential Threats: Individuals employed by a company, whether full-time employees or outside consultants retained for a project, pose one of the largest threats to data security. One-third of all employees steal from their employers, including the theft of corporate information. Employees often have unrestricted access to confidential customer information and easy access to the internet. Transferring data to an outside source, such as an internet e-mail account, is simple even for amateur network predators.
Perhaps even more threatening are employees' inadvertent violations of security policies. An astonishing 75-95% of all corporate e-mail traffic is dangerous. Any employee who opens a personal e-mail at work can potentially download a virus, leaving the network highly vulnerable to data security breaches. Lost or stolen laptops or mobile devices also account for hundreds of thousands of compromised accounts each year.
Minimize Notification Liability With Encryption: To minimize liability, costs, and brand damage associated with a data security breach, Scott & Scott recommends that companies equip every electronic device containing confidential information with desktop security protection, including proper authentication and encryption technology. In addition to safeguarding information, in many states encrypting data eliminates the requirement for companies to alert their customers in the event of a data security breach. Maintaining confidentiality can significantly reduce the risk of potentially catastrophic business and public image implications that are associated with legally required breach notifications.
Implement Crisis Management Controls: Even companies with the most advanced security initiatives in place remain at risk for a security failure. Strategies to protect the enterprise should include proactive steps to review and revise privacy policies, implement stringent security policies and controls, and develop and follow a formal notification and crisis management plan in the event a breach occurs.
Mitigate Financial Risks With Insurance: Scott & Scott strongly recommends companies consider investigating and purchasing insurance coverage for potential corporate security failures to help mitigate the financial risks of a network security breach. Many forward-looking insurance providers have recognized the need for network security insurance coverage and are offering a variety of types, including inside job coverage, service provider coverage, employee claimant coverage, regulatory coverage and third-party handling coverage.
Because nothing is failsafe, even the select businesses that have implemented the most aggressive encryption, firewall and authentication technologies are well advised to consider obtaining data security and privacy insurance to help mitigate the financial risks of a network security breach. Of the estimated 75% of companies that are less prepared, they should strongly consider insurance as a first step to protecting their valuable enterprise.
An expert in privacy and network security, Julie Machal-Fulks represents Scott & Scott's clients on all issues pertaining to network security, software compliance, and audit defense. She has co-authored numerous articles addressing the legal, financial, and regulatory risks associated with network security breaches, including her article entitled "Privacy, Network Security, and the Law," on which she is often asked to present. Julie graduated with honors from Texas A&M - Corpus Christi, earning a B.A. in English. She received her law degree from The University of Houston Law Center, where was a member of the Order of the Barristers and served on the Executive Board of Advocates in 1998, 1999, and 2000. Julie is admitted to practice before all Texas State Courts.
About Scott & Scott LLP
Scott & Scott is a leading national law and technology services firm dedicated to helping senior executives assess and reduce the legal, financial, and regulatory risks associated with information technology issues. An innovative approach to legal services, Scott & Scott believes that collaboration between legal and technology professionals is necessary to solve and defend against the complex problems our clients face, including privacy and network security, IT asset management, software license compliance, and IT transactions. Legal and technology professionals work in tandem to provide full-service representation. By combining these resources, Scott & Scott is better able to serve clients' needs than law firms and technology services firms working independently of one another. Visit us on the web at www.scottandscottllp.com.
[ Back To TMCnet.com's Homepage ]