Don’t be the next Target
Don’t be the next Target
OK, that last paragraph sounded like it’s just another pitch for work here at our office. But, there’s a real reason for it. As reported by the Wall Street Journal on March 31, 2013, the importance of outside counsel in these situations is huge.
If, for example, a hacked company sent an e-mail to their outside security firm when the hack was discovered and said “Help! Joe’s cell phone was stolen yesterday. It wasn’t encrypted, and now we’ve been hacked!” that e-mail would be discoverable in the subsequent litigation with customers. If, however, that same e-mail went to outside counsel, who then contacted the outside security company, that communication would be protected by attorney/client privilege. This is a subtle but potentially costly difference.
Other steps to take include: (1) make sure that your users have encrypted units and use double authentication; (2) discourage the use of free hotspots; and (3) educate your users on phishing and similar types of attacks. You also need to remember that you have to be worried about your entire supply chain. Do you use the cloud? All of these are areas of potential hacks and loss.
In closing, here are some miscellaneous items of note:
· When a business is destroying records that contain PII, it must take reasonable steps to protect against unauthorized access to or use of the PII, and such destruction must be conducted in such a manner so that PII “cannot practically be read or reconstructed.”
· If a business uses a non-affiliated third party to perform services and discloses personal information to the third party, the contract must require the third party to implement and maintain reasonable security procedures.
· Regarding liability, actual harm to consumers is not required under some statutes.
We will be discussing these and other cyber threat issues during a pair of sessions at the IWCE trade show, which will be conducted during the last full week of March in Las Vegas. We hope to see you there!
Alan Tilles is a partner at Shulman Rogers and counsel to hundreds of entities in the wireless industry. E-mail: [email protected] Twitter: @landmobilelaw