Location Of Theft in AQUA BLUE
URL Of Linked Article In STEEL BLUE or GREEN
Full Content Of Article In BLACK
Theft Description In Body Of Article in RED

Thursday, February 23, 2012


Secure your desktop computers

February 23, 2012
Ann Geyer, Chief Privacy & Information Risk Officer
Computer theft is one of the top three causes of data breach. We recently wrote about how to protect laptops from theft. It's time to focus attention on desktop computer security as well.
Desktop computers that store personally identifiable information that is confidential in nature should be kept in locked locations. If the computer is located in a work cube, then it should have a cable lock. If in an office, then the office should be locked when not occupied. The more data that is stored on the computer, the greater the importance of physical security measures. Secondly, the data itself should be encrypted. Locks and encryption software are cheap compared to the legal costs to defend against data breach lawsuits, the costs of officially notifying individuals, and the disruption to routine operations.

Computer theft leads to claim for $944 million

It used to be that when a thief stole property, the property owner was treated as the victim. Not so any longer based on the recent lawsuit filed against Sutter Health. Last year, Sutter was the victim of a burglary. The thief broke into an administrative office and stole a desktop computer. Unfortunately for Sutter, the computer contained unencrypted medical record data. Complying with the California Breach Notification Law, Sutter notified the affected individuals. The very same day, lawyers filed suit against Sutter in what is now being referred to as a "Zero Day" security breach lawsuit. More than a dozen related legal complaints followed in quick succession.
The initial complaint seeks damages under the California Confidentiality of Medical Information Act. This law includes a provision for statutory damages of $1000 to any individual whose medical information has been breached. The complaint claims that more than 944,000 individual records were maintained on the stolen computer, putting Sutter Health in the position of having to pay out almost a $1 billion in damages. Realistically, the case will likely settle for a much lower amount; nonetheless the potential value of data breach legal cases is rising dramatically.
The California $1000 statutory damage amount has worked its way into the Massachusetts legal system as well. In a recent data breach occurring in the retail industry, the resultant lawsuit cited California's $1000 damage level as setting the benchmark for any breach of personal information. This case is still pending, but if successful may well set a precedent for subsequent breach claims.

No comments: