New York Attorney General Report Shows The Number Of Data Breaches Is On The Rise And Recommends Steps To Take For Protecting Against Them

B
BakerHostetler

Contributor

BakerHostetler logo
Recognized as one of the top firms for client service, BakerHostetler is a leading national law firm that helps clients around the world address their most complex and critical business and regulatory issues. With five core national practice groups — Business, Labor and Employment, Intellectual Property, Litigation, and Tax — the firm has more than 970 lawyers located in 14 offices coast to coast. BakerHostetler is widely regarded as having one of the country’s top 10 tax practices, a nationally recognized litigation practice, an award-winning data privacy practice and an industry-leading business practice. The firm is also recognized internationally for its groundbreaking work recovering more than $13 billion in the Madoff Recovery Initiative, representing the SIPA Trustee for the liquidation of Bernard L. Madoff Investment Securities LLC. Visit bakerlaw.com
On July 15, 2014, the New York Attorney General issued a report examining the growing number and costs of data breaches in the state of New York.
United States Privacy

On July 15, 2014, the New York Attorney General issued a report examining the growing number and costs of data breaches in the state of New York.  The report titled, "Information Exposed: Historical Examination of Data Security in New York State," analyzes eight years' worth of security breach data collected by the Attorney General and the impact of those breaches upon New Yorkers.  The report finds that the number of security breaches reported to New York has more than tripled between 2006 and 2013.  Additionally, half of the largest breaches have occurred since 2011, with 2013 having the largest number of New Yorkers affected by data breaches.

The leading causes of the data security breaches were also reported by the Attorney General.  The report found that approximately 40 percent of all breaches between 2006 and 2013 were the result of hacking intrusions (third parties gaining unauthorized access to data stored on computers).  Nearly percent of all breaches were the result of lost or stolen equipment or documentation.  And insider wrongdoing, increasing in frequency each year, accounted for approximately 10 percent of all breaches.

The Attorney General also reviewed the number of data security breaches reported by industry.  Retailers were most likely to report three or more breaches between 2006 and 2013.  The report links retailers' susceptibility to attack – particularly restaurant retailers – to retailers' payment systems which have become a favorite target of hackers.  In addition, health care providers were shown to have not only a high incidence of three or more attacks, but also experienced the largest number of personal records exposed between 2006 and 2013.

The data breaches experienced in New York had significant financial consequences, particularly to the organizations involved.  The report estimates that in 2013 alone, breaches cost organizations doing business in New York over $1.37 billion.  These costs include not only costs to investigate the incident, notify affected individuals and expenses related to litigation, but also include indirect economic consequences related to consumer and investor confidence.

In order to better protect themselves from data security breaches, the report recommends that organizations implement the following five practices:

  1. Understand what data your organization has collected, maintained and stored, and review what steps have been taken to ensure security.
  2. Minimize the collection of data, store data for the minimum time that is needed and delete any information no longer needed.
  3. Create a comprehensive information security plan that includes encryption of data.
  4. Implement the information security plan which should include training of employees, communicating with third party vendors and conducting regular audits to ensure compliance.
  5. Offer mitigation services to affected individuals.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More