External protection from threats is obviously critical when it comes to cybersecurity. However, as these threats are constantly evolving, ensuring your information governance is effective is another approach to safeguard your data.
In April of 2016, Mossack Fonseca, a law firm in Panama suffered a large data breach resulting from a cyberattack. Known as the Panama Papers, it uncovered the offshore finance information of many billionaires. This resulted in serious investigations which will undoubtedly cause legal consequences for those involved.
Cybersecurity is a concern for every organization, and that concern only continues to grow. In 2016, 4.2 billion records were stolen in a reported 4,149 reported data breaches. Keep in mind, this is just the reported breaches.
When it comes to cybersecurity and regulatory compliance, several factors come into play. First and foremost, the human element is important to consider. Basic best practices such as strong and continually changing passwords and ensuring the security of your wireless networks are essential. Also, creating an overall regulatory compliance plan that is understood by all parties.
A recent article from Lexology points out that many organizations think of cyber security as simply an IT problem. However, it has become clear that the risks involved with data security can effect every business unit. Unfortunately, general counsel is usually involved after a breach in a reactive fashion. The proactive approach that allows general counsel to be a part of the planning and prevention of a cyber security breach will save untold amounts of work and costs.
A recent Federal Court decision may create lasting opinions about how information is governed and brings about additonal risk and compliance issues. The court has decided that P.F. Chang’s cyber insurance policy does not cover expenses from the restaurant’s 2014 privacy breach.
A recent article from Yahoo reveals the potential legal damages from last year's hack of Sony Pictures. According to the article, Sony will be paying somewhere between $5.5 and 8 million to resolve a class action suit from its employees. The personal information of current and former employees was left exposed and many were subject to identity fraud.