Tag Archives: consumer privacy

Employers Have a Legal Duty to Protect Employee Data

The cybersecurity standard of care is getting clearer: if you collect sensitive data, you must take reasonable measures to protect it.

Recently, in Dittman v. UPMC, the Pennsylvania Supreme Court ruled that an employer has a common law duty to use reasonable care to safeguard its employees’ personal information stored on an internet-accessible computer. This decision paves the way for a much broader application because the case was decided based on the mere act of collecting and storing sensitive information (and not the employer/employee context).

The Facts

The case relates to a data breach of the University of Pittsburgh Medical Center’s (UPMC) network and the theft of sensitive personal information belonging to more than 60,000 employees (e.g., Social Security numbers, confidential tax information, and bank account information). The employees sued but lost in the trial court, which held that Pennsylvania law did not recognize a duty to secure employee data stored on internet-accessible computers. Continue reading Employers Have a Legal Duty to Protect Employee Data

Survey Shows Data Breaches Lead to Poor Customer Retention

Data breaches are a common occurrence, with organizations large and small falling victim to online attackers. The impact of a data breach is not just the economic loss of data; a breach also leads to the loss of customer loyalty as well.

Ping Identity recently released the results of its 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era, unveiling consumer sentiments and behaviors toward security and brands impacted by data breaches.

Survey Results

The collected data highlights the importance of protecting customer data, with the survey finding that 78 percent of respondents would stop engaging with a brand online after a data breach. Continue reading Survey Shows Data Breaches Lead to Poor Customer Retention

Dissecting 2018’s Mid-Year Data Breach Statistics

After the first six months of 2018, 4.5 billion data records have already been compromised according to a recent report. Data breaches have affected businesses large and small, from Adidas (two million records compromised) to Facebook (up to two billion accounts affected) to municipal airports and accounting firms, and 2018 has already seen more than its fair share of massive global data breaches.

The Gemalto Report

Digital security specialist Gemalto revealed in a new report that 945 data breaches led to a staggering 4.5 billion data records being compromised worldwide in the first half of 2018.

Although the total number of breaches were down from the same period the year before, the number of records compromised were up over 130 percent as the severity of individual incidents increased. Continue reading Dissecting 2018’s Mid-Year Data Breach Statistics

New Jersey Continues Push for Shopper Privacy Law

The New Jersey Senate approved a bill – Personal Information and Privacy Protection Act – to increase the privacy protections for New Jersey shoppers. The bill limits a retailer’s ability to collect and use personal data from a consumer’s identification card.

A retailer can scan an identification card only for the following purposes:

  • To verify the authenticity of the ID card or the identity of the person paying,
  • To verify the person’s age when providing age-restricted goods or services,
  • To prevent fraud if the person returns an item or requests a refund,
  • To establish or maintain a contractual relationship,
  • To record, retain, or transmit information required by state or federal law, or
  • To transmit information as permitted by FCRA, GLBA or HIPAA.

The bill also limits the types of information scanned to name, address, date of birth, the state issuing the identification card, and the identification card number.

Other noteworthy provisions include:

  • Limitations on retaining the relevant information,
  • Data security requirements,
  • The state’s data breach notification requirements, and
  • Restrictions on selling the relevant information.

The next step for the bill is to be approved by the New Jersey Assembly.