In the past few days across the electronic spectrum, we’ve seen data thefts involving a university, a bank, and a few US agencies. We have also seen employees from an internet provider leak out sensitive search engine query information concerning the search habits of its customers. A variety of problems have occurred with the protection of sensitive information leaving consumers in a worse position for doing business with the university, bank or United States Government agencies. Thieves have stolen laptop computers and employees have mistakenly exposed personal information to cyberspace. In each and every one of these recent cases, like several others, a corporation or agency failed to take reasonable steps to protect sensitive information. Laptop checkout policies, and password protection alone could have minimized risk of identity theft. Limitations on the rights of employees to access personal data could also have provided some protection. Moreover, data encryption under the right circumstances, could have provided protection. Such protections apparently have been non-existent for numerous corporations and government agencies. When will corporate America and our government learn about and prioritize the need for data protection?
In my opinion, corporations need to face litigation risks and costs to force a re-examination of priorities and an emphasis on data security. Based upon all the headlines I see regularly, corporations have not emphasized data protection. In fact, one recent survey suggested that corporate America believes that data theft simply cannot be stopped. These results are staggering and show a corporate culture accepting of data theft. Apparently, believing that thefts will always occur no matter what protections are in place, some corporations suggest they have no obligation to protect data. However, the fact that thefts occur does not excuse a lack of reasonable protection to make data theft difficult. Otherwise banks, believing that bank robberies were inevitable, would never have vaults in banking centers. Stores, believing that burglaries were inevitable, would never have locks or burglar alarms .
Corporations should lock down confidential information and make it difficult to mis-appropriate data in much the same way as they require door locks and money vaults. Creating laptop usage policies, encryption, and password protection are some ways to play a reasonably priced and important role in preventing electronic thefts. I believe that failure to take some or all of these steps to secure confidential information is tantamount to an admission of liability. The consumer has one tool to force a change in this corporate culture of inaction. The tool involves the use of litigation to force an attitude adjustment. Consumers can force such a corporate attitude adjustment by filing suit whenever they suspect that their identity has been compromised as a result of slack corporate technology security. If you believe you have been victimized as a result of lax corporate security, consider your legal options not only to protect yourself but also to force a change in future corporate behavior.