September 23, 2020

Volume X, Number 267

September 23, 2020

Subscribe to Latest Legal News and Analysis

September 22, 2020

Subscribe to Latest Legal News and Analysis

September 21, 2020

Subscribe to Latest Legal News and Analysis

Protecting the Individual from Data Breach

Major databreaches make the news. TJ Maxx, Barnes & Noble, and Sony all had high profile breaches. In such large scale breaches, there is a flaw that is easily exploited on a grand scale. The individual hack is rarely reported and easily overlooked.

In a follow-up to his experience, he published a piece recently, outlining why passwords cannot keep users safe. A few of the more salient points are: 1) as computing power increases, brute force attacks can become more successful; 2) users use the same logins for multiple systems; 3) answers to security questions can be easily found; and 4) convenience is a trade-off for security. If one were to follow the prevailing wisdom, each person would have to memorize 16 digit, non-dictionary, randomly generated passwords for the dozens of online accounts held, without storing those passwords anywhere. This is nearly impossible and hence systems put in place password reset mechanisms that are themselves vulnerable.

Online businesses should take a closer look at how they protect their individual clients and what information is revealed in the event a third-party gains access that could be used to disguise themselves as the client to another provider. Failure to do so may subject them to a cyberliability claim. 

© 2020 by Raymond Law Group LLC.National Law Review, Volume III, Number 14


About this Author

Massachusetts has the most comprehensive data protection rules regarding businesses in the country. Your business must comply with these rules and have a written information security program (WISP)_. Failure to do so can result in prosecution and civil liability.

At Raymond Law Group LLC, we offer compliance counseling for businesses to safeguard them from future data loss and privacy issues. We can assist you in developing your WISP or security and privacy plan. Our attorneys also represent businesses and individuals who have violated privacy laws. Regardless of your company's...