In a recent interview, California Attorney General Kamala D. Harris quoted the following statistics from her “California Data Breach Report,” published in October:

  • In 2013, there were more than 167 data breaches reported in California. This represents an increase of 28% from the 131 data breaches reported in 2012.
  • The majority of these breaches involved malware and hacking. While a minority of the breaches resulted from the physical loss of a device.
  • The retail industry was the biggest target for hackers with financial institutions running a close second.
  • Social Security numbers were the most frequently compromised piece of personal information.

The Report also includes the following recommendations for data storage:

  • Update point-of-sale terminals and necessary software to include chip-enabled technology.
  • Encrypt payment card data in order to make information less valuable to hackers.
  • Respond promptly to data breaches and notify affected individuals in the most expedient time possible.

This Report and the Attorney General’s comments are further evidence that companies may face liability if they have a data breach while using an antiquated storage system. While the costs to protect private information may be difficult to initially justify to a company’s bottom line, we are fast approaching a time where it may be more expensive to use an old, insecure data storage system in the long run. A number of states are already considering legislation which will make new safeguards mandatory. Moreover, companies may face additional liability if a data breach occurs at a point when a company has failed to make basic upgrades to its system.