In a recent interview [1], California Attorney General Kamala D. Harris quoted the following statistics from her “California Data Breach Report [2],” published in October:
- In 2013, there were more than 167 data breaches reported in California. This represents an increase of 28% from the 131 data breaches reported in 2012.
- The majority of these breaches involved malware and hacking. While a minority of the breaches resulted from the physical loss of a device.
- The retail industry was the biggest target for hackers with financial institutions running a close second.
- Social Security numbers were the most frequently compromised piece of personal information.
The Report [2] also includes the following recommendations for data storage:
- Update point-of-sale terminals and necessary software to include chip-enabled technology.
- Encrypt payment card data in order to make information less valuable to hackers.
- Respond promptly to data breaches and notify affected individuals in the most expedient time possible.
This Report [2] and the Attorney General’s comments are further evidence that companies may face liability if they have a data breach while using an antiquated storage system. While the costs to protect private information may be difficult to initially justify to a company’s bottom line, we are fast approaching a time where it may be more expensive to use an old, insecure data storage system in the long run. A number of states are already considering legislation which will make new safeguards mandatory. Moreover, companies may face additional liability if a data breach occurs at a point when a company has failed to make basic upgrades to its system.