It was bound to happen. Angry consumers whose information gets stolen from companies who are supposed to protect it are going to rise up and start suing those companies for not protecting their information. That’s what’s happening in the U.S. now after this year’s massive Equifax breach.

30 Lawsuits So Far

So far, it is being reported that Equifax is facing as many as 30 lawsuits. That figure could grow considering 143 million Americans were affected in the breach.

According to Bloomberg.com in the first of many complaints, which was filed in Portland, Ore., federal court, “users alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack. Data revealed included Social Security numbers, addresses, driver’s license data, and birth dates. Some credit card information was also put at risk.” (https://www.bloomberg.com/news/articles/2017-09-08/equifax-sued-over-massive-hack-in-multibillion-dollar-lawsuit)

Europe Has GDPR To Protect Information

In Europe, the General Data Protection Regulation (GDPR) has been established to protect the information of all individuals in the EU. Every business that does business with anyone who lives in the EU must comply with the new regulation. The deadline for compliance is May 2018.

I would imagine that Equifax holds sensitive information of people who live in the EU, since it was reported that several million people in the UK were also compromised in the breach. So, skimping on cyber security measures was not in their best interest.

While Equifax chose to “save” money, they in fact are suffering untold losses in addition to being hit with dozens of lawsuits. Many companies may choose to take the same route when it comes to cyber security. However for many companies the Equifax disaster will serve as an example of what not to do.

Are You In Compliance With GDPR

This is no time to skimp on cyber security. As the GDPR deadline quickly approaches, the need for GDPR is becoming clearer each day, with each breach of privacy. I’m providing an edited review of some of the reasons for the widespread regulation designed to help individuals as well as the companies that serve them.

Rules fit for innovation: the regulation will guarantee that data protection safeguards are built into products and services from the earliest stage of development (Data protection by design). Privacy-friendly techniques such as pseudonymisation will be encouraged, to reap the benefits of big data innovation while protecting privacy.

Benefits for big and small alike

The data protection reform will stimulate economic growth by cutting costs and red tape for European business, especially for small and medium enterprises (SMEs). The EU’s data protection reform will help SMEs break into new markets. Under the new rules, SMEs will benefit from four reductions in red tape:

No more notifications: Notifications to supervisory authorities are a formality that represents a cost for business of €130 million every year. The reform will scrap these entirely.

Every penny counts: Where requests to access data are manifestly unfounded or excessive, SMEs will be able to charge a fee for providing access.

Data Protection Officers: SMEs are exempt from the obligation to appoint a data protection officer insofar as data processing is not their core business activity.

Impact Assessments: SMEs will have no obligation to carry out an impact assessment unless there is a high risk.

Stronger rules: By updating the current Directive with a directly applicable Regulation, all people and businesses in the EU will enjoy the same level of protection for their electronic communications. Businesses will also benefit from one single set of rules across the EU.

(http://europa.eu/rapid/press-release_IP-15-6321_en.htm)

VORAS Consulting works with companies, government agencies and businesses of all sizes. Become compliant with the new privacy protection requirements. Schedule a consultation today and make sure you are in compliance prior to the May, 2018 deadline.

 

 

Leave a Reply