Text Size   Decrease Font SizeIncrease Font Size
static_slide_interior

Learning from the Target Data Breach

PDF Print
Privacy, Data Protection and Security
Sunday, 30 March 2014 16:09

By Arthur Freyre

At the height of last year’s Christmas shopping season, Target reported that some 40 million credit and debit cards were exposed to a possible data breach. The resulting breach led to fraudulent transactions and unprecedented customer data exposure. The U.S. Senate Commerce Committee launched an investigation aimed at understanding the breach and they released the results of this inquiry last week.

The Senate's findings can be summarized in two points: (1) Target allowed a vendor access to its network without proper due diligence and (2) Target failed to act on their own data security systems’ alerts. Target’s systems were compromised as a result of a vendor’s access to their network. Simply put, the small business did not have the proper security program to protect itself from hacking and was ultimately exploited in efforts to breach Target.

Unfortunately, the hacks, coupled with Target’s failure to follow through on its own data security system, were not acted on until the Department of Justice notified them of the breach. The technology revolution has changed the world, as it has retail as we know it. Information formerly stored in secure warehouses is now somewhere in the ether, forcing small and large businesses to begin to think about how to protect their information and ultimately their reputations from hackers.

In short, Good privacy is good business. Good privacy practices are a key part of corporate governance and accountability. One of today’s key business imperatives is maintaining the privacy of personal information.

As business systems and processes become increasingly complex and sophisticated, organizations are collecting growing amounts of personal information. As a result, personal information is vulnerable to a variety of risks, including loss, misuse, unauthorized access, and unauthorized disclosure. Those vulnerabilities raise concerns for organizations, governments, and the public in general.

Organizations are trying to strike a balance between the proper collection and use of their customers’ personal information. Governments are trying to protect the public interest and, at the same time, manage their cache of personal information gathered from citizens.

Consumers are very concerned about their personal information, and many believe they have lost control of it. Furthermore, the public has a significant concern about identity theft and inappropriate access to personal information, especially financial and medical records, and information about children.

Individuals expect their privacy to be respected and their personal information to be protected by the organizations with which they do business. They are no longer willing to overlook an organization’s failure to protect their privacy. Therefore, all businesses need to effectively address privacy as a risk management issue.

 

Social Media

Twitter2Facebook2LinkedIn2 YouTube Icon 

Newsletter Sign-Up

Fill out my online form.

ViewOureNewsletter

Recent News

The Daily Star: Zakka Takes Case to UN Human Rights Commission

The family of U.S. Legal Permanent Resident and Internet Freedom Advocate Nizar Zakka, who is currently imprisoned in Tehran, hav... [More]

Heartbreaking Stories Emerge as Embassy Mystery Halts Trips From Cuba to Tampa

In response to the health attacks on American Diplomats in Cuba, six weeks ago, the U.S. Embassy in Havana ceased issuing visas t... [More]

©2016 PobleteTamargo LLP
Disclaimer
Attorney Website by The Modern Firm