BUFFALO, NY (August 11) – Lincoln Archives president Bill Palisano responded today to a federal appeals court ruling last week that dramatically changes the landscape of corporate responsibility when it comes to the digital and physical security of personal data. A federal appeals court in Washington, D.C. last week ruled in Attias v. CareFirst that consumers may sue companies that fail to safeguard their personal data.
“Last week’s ruling is a game-changer for all industries that collect and store people’s personal data,” said Palisano. “With a new cyber attack at the top of the headlines seemingly every week, this ruling will likely open up a flood of litigation related to data protection. It is critical that companies protect themselves when it comes to protecting personal information of employees, clients, patients, vendors, etc., as open season for lawsuits has the potential to devastate established brands, and bury small businesses.”
CareFirst, a health insurance company based in Boston, MA, was the victim of a cyber attack in June, 2014, which it disclosed in May 2015, resulting in a breach affecting 1.1 million individuals. As is often the case following large data breaches, a class action lawsuit was filed on behalf of individuals whose data was impacted. However, the district court ruled in 2016 that the plaintiffs could not prove they’d been harmed by the security breach.
On August 1, 2017, the appeals court agreed that the lower court was wrong to dismiss the case, and reinstated the class action lawsuit. The court determined that the risk of identity theft in itself established harm and sufficient standing for the case to proceed.
As president of North Buffalo-based Lincoln Archives, Palisano emphasizes the importance of companies keeping their data secure. Palisano and his team provide tools to help organizations secure themselves, implement processes to be used in the event of an attack, and immediately begin to mitigate problems in the event of a breach – including Lincoln Archives’ new partnership with CSR Professional Services, Inc., and its CSR Readiness® Pro Edition, which guides companies through the rigorous, state-by-state requirements if data is compromised.
“In the event of a breach, you can’t stop anyone from suing you, but you can certainly put yourself in the position to make a strong defense,” said Palisano. “Keeping your systems buttoned up, your processes in place, and your mitigation program well thought out – all of which either one, keep you and your customers, vendors and employees protected, or, two, act as proof that you’re doing whatever you can to protect their data.”
Further information on Lincoln Archives’ new partnership with CSR Professional Services, Inc., and the CSR Readiness® Pro Edition, can be found at: https://lincolnarchives.com/csr.php and https://lincolnarchives.com/csr-faq.php. For more information on Attias v. CareFirst, visit www.csrps.com/Attias-v-CareFirst.