As we discussed in the Privacy Class Action Claims on the Rise post from December 17, 2014, the number of privacy class action claims is trending upwards, along with all things privacy-related.  Some of the breaches and other big media stories could have been avoided, while others were unavoidable for the businesses at issue.  Either way, though, businesses are now on notice that they have precious data, data that customers care about and that hackers want.  So what’s a responsible business supposed to do to protect against privacy and security claims?

  1. Prevent them.  Set up a robust privacy and data security regime.  Plan for privacy – technically and legally – from the start.  Understand what you are collecting and adopt procedures to safeguard data.  How to do this varies depending on context:
    1. Build privacy and security into your app or website, collecting only the information that you need and establishing mechanisms to protect the data appropriate to the sensitivity of that data.
    2. Train your employees on best practices.
    3. Stay up to date with developments and thinking on privacy and security.
  2. Plan for them.  Know what you’re going to do when a breach happens, whether it’s someone inside or outside your shop that causes it.  Know who you’re going to hire to investigate.  The team that’s going to meet to plan next steps?  They should already be meeting.
  3. Get real with them.  The people affected by the privacy issue, if we’re talking about a breach, need to know promptly.  Legal obligations aside, people expect to know fast, and they may need to know to prevent fraud and secure themselves in the future.  It’s difficult to balance transparency and confidentiality when you’re in the heat of the forensic evaluation, but you should realize that consumers – and the plaintiffs’ lawyers who represent them – are increasingly expecting disclosure, fast.

In this connected age, the best businesses understand the importance of privacy and security.  But companies live in a world where their databases are under attack by weekend hackers showing off their skills, cyber-criminals, and even state-sponsored terrorists, where technology changes at breakneck speed, and where budget approvals are a corporate reality.  So remember to expect the unexpected and include some fire drill planning in the mix.