Data Breaches: A Matter of When, Not If

Posted on May 13, 2011 by Barley Snyder LLC
 
Nearly every company routinely handles electronic data containing personally identifiable information. This data can include information about its customers, employees, or business partners. Whether a company is actually collecting and sharing the data itself or merely handling and storing data collected by others, there is the potential that this data may fall into the hands of unauthorized third parties -- a data breach. 
 
Is your company aware of data breach notification requirements and prepared to appropriately respond to a data breach?
 
In the last five years alone, hundreds of substantial data breaches have resulted in the compromise of hundreds of millions of data records containing personally identifiable information. Some of these breaches were a result of human error, such as the misplacement of an employee laptop or smart phone. Other breaches were a result of illegal or malicious activities. The cost to a company for a single data breach can be staggering. For example, one of the largest data breaches in the United States will cost TJX Companies up to $500 million. In TJX’s case, third parties accessed and stole customer credit and debit card data and used it to make unauthorized transactions. TJX settled several class action lawsuits filed by customers, as well as lawsuits filed by financial institutions that had to reissue millions of credit and debit cards. In addition to damage awards in private lawsuits, such as the case with TJX, companies can also be held responsible to pay hefty government-imposed sanctions. Also, a company cannot ignore the impact a data breach can have on its reputation and customer confidence and trust.
 
Tags:

Supreme Court Upholds Class Action Waivers in Consumer Arbitration Agreements

Posted on May 9, 2011 by Barley Snyder LLC
Many businesses now include arbitration agreements in their contracts with customers and employees. Arbitration can provide an alternative to traditional litigation, especially with regard to small claims. By agreeing to arbitrate claims, customers and businesses agree to forgo claims through the court system. Some courts, however, have found consumer arbitration agreements unconscionable, therefore, diminishing their usefulness to businesses. A recent Supreme Court decision, however, upheld an arbitration agreement allowing a business to utilize an arbitration clause to limit class action liability exposure.
 
In a 5-4 decision, the United States Supreme Court decided in AT&T v. Concepcion, that corporations may use arbitration clauses to prevent the aggregation of small claims into class action lawsuits. Plaintiffs sued AT&T for false advertising and fraud after being charged $30.22 for sales tax on the retail value of cell phones that were advertised as free. The Plaintiff's contract with AT&T provided for arbitration of all disputes and required that any such claims be brought individually, not as part of a class or representative proceeding.
 
The Supreme Court reversed lower state and federal courts which had previously determined that arbitration agreements prohibiting the consolidation of small claims into class actions were unconscionable and unenforceable under California Law. The Court determined that the Federal Arbitration Act (FAA), federal law making arbitration agreements “valid, irrevocable, and enforceable” except under certain circumstances, preempted the California law used to invalidate arbitration agreements prohibiting class action suits. The decision in Concepcion, signals the Court’s willingness to prevent states from interfering with the speedy and efficient resolution of claims through arbitration. 
Tags: