Data Security Law Blog

Visit the Full Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law. Patterson Belknap’s Privacy and Data Security practice provides public and private enterprises, their leadership teams and boards with comprehensive services in this critical area. Our team of experienced litigators, corporate advisors and former federal and state prosecutors advises on a broad range of privacy and data protection matters including cyber preparedness and compliance, data breach response, special board and committee representation, internal investigations, and litigation.

Data Breach Costs Surge: The Numbers Behind Ponemon’s 2018 Study

Data breach costs are on the rise. In the U.S., the average cost of a data breach spiked nearly 8% from last year to hit a record high of almost $8 million per breach.

That’s the conclusion from a study released last week by the Ponemon Institute LLC.  In its annual “2018 Cost of a Data Breach Study,” researchers concluded that breach costs are still trending up, though there’s a silver lining in the form of cost mitigation for proactive organizations. Researchers found that companies which took a series of proactive measures were able to reduce the costs of a data breach substantially. We'll discuss that later in this post. 


The Tale of LabMD: New lawsuits charge ethics violations and fake data breaches

The LabMD data security case is anything but dull.  An 8-year (and counting) fight with the U.S. Federal Trade Commission, a U.S. House of Representatives Oversight and Government Reform Committee investigation into allegations of government overreach and collusion, a key witness granted governmental immunity and multiple related civil lawsuits scattered around the country.


A (Secondary) Education in Data Security

On January 18, 2018, the New York State Education Department (“NYSED”) announced that one of its vendors, Questar Assessment, experienced a data breach resulting in the unauthorized disclosure of personal information from students in five different New York schools. While the data breach reportedly affected only a small number of students that had registered for online testing in spring 2017, it nonetheless exposed sensitive personally identifiable information from those students.  And despite its narrow scope, this breach potentially threatens public (and parent) confidence in the security of sensitive student information at a time when New York schools are moving more and more of their activities online.