Francoise Gilbert of the IT Law Group won't give Zappos an "A" for how the online retailer reacted to its recent data breach. So, what can organizations learn from the incident, so they're better prepared?
Verisign, operator of two of the 13 root name servers that route traffic on the Internet, has revealed that outsiders attacked its computer network several times in 2010, but top management did not learn of the incidents until September 2011.
Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.
Notifying patients about a healthcare information breach requires a "difficult balancing act" by entities to ensure that risks are not exaggerated, says attorney Robert Belfort, an expert in HIPAA compliance, fraud and abuse.
As legal issues surrounding data breaches become increasingly complex, more organizations are turning to attorneys for post-breach response, says Lisa Sotto, a managing partner for New York-based law firm Hunton & Williams.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
A key to developing a successful data breach prevention, detection and notification program is to gain buy-in from senior management and board members, says Bob Krenek of ExperianÂ® Data Breach Resolution.