Growing up, I always thought that goulash was some kind of dish where everything in the refrigerator ended up participating. (Wikipedia tells me that my mom was wrong!) Today’s blog ends up being just that kind of thing though, whatever you want to call it: a lot of topics that we’ve talked about before that are back – like Jason, Freddy, or the Terminator – from the dead.
- Data retention. Yup, I’ve mentioned this issue before. Data retention is not an industry-specific issue. It applies to the private sector as well as government institutions. In today’s news, the IRS will have to explain why it “‘removed or wiped clean’ information from [Lois Lerner’s] Blackberry in June 2012, shortly after congressional staffers questioned Lerner about the targeting allegations and in the same month that the IRS inspector general began examining the issue.” This is a few months after IRS Commissioner John Koskinen testified “that the agency tried unsuccessfully to recover information from Lerner’s hard drive after the device failed. He said the IRS then sent the hard drive away for destruction or recycling, in line with agency protocol.” Agency protocol – well, that’s a good thing, along the lines of what good entities should be doing about data retention. But having the protocol and following the protocol are two very separate issues. This issue isn’t going to go away, people. Control where your information is going, how long it’s going to be there, and who has access to it. Got it? Good. Next up . . .
- Data breach. We’ve already bemoaned the complexity of handling a data breach case in the patchwork set of state and federal notification laws. But imagine the hell-on-Earth involved if you are, say, Home Depot, which is now front-and-center in the public’s eyes. Seriously, is there a place in the country where there isn’t a Home Depot? Great for business, really bad for data breach. Because the breach is said to “involve nearly all of the company’s stores across the nation.” It doesn’t much imagination to guess what Home Depot is going to be spending a whole lot of time and money on in the coming months. Bear in mind that Home Depot has not yet confirmed the breach incident. But examine – no, scrutinize – how quickly the Internet and social media brought the potential breach to light. Remember: now, more than ever, a company’s speed and depth of response is critical in a data breach incident. That should make the formation of an incident response team – and an incident response plan – the number one item on every general counsels’ to-do list. Get it done quickly. If you wait too long, the repercussions could be from merely costly to truly disastrous. Moving on to . . .
- Data breach (redux). . . nah. Staying with this theme. Pretty much everyone in the western world knows that certain … err … delicate celebrity pictures were leaked online. The host of these pictures, Apple, says that it did not suffer a data breach. More likely, hackers used “brute force” attacks, which flood accounts with attempts to guess the right usernames and passwords. Here’s the kicker though, even though Apple says that it is not responsible, its stock price plunged to its lowest point since January. The lesson here? Your company’s name in any kind of proximity to the words “data breach” is Not. A. Good. Thing. Plan ahead!
- Whistleblowers. The SEC gave $300,000 to an individual who performed some kind of internal audit, compliance or legal function in his company. This marked the agency’s first award to a compliance professional. We’ve discussed the right ways and the wrong ways to address whistleblower complaints, haven’t we? But to the extent that it wasn’t clear before, note this: “The agency said the tipster reported the wrongdoing internally at first, but the company failed to take action after several months.” Ahem. Might as well call this an unforced error, people. Know what to do when a whistleblower makes a complaint! And finally . . .
- Reclining airline seats. Okay, you caught me. I haven’t actually written about this before. But I had to mention it because it’s just so . . . so . . . well, bizarre. Paid $800 for a ticket; checked bags for $50; waited in a mile-long security line for an hour; removed shoes, belt, watch, wallet, keys, cell phone, suit jacket, loose change, laptop, Kindle, iPad, tiny liquids, and tinier gels, and still set off alarms; flight delayed for “plane maintenance” (read: “crew at last call”), seats not assigned; plane almost fully boarded before you could get on (darn those frequent platinum emerald copper feather diamond anniversary class with-or-without small children passengers!), baggage “mistakenly” sent to Kalamazoo … and the reclining seat is the proverbial straw? Good gravy. Have some perspective!