[BreachExchange] Data Protection Breach Cases Set To Soar With GDPR Introduction

Audrey McNeil audrey at riskbasedsecurity.com
Tue Nov 22 19:09:40 EST 2016


http://www.techweekeurope.co.uk/workspace/data-protection-
breach-soar-gdpr-200997?PageSpeed=noscript

Litigation related to IT security breaches and data protection issues are
expected to see major increases over the next five years due to technical
changes and the introduction of new privacy rules.

A survey of 340 legal specialists carried out by law firm Pinsent Masons
and the School of International Arbitration at Queen Mary University of
London found that respondents expected data or system security breaches to
represent the biggest increase in TMT (telecoms, media and technology)
disputes during the period, rising 191 percent, while disputes related to
data protection and privacy were expected to rise 104 percent.

Data issues

TMT disputes include conflicts experienced by a company in any sector that
arise from communications or technology issues, and are increasingly
widespread as a broader array of organisations employ technology to carry
out their affairs, the study found.

The most common TMT disputes over the past five years have related to
intellectual property issues, with 50 percent of respondents saying they
had encountered them, while only 13 percent said they had encountered data
protection disputes, falling to nine percent for data or system security
breach cases.

But respondents expected both issues to become much more prevalent in the
future, with 80 percent saying they were either “very likely” or “somewhat
likely” to encounter data protection disputes in the next five years, and
79 percent saying they expect to be involved in security breach cases.

“Clearly, these issues are troubling both suppliers and users of
technology,” the report’s authors wrote. “They are a significant risk area,
which will need to be managed and mitigated in the future.”

Internal threat

The figures suggest that focusing on repelling external attacks might not
be enough to deal with data breaches, since they were most often caused by
employee action; 37 percent said this was a “very common” cause, compared
to only 22 percent for malicious third parties.

“These results indicate that human risk represents the most common cause of
data breaches, significantly more than system failures,” the report said.
“While malicious third party attacks and disputes related to regulatory
investigations are less common, the potential reputational and financial
damage may be very significant for a business.”

The EU’s General Data Protection Regulation (GDPR), set to apply beginning
in May 2018, means the expectation of significantly more data-protection
cases is justified, according to David McIlwaine, dispute resolution
partner at Pinsent Masons.

He said such issues can affect organisations financially as well as causing
reputation damage, as was seen in the breach of telecoms provider TalkTalk
last year.

“In an increasingly connected world, information and data is a highly
valuable commodity,” said the report. “With this comes risk: data is an
increasingly common cause of TMT disputes.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161122/8f3ca513/attachment.html>


More information about the BreachExchange mailing list