The State of Law in a Data-Driven World
Though others might disagree, some might say law was a simpler profession before the advent of data. However it may be, there is no denying the very real need for defense and prosecution when it comes to data theft today. Technology was created to ease functions in the everyday workplace, but that creation has in turn caused multiple complications. It is regrettable that the average household now possesses in its vocabulary such terms as malware, anti-virus, and ransomware, and that there should exist an underlying anxiety as to whether one's information is ever truly safe from hackers. In such a world, it is necessary to be crystal clear on all aspects of data in and of itself.
Households vs. Businesses
Initially, it is beneficial to separate the domestic from the professional. When an individual experiences a malware attack, they can often save their data and shut down and override their computer without much or any thought for legal retaliation. However, when a company gets hit by a malicious virus seeking out its data, that theft can be recovered, but is termed data breach if personally identifiable information (PII) has been stolen, by extension of which occurrence all customers must be informed and legal action taken. They often employ a company to provide digital forensics Cleveland, to assist in this. The results of such paid for analysis aiding no end in any case that might arise from this cyber abuse. However, what must also be taken into consideration when a business is targeted are the earnings lost through the forced hiatus to the operations while under attack or in its aftermath.
Ransomware and Data Breaches
Ransomware, where a user is literally held to ransom, their computer and contained data frozen until a stated sum of money has been received by some method preferred by the hacker, is a more prosecutable offense than the deployment of malware for straight up theft, due to the hostage component. In a day and age when 72% of cyberattacks were of ransomware nature in the nation's healthcare industry, this crime becomes concerning indeed. Laws have been passed in some states to clearly set out the terms of a data breach, i.e. what that constitutes. Massachusetts' General Laws c. 93H, for example, remains vague as to what makes a data breach actionable, however. Nonetheless, the Health Information and Portability Act (HIPAA) is clearer. This in itself suggests the need for new breadths of information to be covered in fundamental and CPD legal training.
What is certain is that the type of data that is most targeted is often PII held by large companies. That is to say, private healthcare information, financial records, and social security numbers; citizens' virtual thumbprints. In such a precarious environment, it is confidentiality terms that are nullified most by malware attacks. Policies and working to extend beyond the "reasonable efforts" required by those in the law to uphold such agreements, even digitally, must mature at the same pace as technology.