Cincinnati partner Breck Weigel was quoted in the March 1, 2010, Crain's Cleveland Business article, "In Data Breaches, Repairing Reputation as Important as Legal Obligation."
According to the article, when a data breach of customer information occurs, it varies by state and by what information has been comprised as to what happens and what responsibility the business or institution has to its affected customers. In Ohio, companies are required to disclose that information has been breached only if a customer's first and last name or first initial and last name are attached to the compromised data. Therefore, if a Social Security number is leaked, the customer may never know—unless a name is attached to it, too, according to the article.
According to Weigel, companies that experience data breaches may have to worry about rebuilding consumer goodwill, more so than any fines that could be imposed by the Federal Trade Commission or, in some cases, an industry watchdog like the Payment Card Industry Security Standards Council. "They may have no legal obligation to provide notice, but so much of what's at issue here is a company's goodwill," he said. "Preparation is the key." Weigel said companies that have access to sensitive information already should have a process in place to respond to breaches before one happens and should ensure that data is properly encrypted.
While colleges and universities are among the most frequent targets of hackers, stolen laptops are also a frequent occurrence. Weigel said that is one of the most difficult cases to deal with because it's impossible to conduct a forensic exam on the computer to learn how it was breached, or even if it was at all.