Data Leakage Law

Private Data (or Personally Identifiable Information) Defined

The key to avoiding liability for data leakage is due diligence. As a broad generalization, the law of data security rewards those who are diligent, who exercise due care to prevent a compromise of privacy. Hence, if a data holder is diligent, but still suffers a mishap, it is less likely to be held legally liable.

For example, Guin v. Brazos Higher Education held a loan processor was not liable for a compromise of data security, in part because the processor had taken reasonable steps to protect the data.

Reasonable steps, or due diligence, can include application of latest technology, such as filters that inspect outgoing data transmissions and block those that appear suspicious. An e-mail filter would have been helpful to the Palm Beach County health department when (in 2005) an employee inadvertantly broadcast a list of HIV/AIDS patients to 800 county employees.

When employing such filters, however, an issue is to know what to filter. Continue Reading