As data breaches are on the rise, the old adage rings true: it’s not a question of if, but when. More companies are experiencing crippling breaches and the statistics are alarming: According to IBM Security’s Cost of a Data Breach Report 2019, the average cost of a data breach is $3.9 million and the average cost per record lost is $150. There was a time when organizations argued (perhaps correctly) that they could not have anticipated being breached or, even if they were, the size and scope of the compromised data. Such arguments no longer hold water and, increasingly, regulators are examining the reasonableness of the data security practices that were in place at the time of the breach, which can lead to fines and penalties tacked on to an already costly situation.

Ann-Marie Luciano and Jawaria Gilani of our firm’s State Attorneys General Practice analyzed recent state Attorney General and FTC enforcement actions to identify eight data security best practices that companies can adopt to mitigate the likelihood of a breach. Their findings are summarized on the infographic that can be accessed here:


Both our State Attorneys General and Privacy & Data Security Practice Groups are available to assist and take a deeper dive into the issues summarized above.