As of late, the outrage with Sony Pictures Entertainment, Inc. transformed from a humiliating tabloid story to a possible terrorist threat. The rupture likewise has affected a large number of current and former Sony employees. On December 15, 2014, a government legal claim was filed in California in the interest of current and former Sony employees. According to the complaint, Sony has not made satisfactory moves to keep off from the monstrous breach by securing the personal data of more than 15,000 employees which was compromised in the recent cyber-attack.
The exposed personal ID information, the complaint stated, includes employee names, addresses, phone numbers, date of birth, employees social security numbers, salaries, email addresses, bonus plans, health records, performance evaluations, scans of visas and passports, the reasons behind termination, severance packages details and a lot of other employment and personal data that can be called sensitive in plain simple words.
According to the lawsuit filed, Sony settled on a business decision of risking a breach of the personal data of Sony employees despite knowing for a considerable length of time that there were weaknesses in their security network.
The claimed reasons of action in the Sony case include negligence, violation of California Civil Code Section 1798.82 related to computerize data, violation of a California statute related to the confidentiality of medical information, as well as a violation of the code of Virginia Section 18.2-186.6 associated to personal information. The grievance is looking for both monetary and injunctive relief, in addition to expenses and attorneys’ fees.
Michael McCartney, a computer forensics expert and the CEO of DIGITS LLC, recommends that there are also an incredible amount of soft costs associated with the liability of reporting, litigation, fines and the possible penalties in addition to the direct costs that are involved. McCartney also said that 60% of organizations that suffer from data breaches are out of business in those 6 months of the breach.
Employers in the 21st century need to adopt an aggressive role when it comes to planning and security of company data. In addition to network monitoring, security policy review one can also consider security assessments, vulnerability assessments etc. when preparing for stringent security protection measures.
Most companies use quite a bit of their efforts when it comes to computer security on regulatory requirements and protection of client data. However, they fail to focus on protection of electronically stored employee data.