LexisNexis Claims Disclosing Data Breaches Reduces Pain

from the of-course,-it-helps-that-they-were-required-to-by-law dept

LexisNexis ran into some trouble last year, after discovering that a data broker they had acquired had leaked a ton of data directly into the hands of criminals. Following the many other disclosures on similar cases, execs at the company went back over a history of transactions and eventually discovered fifty-nine cases where their security was breached. Around the same time, the company also called for more stringent disclosure laws, that would require companies to reveal such breaches. Such claims may ring a little hollow, because the only reason most of these breaches came to light in the first place was because of a California law requiring such disclosures -- and most of the federal regulations proposed on this issue would turn out to be less stringent that the California law, requiring a lower bar in determining what needs to be disclosed. Still, for those companies who are happy about this lower bar, they might want to heed the words of a LexisNexis exec who is claiming that disclosing the breaches may have been the best thing they did in response. Of course, LexisNexis can obviously claim some distance from the problem, as it appears many of the breaches took place before they acquired the subsidiary. However, on the whole, he claims that there was very little impact, because they were direct and honest in discussing the breaches. Whether or not you believe his claims, it does make sense that being honest about a screwup like that is about the only way these companies are likely to rebuild trust. If it comes out that they lied about security breaches, it wipes out what little credibility they had left.