publications full of ideas
Lessons from the Equifax Breach


As data breaches go, they don’t get much bigger than this. Late Thursday, credit reporting giant, Equifax, reported that it had suffered a cyber-incident. 143 million consumer records, including names, birth dates, Social Security numbers, addresses, and driver’s license numbers have been compromised. For reference, the entire United States population is 324 million.

The breach was reportedly detected on July 29th, although it wasn’t made public until September 7, after the underlying issue was remedied. Breaches are not uncommon – Equifax rival, Experian, suffered a much smaller one last year – but the magnitude of this one, combined with the loss of Social Security numbers, sets it apart. Though not the largest known breach – Yahoo!reportedly exposed 500 million accounts – this puts Equifax in an awkward position. After all, collecting and processing sensitive data is at the very heart of Equifax’s business.

Attorneys and experts will be opining on this episode for a while, but even at this early stage, three points stand out:

First, with security breaches becoming virtually inevitable and the commensurate potential for increasingly significant repercussions, Big Data may be evolving out of the purely private or corporate domain into a quasi-public enterprise, the classic example being utilities. Of course, one of the defining features of utility companies is a high level of regulation to protect consumers against the pricing power of a government-granted monopoly. In the Big Data arena, one would expect a high level of regulation for the purpose of protecting consumers from substandard cybersecurity measures.

Second, with Social Security numbers being compromised daily, their use as a universal identifier is increasingly ill-advised. As a result, multi-factor authentication (using a variety of identification technologies) may be moving from your company’s IT system to your everyday life. 

Third, when it comes to data, more is not always better. (Or, with apologies to Stan Lee, with great data comes great exposure.)

Therefore, with data, oftentimes less is more. While data storage space has become increasingly inexpensive, the potential costs of a breach mandate a careful evaluation of your actual storage needs. Simply put, pennies spent on data storage today can become dollars spent on breach remediation tomorrow. Consider reducing your risk exposure tomorrow by implementing appropriate data collection and retention policies today. Collect only what you need, use it only as necessary, and retain it only for so long as you actually need it.  

Saad Gul and Mike Slipsky, editors of NC Privacy Law Blog, are partners with Poyner Spruill LLP. They advise clients on a wide range of privacy, data security, and cyber liability issues, including risk management plans, regulatory compliance, cloud computing implications, and breach obligations. Saad (@NC_Cyberlaw) may be reached at 919.783.1170 or Mike may be reached at 919.783.2851 or

Physical Address: 301 Fayetteville Street, Suite 1900, Raleigh, NC 27601

related information

what's new at the firm

Liza Nye Joins Poyner Spruill LLP


RALEIGH, MARCH 22, 2018 – Poyner Spruill is pleased to announce Liza Nye has joined the firm as an associate in Poyner Spruill’s Banking and Financial Services section.

Poyner Spruill partner honored with excellence award from Federal Bar Association chapter


The Eastern District of North Carolina chapter of the Federal Bar Association (FBA) honored Poyner Spruill partner David Long last week with its second annual Judge David W. Daniel Award for Excellence in the Legal Community.

WEBINAR EVENT: New CMS ROPs for SNFs and what the term "resident representative" means


We're partnering with NCHCFA to bring you a new webinar series open to all NCHCFA members. Register now!

Two Poyner Spruill Attorneys Help Work for Tomorrow through Mentor Program at UNC Law


RALEIGH, NC – Founded in 2016, the McIntyre-Whichard Legal Fellows Program is now in its second year of existence at the University of North Carolina School of Law. The program was founded by two UNC Law School alums and is co-sponsored by the North Carolina Study Center and the UNC Christian Legal Society. The program is named after Poyner Spruill partner and former U.S. Congressman Mike McIntyre and former N.C. Supreme Court Justice Willis Whichard, who are both alums of the university and serve as program mentors.

Poyner Spruill Diversity Committee to host panel discussion with key leaders in the legal field to celebrate Black History Month


The Poyner Spruill Diversity Committee is celebrating Black History Month by hosting an intimate panel discussion with key leaders who have been successful in the legal field.