Quickhits: Security in the Ether; Countrywide Settles Data Breach Case

Happy New Decade (2010)!  Unbelievably another decade is gone.  Information law developments continue to occur at an increasingly fast pace.  The InfoLawGroup is catching up from a very busy December, so we will start out the 2010 blogging with a couple quick hits.

Security in the Ether.  A very nice article by David Talbot on the security challenges, myths and misperceptions around Cloud computing.  The challenge for security pros and lawyers:  what is "reasonable security" in the Cloud, how do you perform your "due diligence," how do you document your due diligence process for use in the event of a breach, litigation or a regulatory action, and how do you draft and negotiate contracts for Cloud-based services?

Judge Preliminarily Approves Countrywide Data Breach Lawsuit Settlement.  Faced with 35 lawsuits (many of them class actions) arising out of a security breach exposing the records of millions of customers, Countrywide Financial Corp. has chosen to settle.  The settlement includes an offer of one year of credit monitoring for up to 17 million people.  In addition, customers that suffered identity theft may recover up to $50,000, but only if they actually lost something of value, were not reimbursed and the theft stemmed from the Countrywide breach.  Assuming a 20% redemption rate and a cost of $5-$15 per year for credit monitoring, the credit monitoring alone could cost from $17 million to $51 million (probably on the lower end of the scale -- Countrywide should be able to negotiate favorable credit monitoring rates considering the potential volume).  Additional costs that Countrywide had to incur include legal fees and breach notice expenses (assuming breach notice laws were triggered).  Does this settlement (and others I am aware of other settlements that have been less publicized) indicate a growing fear that the "damages" wall is weakening?