Scott J. Hyman of the Firm’s Orange County Office was interviewed by the Auto Finance Excellence and cited in an article entitled ” Unpacking California’s New Privacy Regulation: Issues Lenders Need to Know” in the California Consumer Privacy Act and cybersecurity issues facing Automobile Finance Companies. AutoFinanceExcellence is a project of the Auto Finance News.
The legislation gives California consumers the “private right of action,” or the ability to sue companies, if their personal information is the subject of a data breach resulting from a business’s failure to “implement and maintain reasonable security procedures and practices appropriate to the nature of the information.” What do “reasonable security procedures” look like and what are the consequences of failing to keep up such standards? AFE spoke with Scott Hyman, a lawyer and data protection officer at Orange Country, Calif.-based law firm Severson & Werson, to find out. . . .The first requirement is having policies and procedures in place, Hyman stated. After that, “we have some guidelines that we have seen from the way the [Federal Trade Commission] has looked at reasonableness, the way that the courts have treated reasonable policies and procedures in other California data protection statutes,” he said, noting that it can often depend on what the industry standard is. In fact, a cybersecurity breach can still happen, Hyman said, notwithstanding the fact that you have reasonable security procedures adapted to avoid the breach. “Case law has demonstrated that the mere fact of the breach itself doesn’t mean that your procedures were unreasonable,” he said.