Home Knowledge Data Security Breach: Coca Cola Case Fizzes Up

Data Security Breach: Coca Cola Case Fizzes Up

January 8, 2015
Partner
Leo Moore

In January 2013 US beverage giant Coca Cola confirmed laptops containing data belonging to 74,000 individuals including former and current employees, contractors and suppliers were stolen by an employee from Coca Cola headquarters in Atlanta. The type of personal information affected by this incident included names, social security numbers, addresses, financial compensation details and ethnicity.

Following the incident Coca Cola suffered heavy criticism for failing to adequately protect the personal information and for the delay in notifying those individuals affected. In November 2014 a class action suit was subsequently filed by those affected and Coca Cola are now facing further reputational damage and potential legal and financial impacts.

The on-going effects of this incident highlight the importance of ensuring appropriate and adequate organisational and technical measures are taken in relation to the security, storage and use of personal information on portable devices such as laptops.

Under Irish data protection law data controllers and processers have an obligation to put appropriate security measures in place to prevent loss and unauthorised disclosure or alteration of data. There is also a requirement to take reasonable steps to ensure staff and other persons at the place of work are aware of these security measures and their obligation to comply with them.

The Office of the Data Protection Commissioner has issued a comprehensive guidance note on data security which states that the most important security measure to be implemented relates to staff training and awareness. Encryption is seen as an essential security measure where data is to be stored on a portable device (e.g. Laptop, mobile phone and Ipad/tablet etc.).

To ensure compliance with the security requirements in data protection law, organisations should assess the devices used by their business to determine if the appropriate measures are in place to minimise the risks associated with portable device theft, loss or unauthorised access.

Contributed by   Leo Moore and Niamh Gavin

Recommended Insights

See all
Article and Insights
1
Feb 2024
Responsible Business Annual Report 2023
William Fry is pleased to launch its Responsible Business Annual Report 2023.
Article and Insights
2
Feb 2024
Digital Operational Resilience Act – second batch of technical standards launched for consultation
We focus on the second batch of draft implementation measures announced by the Eur...
WF_author_blank
Partner
John O’Connor
Article and Insights
2
Feb 2024
John Delaney Documents – Supreme Court Refuses Leave to Appeal
The Supreme Court has refused leave to appeal from a decision rejecting John Delan...
WF_author_blank
Partner
Deirdre O’Donovan
Article and Insights
24
Jan 2024
Cross-Examining Affidavit Evidence in Insolvency Cases
The High Court recently dismissed a petition seeking the winding up of a biofuel c...
WF_author_blank
Partner
Fergus Doorly
prev
next
See all