Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by Law.com, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!

X

OfficeMax proves counsel should be wary of externally collected data

OfficeMax accidentally sent a mailer addressed to “Mike Seay, Daughter Killed In Car Crash.”

With data collection tactics becoming part of the public conversation, companies like Google and Facebook have worked hard to quell public fear over their products’ privacy issues. However, based on one recently-publicized case, companies may need to be wary of data purchased or rented from outside sources as well, not only collected data in house.

In mid-January, OfficeMax sent a series of mailers to individuals in northern Illinois to drum up business for a local store. One mailer was accidentally addressed to “Mike Seay, Daughter Killed In Car Crash.” Seay’s daughter indeed had been killed in a car crash in 2012.

Rather than explaining how that information got onto the letter, however, OfficeMax was caught without a valid response. The company claims that it was renting data from retailer Things Remembered Inc. and could not explain how that particular piece of data was collected.

“We would like nothing more than to tell the world what happened,” said an OfficeMax spokeswoman to the Wall Street Journal. “We don’t know what happened yet. We haven’t been told. It was not our data and we don’t have access to the original information.”

For in-house counsel, this particular instance gives yet another reason to be wary of outside data collection. While the additional data is useful and these types of deals between corporations are prevalent, those in charge of the data should ensure that they understand both how the data was collected as well as what types of uses the original collector intended for it.

“It’s impossible to know how many hands and organizations that data passed through before and how many times its been repurposed,” Jay Heiser, an IT risk analyst at Gartner, told the WSJ. “And just in raw terms the more outside sources of information, the more likely you are to have something unexpected happen.”

There are (relatively) easy ways for in-house counsel to improve their cybersecurity practices; it’s on the legal team and IT professionals to institute those ways.

 

For more on growing cybersecurity concerns, check out these InsideCounsel articles:

ChewBacca malware targets smaller retailers in 11 countries

LabMD claims FTC action has crippled its operations

AG Holder confirms Target data breach investigation by DOJ

Cyber breach insurance: What, me worry?

Assistant Editor

author image

Zach Warren

Zach Warren is Assistant Editor of InsideCounsel magazine, where he oversees online content submissions and administers InsideCounsel's enewsletters. Zach specializes in new media and multimedia...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.