What Are You Liable for If Your Business Has a Data Breach

March 2016

What Are You Liable for If Your Business Has a Data Breach

With all of the news of security breaches for major companies lately, you’ve probably been thinking about implementing new security protocols…or at least updating your old ones. As you take the steps to protect your business and your customers’ privacy, it’s probably occurred to you that a data breach could come with a lot more trouble than the hassle of ensuring that your network is secured again. You’re probably wondering what would happen if a breach did occur and what you would be liable for if your customers’ data was compromised.

The answer to that question is, unfortunately, not a simple one. Cyber law is only as old as cyber crime, which means there are still a lot of gray areas. For example, most states in the US have notification laws in the case of a breach that require the company to let customers know that they’ve been compromised as quickly as possible. Likewise, in the UK the Data Protection Act was put in place in 1998 to protect individuals’ privacy in cases of cyber crime like this. However, even these laws aren’t always as straightforward as you might like.

So, to explore the gray areas of cyber law and what you would be responsible for if your company experienced a data breach, let’s say that your business has been hacked. Your security protocols were breached, and the hackers gained access to your customers’ bank account information. What are you responsible for in this situation?

Notifying Your Customers Immediately

First of all, you are most definitely responsible for notifying your customers as soon as possible. In the most recent (the third this year) TalkTalk breach, the broadband provider may be in more legal trouble than other breached companies because they have did not notify at least some of their affected customers when they found out about the breach.

In fact, one customer claimed that though the company knew about the breach on Wednesday morning, she didn’t find out about it until Friday morning when she checked her bank account. Upon seeing an empty account with an unexplained overdraft, she called her bank and found out about the breach from them when they asked, “Are you a TalkTalk customer?”

Financial Damages

Strictly speaking, cyber crimes like these fall under tort law. This means that you may be responsible for paying damages to your customers if they can prove that the data breach could have been prevented if you had not acted negligently. For example, in TalkTalk’s most recent breach, the company has admitted that some of the data that the hackers gained access to was not encrypted. That could point to negligent behavior on TalkTalk’s part, as they were responsible for keeping that personal and financial information safe and secure.

If you do everything that you can to avoid a breach, notify your customers of what has happened and what you are doing to repair the situation, you will likely be able to minimize the damage to your reputation and any legal implications of getting hacked, as well.

Sources:

http://www.wired.com/insights/2015/03/crooked-path-determining-liability-data-breach-cases/

http://www.telegraph.co.uk/news/uknews/law-and-order/11949468/TalkTalk-phone-network-hit-by-significant-cyber-attack.html

Search

Archive

Debunking the Myths about Data Science

With the growth of big data and the increasing importance of data science for all businesses in every industry, it&rs...

Content Distribution: Broadening Your Reach

Content marketing can be incredibly effective, and it can also be very affordable when done the right way. That makes...

What You Need to Know About Creating Videos In-House

Video is hot, and not just for recreational viewing. It’s also one of the most compelling options for content m...

Writing Your First eBook: A Beginner’s Guide

The world of eBooks has exploded, but it goes well beyond the Amazon bestseller list. Thousands of businesses have fo...