Data Breach – Legal Liability

Data Breach – Legal Liability

A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.

It is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so.” Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. Most data breaches involve overexposed and vulnerable unstructured data – files, documents, and sensitive information.

The Potential of Customer ID Theft

There’s no way around it: You need to collect some sensitive customer information if you’re going to do business. Sensitive doesn’t just mean credit cards and Social Security numbers. It can also mean names and addresses combined with purchasing history.

One problem can be a lack of security on your own servers. Another can be outsourcing data storage to a non-secure third party.

Just because another company is holding the data doesn’t negate your responsibility if information is stolen or leaked. You can still be beholden to customers if their identities are compromised.

Legal Liability for Identity Theft

Disappointing customers doesn’t automatically lead to legal responsibility. But if your customers are victims of identify theft because of your security breach, it might.

Government agencies that focus on consumer protection have cracked down in recent years. Now companies have more responsibility for protecting client information.

At a minimum, you should have security systems in place to protect clients’ personal data. If those fail, it’s your responsibility to notify customers of the potential harm and what was stolen in the breach. Legally, you may also need proof that the problem was not the result of negligent security on the part of your business.

Keep Your Business Safe From Liability

Even if you’ve never had a security breach, keeping information secure is one more service you can offer your customers.

Make sure your security system protects private information and don’t store more than you need to. It’s also a good idea to routinely wipe personal data from computers that you’re getting rid of, and shred personal records that you don’t need.

Outsourcing data storage to other companies may seem like a good way to keep costs down, but it could cost you in the long run. If you’re going to hire a third party, make sure their security is as good or better than what you’d want for yourself.

Leave a Reply

Your email address will not be published. Required fields are marked *