Business Liability for Data Breaches

Recent news is often dominated with the latest and largest corporate data breach, and even the 2016 U.S. election was not immune to hacking.

According to Symantec’s 2016 Internet Security Threat Report, small businesses having 1-250 employees were the victims of 43 percent of all data breach attacks carried out in 2015, up from 34 percent in 2014.

Although one might think that there are uniform federal laws governing cyber security liability, the fact is that federal laws governing this topic are overseen by a variety of agencies, including the 29723649810_8cb4a06489_zFederal Trade Commission (FTC), the Securities and Exchange Commission (SEC), and the Department of Health and Human Resources (HHS). Additionally, every state except Alabama, New Mexico, and South Dakota has its own set of laws governing data breaches, and best-practices guidelines published by government authorities and industry groups also provide guidance.

Liability for a Data Breach

Here are a few ways that a business could be held liable for a data breach:

  • The FTC has consumer-protection authority under Section 5 of the Federal Trade Commission (FTC) Act to enforce the principle that businesses have a duty to take commercially reasonable efforts to protect any personal information they may hold.
  • The SEC has authority to bring enforcement actions in certain situations, as when companies fail to adopt written policies and procedures reasonably designed to protect customer information.
  • Data breach liability may also be established under the common law claim of negligence, provided the elements of negligence – duty, breach of duty, proximate cause, and damages – are proven.

Because of the potential for substantial civil liability and the tightening regulatory climate surrounding data breaches, businesses should take every possible precaution when it comes to safeguarding all sensitive information entrusted to them by their customers.

If you have questions regarding the liability your business may have for a data breach, contact a small business lawyer at O’Keeffe O’Brien Lyson Attorneys online, or call 701-235-8000 or 877-235-8002 (toll-free) today.

Image courtesy of Blogtrepreneur/Flickr

Pay Now