July 26, 2016
When a data breach occurs and credit cards are exposed, should hacked companies have to compensate their customers for potential data breach damages?
While plaintiffs have had a tough time proving direct material harm, according to Wall Street Journal Europe and other publications, various reports about data breach litigation suggest some courts are beginning to think they should.
In the U.K., the English Court of Appeal ruled there may be a privacy claim without immediate financial loss.
In the U.S., this type of data breach lawsuit is proceeding in a few cases.
A panel of Court of Appeals judges in one online article said victims of a luxury department store’s breach shouldn’t have to wait until a fraud occurred before being allowed to sue.
“Why else would hackers break into a store’s database and steal consumers’ private information?” wrote a judge. “Presumably, the purpose of the hack is, sooner or later, to make fraudulent charges or assume those consumers’ identities.”
There have been class action lawsuits too, from affected customers and employees. While none of the large data breach lawsuits have gone to trial, companies have paid out millions of dollars in settlements.
What can an organization do to reduce the risk of a data breach and lawsuit?
As a matter of course, all organizations should have comprehensive privacy and information security protocols.There should be on-going employee education as well as workplace reminders. Keep all network systems and hard drives protected and updated with security software and other safeguards. Use a document management process to protect confidential information from creation to end-of-life. Partner with a leading document destruction expert for secure data destruction of both paper and digital data.
Learn how to protect your organization against cyber criminals – and lawsuits – by using best practices to protect all the confidential information you create.