Facing a Data Breach Suit Without the Data Breach? ‘Scary.’

Roy Strom writes:

Chieftains of corporate America have long feared the financial and reputational fallout from a hacking breach. But a class action suit unveiled against a law firm last week could add to their data security anxiety. The suit claims that companies and law firms should be held accountable for lax security measures even if their customers’ data never falls into a hacker’s hands.

Some lawyers are skeptical that a court will agree to a new, wide-ranging theory that could essentially hold companies legally accountable for staying up-to-date with the latest data security protocols.

Either way, it is a new risk for law firms and corporations.

Read more on The American Lawyer.

About the author: Dissent

2 comments to “Facing a Data Breach Suit Without the Data Breach? ‘Scary.’”

You can leave a reply or Trackback this post.
  1. Billy Reuben - December 14, 2016

    After reading the article, I’m not so sure he doesn’t have a case. Consider the company that trumpets “world-class security” as a selling point, but fails to stay up to date on their patching or permit VPN access without 2FA. In essence, it’s false advertising.

    Very interesting.

    • Dissent - December 14, 2016

      And isn’t this what the FTC does, too? They don’t have to wait for a breach to try to enforce Section 5. And they can go after entities who make promises that are misleading. It may come down to how you demonstrate that a particular entity’s security is nowheres near industry standards, and therefore, claims are misleading…?

Comments are closed.