The much publicized lawsuits against Target arising from hacked breaches into its consumer credit and debit cards records is only the face of a rising trend of data protection lawsuits. Website liability today is no longer limited to what is on your website. It also includes the private data not publicly available.
Have you wondered how a spammer obtained your email address? Often it is the result of a website being hacked and email addresses stolen. That type of activity is now leading to lawsuits against website owners by consumers who rightfully demand that their personal information be protected.
The legal question that arises is – was the website negligent in maintaining, storing, and protecting private data?
When a hack occurs, no matter how sophisticated, the answer is likely to almost always be yes. It practical effect this is not a “negligence” standard but one of strict liability. If your website is hacked assume you face liability if private user information was compromised.
How to Protect Yourself
To protect yourself you can obtain business insurance. Make sure it is specialty insurance that covers this type of incident. If necessary, have an attorney review the policy. After a claim arises many businesses are shocked to learn the exclusions in their policy make it practically illusory.
To minimize potential damages, and possibly to avoid liability, have a security plan in place and show that something was done to protect user data. This may mean you do not host with Local Bubba’s web hosting company. This may mean you keep software up to date. This may mean your web forms and other access points are strengthened against attack. You should be using hard to hack user names and passwords.
The larger the business the more actions you will be expected to take. That does not mean a small business does not need to do anything. The more important the data the more steps you need to take to protect it. Financial records such as credit cards are probably more valuable than an email address.
Another liability problem Target has is failing to immediately notify customers of the data breach. When it comes to identity theft speed can be important in avoiding long-term problems. Target not only failed to notify its customers personally, the only notice it issue was on its corporation website – and then only after a third party disclosed the breach.
It is hard to imagine a more incompetent reaction and the company will be legally punished. Make sure this does not happen to you too. If a data breach arises be responsible and quickly own up to it. There is a saying arising from the Nixon days that the cover up is worse than the crime. Now, the cover up may be worse than not reporting the crime.
By taking these actions you may be able to avoid, or at least minimize, your exposure if customer data should be hacked from your website.