Can your Company be Sued for
a Data Breach?
How to protect your company against data breach law
When your company suffers a data breach, the effects on your day-to-day operation can be devastating. Depending
on the nature and the size of the attack, the cleanup process can take weeks and months in some cases. During all
of this time, you will be very limited at what you can do business-wise and it is safe to say that this will
produce some serious costs for you. Let alone affect your business
According to IBM's latest study of data breach costs, the average data breach will cost the company $4
million. Of course, the sum is somewhat inflated due to some major breaches that have cost companies hundreds of
millions, but it can still be said that a data breach can easily shut down a mid-sized company.
We should keep in mind that this is just the direct effect of a data breach and the necessary cleanup. But, what
if you also end up being sued by your customers, your partners or anyone else whose data was compromised by the
Can they sue you? How can you protect yourself?
|Preventing cybersecurity breaches can save your company's reputation,
which can be ruined by a single nasty online security breach.
Get to Know Local Laws
Before anything else, if you handle any kind of sensitive data that could put your customers or partners at any
kind of risk, you need to talk to a local law firm and read up on the laws that prescribe what your obligations are
and how you are to respond to a possible data breach. This means that if you are from Australia, you will not go
reading U.S. state laws. If you are from Sydney, you will consult lawyers from Parramatta and find out what can happen if you suffer a data
More likely than not, your country will have some sort of a data breach notification law which will require your
company to notify the authorities and parties whose data was compromised as soon as a breach happens. You can find
much about data breach notification laws and future initiatives in this great article.
The reason why data breach notification laws are necessary is that companies very rarely report the breaches,
out of fear they will look like weak targets and also because they don't want their customers and partners to know
their data has been compromised.
It should come as no surprise that civil suits are actually the kind of legal action that you as a company owner
should worry about. These civil suits are brought up by individuals whose data is compromised during a breach and,
more often than not, these get drummed up by lawyers who are out for a quick cash-out.
In the United States, companies like Target and Home Depot were sued for millions of dollars following their famous data
breaches. Some of those civil suits had outcomes that were very negative for the companies in question and this
is definitely something to worry about.
It should be pointed out that even in cases when plaintiffs didn't get money from the companies they sued, the
companies often had to pay for costly services of credit card monitoring on behalf of their plaintiffs.
If you are up for some serious legal reading, you can find out more about this in this great article.
Prevention is the Best Medicine
When all is said and done, the absolute best way to ensure you do not experience any legal problems stemming
from a data breach that you suffer is to prevent the breaches from happening in the first place.
Besides incorporating the familiar measures of protection, it is also very important that you are smart about
choosing your vendors, in case you have them. A huge number of corporate data breaches originate from third-party vendors who are often lax when it comes to cybersecurity.
If you do suffer a data breach, make sure you comply with the local laws and do everything in your power to
protect your customers and partners.
It is the best that you can do and if you keep everything above board, you should not be at danger of incurring
additional legal expenses.