How Businesses Can Be Held Liable for a Security Breach

Website Provided by

There are a variety of breaches possible with a company, but none are more crucial to client and customer data than security breaches.

However, in the digital age, these problems are often more important when they concern the data contained within the business that is connected to profiles, credit cards and personal identifiable data such as phone numbers, street addresses and similar items. When there is a data security breach, multiple persons may be affected and harmed in the process. This could lead to severe liability and potential damages owed to numerous individuals if their financial information is stolen and used elsewhere.

Businesses may be held liable when a data security breach occurs because of certain factors associated with the crime such as how the information was stored and how well it was protected prior to the intrusion. Companies may also face possible issues with these instances when the breach is due to an employee that is sending sensitive information through email or has taken confidential files of clients and customers. Other problems arise when these persons are not destroying the data properly such as shredding physical files. However, if a third-party vendor or hack occurs, the businesses may be held accountable for the breach.

Third-Party Vendor Breach

Most security breaches include the loss of information of some type. This may be through paperwork, files or electronic data. There are generally multiple third-party vendors or clients that have a relationship with companies. These assist in business operations and transactions with contractual obligation such as timely arrival of resources, products or similar items. Many of the services attached to third-party vendors include software, files shared online, cloud storage, processing of payments and accounting assistance. Some individuals that delivery items, clean the building or maintain other services may have access to these confidential files and documents that could be unsecured.

There are regulations that may apply to companies that require them to ensure that customer and other data are secure through these third-party vendors. Even if the law does not demand this, the company could still be held liable for damages when the vendor is not maintaining security compliance, not adhering to safety protocols or cannot ensure confidentiality. Due diligence must be performed when researching these vendors. A program should be created that manages communication and information about vendors that may handle sensitive information. This may protect the company from security breaches and data loss. Other steps may need to be taken for security purposes including purchasing insurance or having the vendor acquire liability insurance.

Hacks to Customer Data

It is possible for a company to be held liable when the customer data stored within is hacked by an outside source. Even though the business has become the victim of a crime, it may still be accountable for the incident. This is due to the ability of the company to secure the information. Some organizations have poor security measures, and consumers are expecting these companies to ensure the data is safeguarded from the casual hacker. The customer feels the information has not been adequately protected. If an incident does occur, some may file a complaint if they are not notified immediately that their personal data has been compromised.

Some companies may be held liable if no appropriate action is taken to remedy the issue after it has been revealed by an employee. Others are held accountable for incidents if privacy and security policies are not adhere to strictly. This could lead to the United States Federal Trade Commission becoming involved and charges issued for fair trade violations. However, there are various factors involved in holding a company liable for these situations. This means that it is crucial to secure data, contact customers in the event of a problem and use all necessary and appropriate protocols to secure the internal systems.

Legal Implications of a Breach

When security is breached, the company could be open to a civil lawsuit. This means that the owner or management must ensure a lawyer is contacted at the same time other measures are taken to remedy the problem and communicate with customers. Hiring a lawyer is crucial to prevent unwanted litigation, but the legal representative may have knowledge about the issue. There may be other professionals that need to be contacted to affect a plan of controlling the damage from the incident. This could lead to avoiding a lawsuit with angry customers and liability from employees’ actions.


Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.

Find a Lawyer

Find a Local Lawyer