With the data breaches increasing and hackers breaking into major companies and stealing customer data at an alarming rate, lawsuits relating to these breaches have been a hot topic. For companies, although facing a catastrophe in terms of brand image, legally they have been shielded from damages. That is until now.
According to a recent article, a recent ruling by the 7th Circuit Court of Appeals reinstated a lawsuit against Neiman Marcus over a 2013 data breach in which hackers stole credit card information from as many as 350,000 customers. The three judges ruling has created a stir in the legal environment because this now lowers the bar for consumers who want to sue over such breaches.
Although the initial ruling was thrown out due to thinking that customers could have simply relied on their credit cards’ fraud protection program and also that these kinds of breaches although had shown that customers would fear for future fraud and identity theft did not cause any “imminent “ threat or “concrete” injury.
However, the 7th Circuit reinstated both types of claims, which were to those who had incurred expenses tied to the Neiman Marcus hack, and those who feared future identity theft. Basically the key point that Chief Judge Diane Wood had said was, ““Why else [other than to cause harm] would hackers break into a store’s database and steal consumers’ private information?”
Ultimately this ruling will most likely not help consumers cash in, however, it will build the pressure for companies to take a serious look into their data security solutions and see if they have what it takes to truly secure their data. Companies must show that they have acted reasonably and have taken reasonable yet realistic measures to prevent a data breach and not make themselves a target.
It is quite evident that having a data security framework that works, is necessary in taking the stance against data breaches. Organizing unstructured data, data encryption and comprehensive risk analyses prior to a breach happening, all needs to be in place to show not only the consumers but the courts that as an organization, we have done all that we could to avoid a data breach. Taking these proactive measures to have strong security policies will go a long way towards mitigating an organization liability in a class-action lawsuit, such as this one.
Although legal action against organization after a data breach may be inevitable, positioning yourself with this kind of solution will put the organization in a better position to defend the lawsuit and also deflect some of the greatest damage to an organizations brand image and reputation.
Taking a hard look at what kind of data security now and being proactive about protecting your customers’ most valuable data is the first step in avoiding all the damages that will occur with a data breach. Being able to control your data no matter where it is, can be the best way to improve your information security.
Photo credit by: PRSA-NY