X

414-775-3822
Red Data Breach button

The digital economy requires that businesses have an online presence, whether they are a small retailer or a professional service firm. But interacting as a business online means collecting, storing, and transmitting customer information, exposing the business to major risks from data breaches and lawsuits.

Having a trusted IT professional build your business’s online system is as valuable as having a qualified business attorney by your side if and when a breach of customer information occurs. How you respond can determine how long you will stay in business.

A Business Guide to Handling Data Breaches

Civil liability and legal action can result from a data breach involving customer information such as account numbers, Social Security numbers, health information, and driver’s licenses. When this information is exposed, whether due to a hack or a faulty database, the host company can face serious consequences through civil litigation.

Businesses become liable when they fail to implement “reasonable” security measures to prevent data breaches. There is no clear threshold or federal law that imposes absolute liability for data. Failing to follow breach notification requirements is another area of law that businesses must adhere to. If consumers are not notified of a breach within a specific period of time, liability may be triggered. The Federal Trade Commission provides guidance for companies dealing with data breaches.

Negligence law may be invoked in civil suits:

  1. Reasonable care in safeguarding information is the threshold. The plaintiffs, or injured parties suing a company in civil court must show negligence, that the company did not exercise reasonable care safeguarding data. These measures usually include multi-factor authentication, encryption, and regular patching. 
  2. Class action lawsuits may be triggered. If a data breach is large enough and fits the necessary legal criteria of a class action lawsuit, multiple parties may sue for breach damages as one. It can cost millions of dollars to defend a company or to settle these suits. Wisconsin has allowed civil negligence claims for cybersecurity lapses. 
  3. Notification penalties may ensue. In Wisconsin, businesses have 45 days to notify consumers of a data breach affecting their personal information (if more than 1,000 are affected). If this requirement is not fulfilled, state or federal regulators may seek penalties or enforcement action. If a business spans multiple states, the penalties can be overwhelming.
  4. Federal and industry liability obligations exist for specific fields. There may be additional liability for certain businesses if breaches trigger healthcare’s HIPAA privacy regulations, GLBA requirements for financial institutions, or California’s Consumer Privacy Act.

Legal fees are just part of a business’s liability if there’s a breach of consumer data. Other financial consequences can include the following:

  • Regulatory Fines. State attorneys general or federal regulators can issue penalties for noncompliance with data security and breach disclosure requirements. 
  • Notification and remediation.  Requirements to notify thousands of customers and offer credit monitoring as a result of a known breach can be expensive. 
  • Investigation and mitigation costs. Forensic investigators, responding to ransomware attacks, and containing breaches are costly. 
  • Defending against litigation. Litigation can take years, as can negotiating settlements with hundreds of plaintiffs. 
  • Reputational harm. This can be harder to quantify but lost business due to a breach and its aftermath can decimate a small business. 

Critical Steps for Businesses to Take 

Lawyer is working with documents
  1. Prevention. Create a reasonable bulwark against breaches, including regular risk assessment and security audits, multi-factor authentication, encryption, employee training on breach detection and prevention (phishing, social engineering), and monitoring vendor security practices.
  2. Understand your liability. Using third-party vendors and cloud providers does not transfer liability for customer data to those companies. Ensure that contracts and user agreements address liability. 
  3. Get additional insurance for cyber liability. Check your business’s insurance liability policy for data breach coverage. 
  4. Review breach requirements. Wisconsin’s notification law defines personal information and includes a specific timeline. Other states’ regulations may also apply if your customers live outside of Wisconsin.

Act Now, Don’t Wait for a Breach to Happen 

Have your cybersecurity defenses reviewed by an expert, and your liability contracts examined by a business law specialist from Kerkman and Dunn. Breaches are more expensive in the long run than good defenses. Call for a consultation today.

An Experienced Law Firm For Your Needs

Some firms seek to win cases, drawing the matter out much longer than necessary to achieve a moral victory at the expense of the client’s time and money.

FIND OUT MORE

PRACTICE AREA

Business Bankruptcy

LITIGATION

Business Litigation

CONTACT

Contact Us

Testimonials

What Our Clients Say

  • If you are looking for an attorney who not only is very good in the courtroom, but will take your cause personally, and shoot straight with you, then this is the firm you need on your side.

    Nathan George
    President , FlyCast Partners

  • Jerry did an excellent job of evaluating the facts and law related to a case we wanted to settle. When the other side would not accept our reasonable offer, Jerry proceeded with solid legal arguments that resulted in a quick and efficient case dismissal.

    Walter Scott
    Associate General Counsel , Saks, Inc.

  • Best legal money I have ever spent.

    Dennis Danzik
    Director, Inductance Energy Corporation

Kerkman & Dunn

What do you need help with today? Select one of the following.











        Powered by 
        Skip to content