Inside TDV - The Data Vault Blog
Could Your Business Be Sued 1 Day after a Data Breach?
While the Equifax breach has gotten most of the attention over the past several weeks, another data breach and the subsequent court ruling related to it has a far-reaching impact on large and small businesses, including yours.
Only a few weeks ago, the fast food chain, Sonic, acknowledged a breach affecting an unknown number of store payment systems. By now, it’s easy to become numb to such breaches. But what makes this incident so unique is the fact that the day after Sonic reported the breach, a class action lawsuit was filed against them. This is sure to have a ripple effect throughout the business community. In this blog post, we discuss why and how to protect your business.
Data Security Liability
The class action lawsuit against Sonic is a result of a recent appellate court ruling. In this landmark ruling, a civil action suit against a healthcare entity that fell victim to a database hack affecting 1.1 million people was allowed to proceed after the judge ruled that the theft of personal information, health care records or other confidential information created a risk of identity theft. Previously, the suit had been thrown out because the victims could prove no harm. This latest ruling establishes that harm includes the risk of identity theft, even if no such theft occurs.
You’re probably asking, “What does this have to do with my business?” Because of this ruling, your business can be sued in the wake of a data breach even if no harm of identity theft or fraud has yet occurred. For example, let’s say someone steals backup tapes or documents with sensitive customer data from your business. The day after the breach, your company can be sued. If you’re not prepared, it could spell the end of your organization.
So what steps can you take to protect your customers’ and employees’ data? It’s imperative to have a turnkey solution for the protection of your documents and data throughout the retention lifecycle. Make sure your documents and data are stored securely offsite, handled with a strict chain of custody, and have a verifiable final disposition method.
While following these steps goes a long way in preventing data breaches, as we learned in recent weeks, it’s impossible to avoid them completely. Knowing this, consider supplementing your records and data protection strategy with a privacy compliance and breach reporting service. It will help your business prevent the loss of personally-identifiable information (PII) and ensure you have a plan in place if a breach occurs.
We hope this blog post offers valuable insight on how to protect your business from data breaches and the impending fallout.
The Data Vault provides data protection and data privacy solutions to businesses in and around Louisville, Kentucky. For more information about our cloud backup services, please call us at 502-443-1752 or complete the form on this page.