The highly publicized lawsuits against Target stemming from hacked breaches of consumers’ credit and debit card records are just the face of a growing trend in data protection lawsuits. The responsibility of the website today is no longer limited to what is on your website. It also includes private data that is not publicly available.
Have you ever wondered how a spammer got your email address? Often times, it is the result of website hacking and email address theft. That kind of activity is now leading to lawsuits against website owners by consumers who are legitimately demanding that their personal information be protected.
The legal question that arises is: was the website negligent in maintaining, storing and protecting private data?
When a hack occurs, no matter how sophisticated, the answer is likely to almost always be yes. In practice, this is not a standard of “negligence” but of strict liability. If your website is hacked, please assume you face responsibility if user’s private information was compromised.
How to protect yourself
To protect yourself, you can get business insurance. Make sure that specialized insurance covers these types of incidents. If necessary, ask an attorney to review the policy. After a claim arises, many companies are surprised to learn that the exclusions in their policy make it practically illusory.
To minimize potential damage and possibly avoid liability, have a security plan in place and show that something was done to protect user data. This may mean that you are not hosted by Local Bubba’s web hosting company. This may mean keeping the software up to date. This can mean that your web forms and other access points are hardened against attacks. You should use hard-to-hack passwords and usernames.
The bigger the business, the more actions you are expected to take. That doesn’t mean that a small business doesn’t need to do anything. The more important your data is, the more steps you will need to take to protect it. Financial records, like credit cards, are probably more valuable than an email address.
Another liability issue Target has is failing to immediately notify customers of the data breach. When it comes to identity theft, speed can be important to avoid long-term problems. Not only did Target not notify its customers personally, the only notice it issued was on its corporation’s website, and only after a third party disclosed the violation.
It is difficult to imagine a more incompetent reaction and the company will be legally sanctioned. Make sure this doesn’t happen to you too. If a data breach arises, be responsible and quickly take responsibility. There is a saying that grows out of the Nixon days that cover-up is worse than crime. However, the cover-up can be worse than not reporting the crime.
By taking these steps, you may be able to avoid, or at least minimize, your exposure if customer data needs to be hacked from your website.