Data Breach

Who is Liable in a Data Breach

In the customer-business relationship, there are few things more important than security. Unfortunately, in recent years, data breaches have become an ever-increasing threat. We’ve previously detailed just how common these attacks are becoming on our website. And it’s no wonder why – Data is extremely valuable. As a result, hackers are becoming more resourceful and hard to handle. The field is growing as fast as the cybersecurity field. As a result, there’s no way to protect yourself completely. Sometimes, the worst can happen… A data breach.

If you find yourself the victim of a cyber attack, who is liable for damages caused by the attack?

How Safe is Your Data?

Ultimately, it depends on how it’s stored. As information storage technology relies more and more on cloud-based services, it’s becoming harder and harder to protect. In the cloud model, there are usually three different parties involved in the storage:

Data Holder – This is the cloud service operator or provider who runs a cloud service. They provide storage space to companies that rely on cloud services. Think of services like Cloudflare or Amazon AWS.
Data Owner – This is you as a business. You provide customers with a service that utilizes the cloud provider’s services.
End-User – This is the customer that uses your services. You store their data on the data holder’s cloud service.

Every cloud service will tell you that it has top-notch security. However, the cloud is not immune to data breaches. To make matters worse, most cloud services are very opaque in how they operate. This can make accountability and trust hard to come by. Large-scale data breaches like the Yahoo! and Alibaba security breaches demonstrate how nobody is completely safe.

If a service is compromised, you no longer have direct control over your data’s security.

Data Breach – Who is Liable Here?

In the event of a data breach, liability is still an evolving field. However, in general, it is the data owner who is liable. If a data breach results in losses (damages) for your customers, you may be held liable. This is true even if the breach is due to negligence or fault of the data holder. This is because damages from the data holder are considered consequential damages. As such, these liabilities are inapplicable to the data holder.

If your data isn’t stored on a third-party service but rather in a traditional way on systems you control, you are liable. This is because you control the data and its storage. Similarly, it is your responsibility to ensure data is secure even in the case of a data breach. Other cases may impose liability on you. Generally, these all require proof of negligence, but you may also be liable in the event you have certain agreements.

Why This Matters

Data that stores customer information is incredibly sensitive. No matter how secure the cloud may be, data breaches can happen. Be aware of how you store data, especially how you access it. Visit our website to learn how criminals access this data. There are a wide variety of tricks they employ.

You and your employees must know the dangers to protect you from liability. At Arruda Group, we’ll develop training programs to empower your business. So contact us today and let us show you the ways we can help.