Skip to main content

Data Breaches Happen

It’s not always someone’s fault when private information goes rogue

“One of the most common misconceptions on data privacy with respect to the new internet of things,” states Irvine employment attorney Usama Kahf, “is that if a data breach occurs, there must be liability against somebody. But you know what? Data breaches happen to the best of us, they happen even if you do everything right and take every precaution technologically feasible; it still happens.”

Best practices on implementing security measures can vary based on the size of the company, available resources, the particular industry, and even location. Kahf represents companies looking to protect their data, as well as wanting to do everything they can to prevent a breach of information they keep on behalf of clients and customers. Preventing a data breach is essential to any business utilizing technology to store customer information, but efforts can range from relatively simple to sophisticated—and costly.

“If things like this go to court, it’s usually a battle of the experts as to what’s considered best practice,” he says. “What’s best practice for a small mom-and-pop shop in a small town versus a multinational company in a metropolitan area? It’s going to be a different standard based on circumstances.”

No matter his client’s size, Kahf recommends they undergo an external independent audit of their data security—emphasis on independent. It’s essential this review be undertaken by an IT specialist who isn’t part of the company, and with whom there is not a prior working relationship, so as to constitute a credible assessment that will hold up under later scrutiny if something goes wrong. Kahf emphasizes that even smaller companies, with fewer than 25 employees, should undertake this precaution regularly—though some businesses are more at risk than others, such as medical or financial firms. For most companies, he recommends a security audit at least every three years.

But even with best efforts, data breaches do occur. What then? Kahf advises his clients on managing circumstances upon discovery of said breach. This will initially entail notifying those who may have been affected, and then fielding their calls, which can be challenging.

“People are understandably angry when their private data has been breached, but what most people don’t know is that there is no absolute liability for data breach,” Kahf explains. Liability is assessed based on whether the company subject to the breach failed to take reasonable steps under the circumstances to protect the information. “Mistakes can happen to the best of us, but as long as you did everything in your power to try to prevent it, and it happened anyway, that’s OK,” Kahf adds. “Then you would be judged on your post-breach actions. Even though it’s not your fault, you still have to take certain actions to try to remedy or mitigate harm.”

Even in our personal lives, we’re all at risk for disclosure of our private data. Does Kahf have any advice? “I recommend that people be more vigilant. Some people are less careful with their data than others. For example, I don’t think you should ever have a public Facebook profile, unless you need one for business purposes. Even a private one can still get hacked. But the public one is a source of information for people who want to hack your data. They’ll learn all sorts of things about you, like your cat’s name, your child’s name, your birthday, things they’ll plug into their algorithms to figure out what your passwords are. I think people just need to be more vigilant who they share their data with and what they do online.”

If your firm or business is responsible for others’ private data, be sure that you are doing all you can to protect it. Talk to a data privacy attorney about what steps you should take to prevent data breach and shield your business from possible data breach liability. 

Other Featured Articles

Business/Corporate Icon Business/Corporate

What Can Be Done About Ransomware Attacks?

Legal advice from New York data security attorneys

Business/Corporate Icon Business/Corporate

When to Consider Mediation in a Business Dispute

Getting the skinny from alternative dispute resolution specialists

Business/Corporate Icon Business/Corporate

The Care and Feeding of Nonprofits

How to start and nurture one in Northern California

View More Business & Corporate Articles »

Page Generated: 0.21199512481689 sec