Yes, Your Business Can Be Sued the Day after a Data Breach

red text Lawsuit on NewspaperThe recent Equifax breach is a big wake-up call for the business world; organizations large and small must get serious about data security. While companies that suffer a data breach are likely to be sued, a recent ruling makes it easier and faster to file a class-action lawsuit. In this blog post, we discuss the details of the ruling and how you can protect your business.

A Court Ruling with Far Reaching Implications

Only a few weeks ago, the fast food chain, Sonic, acknowledged a breach affecting an unknown number of store payment systems. Although this breach was similar the rash of high-profile corporate data breaches this year, the initial response to the breach couldn’t have been more different. The day after the breach was reported, a class action lawsuit was filed against Sonic.

The reason Sonic was sued so quickly after the breach was due to a recent appellate court ruling. This ruling allowed a civil action suit against a healthcare entity that fell victim to a database hack affecting 1.1 million people to proceed because the judge ruled that the theft of personal information, health care records or other confidential information created harm through the risk of identity theft. Previously, the suit had been thrown out because, although the victims’ information was at risk, they could prove no actual harm. This recent ruling establishes that harm also includes the risk of identity theft, even if no such theft occurs.

Protecting Your Data

This landmark ruling impacts your business. If your company experiences unauthorized access to its documents and data, it can be sued immediately, even if no identity theft or fraud has yet occurred. This is why having a data breach prevention strategy is crucial. Start by taking the following steps:

  1. Know what information you have and where it’s located
  2. Identify potential risks
  3. Establish physical security measures
  4. Implement a privacy training program for your staff

It’s also important to follow breach reporting and consumer notification rules and regulations, whether the breach is actual or suspected, and regardless of the size of your business or how many records may have been compromised. A breach reporting service helps your company fulfill its mandated requirement to comply with federal, state and other laws to report the loss of personally-identifiable information (PII) to authorities and notify affected individuals.

While it’s impossible to prevent data breaches entirely, using these strategies can help your company stay ahead of the curve.

Richards & Richards offers records and information management services for businesses throughout Nashville. For more information, please contact us at 615-242-9600 or complete the form on this page.