Data security breaches clearly pose a significant risk to organizations that collect or maintain customers’ personally identifying information in electronic format. Unfortunately, too many organizations do not fully understand the risk.
Here is confirmation that a data security breach can be a huge problem.
700 Approximate number of Barnes & Noble locations nationwide
63 Number of locations with tampered credit and debit card PIN pad devices
3 Number of days before a federal class-action lawsuit was filed
THREE whole days before any action was taken!!!
Although federal or state law may require a business to notify those affected by a data security breach, can that business also be held liable to individuals who had their identities stolen because of the breach? The Eleventh Circuit Court recently joined other courts in holding that a business may be liable to an individual if there is a sufficient link between the data security breach and the identity theft.
Though bare allegations of time and sequence are usually insufficient, the Court held that a link between a breach and identity theft can be established by showing that:
- The individual gave the business his personal information.
- The personal information used to steal the individual’s identity was the same information lost in the breach.
- The identity fraud incidents began within a reasonable period of time after the breach.
- The individual had not previously suffered any such incidents of identity theft.
Under these facts, the Court held that the individuals have sufficiently stated a claim for damages and that their lawsuit could proceed. This means that the business is likely in for a long and expensive legal battle.
Since it is impossible to eliminate the risk of a data security breach, insurance should be used to limit it.
Various insurance products protect against privacy injuries resulting from security breaches, such as identity theft. Insurance may also help cover the often substantial cost of complying with security breach notice laws. Given the variety and complexity of these products, an experienced insurance agent should be consulted to ensure that proper coverage is obtained and that no gaps remain.
If you would like to learn more about insuring against data security breaches, contact us .