The article, “Data breach victims could get damages from careless firms” relates strongly to my previous post about what is going on in South Carolina. Until recently, victims who had their private information stolen from a company or government agency had limited options with the legal system and often saw small restitution amounts. With the changing digital landscape though, judges have begun to realize that there is real immediate, and future, harm when ones personal information gets in to the wrong hands. Data theft victims now have the ability to file class action lawsuits, “[making] companies liable for steps taken to prevent financial harm, such as insurance to cover the costs associated with identity theft." According article author Antone Gonsalves, the average settlement per plaintiff in a data breach class action suit is $2500. Add to that an average of $1.2 million in lawyers fees and these lawsuits can get expensive for companies.
This can mean only good things for consumers. The high cost of lawsuits might act as a catalyst, getting IT departments to beef up security and implement more than adequate best practices. Companies will realize that if they do all they can to secure sensitive information, the amount of liability they are responsible for might be far less. A bill pending in Congress might also help along the process of securing private information. The bill would “set a national standard for data breach notification, replacing the variety of state laws that exist today. Introduced in June, the Data Security and Breach Notification Act would also set maximum damages and define what is considered a breach.” The most important thing for all companies and agencies to realize is the fact that it is only a matter of 'when' an attack will occur. As long as a company hosts sensitive data, there will be someone who wants access to it.
No comments:
Post a Comment