According Insurance Journal, only one day after Home Depot acknowledged that a data breach had exposed millions of its customers' credit and debit card information, a customer had already filed a lawsuit and was seeking class-action status. Kelsey O'Brien, who is suing Home Depot for damages, claims the company didn’t properly secure his data.
This raises a number of questions we can explore about data breaches and how IT liability is changing. In this article, we'll go over…
- What legal obligations you need to fulfill to avoid blame for a data breach.
- Why data breach lawsuits are becoming the norm.
- How you can cover the cost of a data breach lawsuit.
What Can You Do to Prevent a Data Breach Lawsuit?
Unfortunately, there's no protocol you can follow that will completely protect your clients' data and rid you of liability. That's just not how IT works.
Each decision made about a client's data security is a tradeoff. Clients choose between options that have varying degrees of functionality, cost, and security. While clients may want top of the line security, usually they won't have the resources for it. Your job as an IT consultant is to find IT solutions that are…
- Compatible with your client's budget.
- Easy to use.
But because you're always compromising, you'll always be exposed to risk.
For instance, many of the recent cyber attacks have occurred on retail point-of-sale (POS) systems, which are often out-of-date. Businesses don't want to spend the money to upgrade.
You might think a client’s refusal to upgrade their hardware absolves you of liability. But it doesn't. When a POS system is hacked, it's often because the hackers have found a way to install malware on the client's network. Undoubtedly, at some point in the attack, a hacker has penetrated a layer of security that was installed by the company's IT guy. This is more than enough to make you liable.
Data Breach Lawsuits: The Fast and the Furious (and Sometimes Spurious)
Kelsey O'Brien's lawsuit against Home Depot is part of a general trend we've seen: as data breaches become more common, customers are quickly learning that they can file lawsuits immediately after a breach. Consider the Target data breach. Lawsuits sprouted up across the country mere days after the Christmas-time hack.
Not only are data breaches becoming more common, but the risk of lawsuit for IT companies is also growing. In fact, a recent court ruling has opened the doors for more and more data breach lawsuits.
A federal court in Florida ruled that a business had to pay financial damages for a data breach, even when its customers were not actually the victims of identity theft. As part of this ruling, the Florida insurance company AvMed has to pay $3 million in damages (see our write-up in "$3 Million Settlement Paves the Way for Non-Identity Theft Data Breach Awards").
It means lawsuits are coming faster, and your liability has now expanded to include non-identity theft cases.
Covering the Financial Risks of a Data Breach
If you read all the data breach news of increased IT liability, it can get discouraging. But there is some good news. Errors and Omissions Insurance (sometimes called Professional Liability Insurance) covers IT professionals for lawsuits over their work, which includes client data breach lawsuits.
If you have E&O Insurance, your coverage can pay for…
- Lawyer fees.
- Other court costs, such as docket fees, witness fees, and more.
- Damages you may owe a client.
E&O Insurance offers IT consultants financial security. Even if you're sued, your insurance can cover your legal costs.
Need a quote for Errors and Omissions Insurance? Fill out an online insurance application for IT consultants. A TechInsurance agent will customize insurance quotes for your business and email them to you ASAP.