800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT
Nightmare Lawsuit against App Developers Probably Costing Boatloads

Nightmare Lawsuit against App Developers Probably Costing Boatloads

After two years of litigation, app developers are still nowhere near the end of a data privacy lawsuit. Find out how to protect your company from lawsuits.

Friday, September 05, 2014/Categories: data-privacy

MediaPost reports on a class-action lawsuit against app developers that has been going on for over two years after a number of big-name Internet companies downloaded iPhone users' address books onto their servers. The lawsuit has dragged on for so long because it's not clear whether users had actually given the apps permission to take their data.

Here's what happened.

Twitter, Electronic Arts, Yelp, and other app-making companies included a feature in their mobile app that allowed users to "find their friends." For this function to work, the app had to access a user's address book. But app makers actually downloaded the contact data and stored it on their servers. Users claimed they only gave permission for the app to access their data, not to keep a copy of it.

This small ambiguity has led to an exhausting legal battle with no end in sight. To start with, there are three things IT professionals should take away from this debacle:

  1. Privacy policies must be explicitly clear about what a company is doing with user data. (See this week's post, “AOL's New Privacy Policy More of a No-Privacy Policy,” for more on what goes into a privacy policy.)
  2. Courts have a tough time deciding on IT and data security issues because there aren't many precedents.
  3. The use and storing of customer data always comes with risk (e.g., disputes about privacy and unclear business practices).

To get a better understanding of developer liability and IT risk, let's take a closer look at how this lawsuit evolved.

Why IT Lawsuits Can Last Years and Cost Hundreds of Thousands of Dollars

It's no secret that tech lawsuits are expensive, but many small-business owners don't realize how long they can last. The lawsuit we discussed above has been going on for two years, and it’s still not close to a resolution. That's because...

  • Data breaches affect a lot of people. Data privacy and data breach lawsuits often earn "class-action" status. This is a legal term for when a number of individual lawsuits against your company combine into one joint complaint.
  • Class-action lawsuits take a long time to sort out. A data privacy or breach lawsuit involves hundreds or thousands of individual users. Each can file a lawsuit against the company that misused their data. After a few lawsuits are filed, the case can earn class-action status, which will cause it to snowball as more and more people sign up.

Imagine paying lawyer fees for years of work. Lawyers charge hundreds of dollars per hour, which means that the legal fees for a case like this will easily reach six figures – and that cost doesn't include any of the damages the app makers might have to pay consumers.

And a lawsuit with hundreds or thousands of plaintiffs can be one of the most expensive and complicated. Even after the judge issues a verdict, individuals can refuse the settlement and opt to seek more damages in another lawsuit.

The takeaway: handling data exposes you to massive amounts of risk, which can complicate and prolong any lawsuit filed against your business.

Shielding Your Business from Uncertainty

After reading about this lawsuit, your first reaction might be, "Well, these companies were dumb not to inform their customers that they were downloading their address books." Fair enough. But there's a lot more gray area than you may realize.

For instance, Twitter claims that having the user's contact data on their servers made it easier for the company to find the user's associates. The fact that so many companies used this same practice suggests that there was a technical advantage (as well as a marketing one) to keeping user data on their servers.

Every IT business is going to face these kinds of risks. You might be following the example set by dozens of other tech companies when you store or collect user data. But none of that will matter if you're sued.

That's why it's best to have a strategy that plans for uncertainty and ambiguity. IT professionals should…

  1. Be as transparent as possible in their privacy policy and user agreement.
  2. Invest in Professional Liability Insurance that will cover IT lawsuits (fill out our online application for free quotes).
  3. Keep up-to-date with new laws, court rulings, and IT liability issues.

For more information on IT insurance, see our sample insurance quotes for estimates on a range of policies.

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews

Categories

The Small Business Insurance Leader