MediaPost reports on a class-action lawsuit against app developers that has been going on for over two years after a number of big-name Internet companies downloaded iPhone users' address books onto their servers. The lawsuit has dragged on for so long because it's not clear whether users had actually given the apps permission to take their data.
Here's what happened.
Twitter, Electronic Arts, Yelp, and other app-making companies included a feature in their mobile app that allowed users to "find their friends." For this function to work, the app had to access a user's address book. But app makers actually downloaded the contact data and stored it on their servers. Users claimed they only gave permission for the app to access their data, not to keep a copy of it.
This small ambiguity has led to an exhausting legal battle with no end in sight. To start with, there are three things IT professionals should take away from this debacle:
- Courts have a tough time deciding on IT and data security issues because there aren't many precedents.
- The use and storing of customer data always comes with risk (e.g., disputes about privacy and unclear business practices).
To get a better understanding of developer liability and IT risk, let's take a closer look at how this lawsuit evolved.
Why IT Lawsuits Can Last Years and Cost Hundreds of Thousands of Dollars
It's no secret that tech lawsuits are expensive, but many small-business owners don't realize how long they can last. The lawsuit we discussed above has been going on for two years, and it’s still not close to a resolution. That's because...
- Data breaches affect a lot of people. Data privacy and data breach lawsuits often earn "class-action" status. This is a legal term for when a number of individual lawsuits against your company combine into one joint complaint.
- Class-action lawsuits take a long time to sort out. A data privacy or breach lawsuit involves hundreds or thousands of individual users. Each can file a lawsuit against the company that misused their data. After a few lawsuits are filed, the case can earn class-action status, which will cause it to snowball as more and more people sign up.
Imagine paying lawyer fees for years of work. Lawyers charge hundreds of dollars per hour, which means that the legal fees for a case like this will easily reach six figures – and that cost doesn't include any of the damages the app makers might have to pay consumers.
And a lawsuit with hundreds or thousands of plaintiffs can be one of the most expensive and complicated. Even after the judge issues a verdict, individuals can refuse the settlement and opt to seek more damages in another lawsuit.
The takeaway: handling data exposes you to massive amounts of risk, which can complicate and prolong any lawsuit filed against your business.
Shielding Your Business from Uncertainty
After reading about this lawsuit, your first reaction might be, "Well, these companies were dumb not to inform their customers that they were downloading their address books." Fair enough. But there's a lot more gray area than you may realize.
For instance, Twitter claims that having the user's contact data on their servers made it easier for the company to find the user's associates. The fact that so many companies used this same practice suggests that there was a technical advantage (as well as a marketing one) to keeping user data on their servers.
Every IT business is going to face these kinds of risks. You might be following the example set by dozens of other tech companies when you store or collect user data. But none of that will matter if you're sued.
That's why it's best to have a strategy that plans for uncertainty and ambiguity. IT professionals should…
- Invest in Professional Liability Insurance that will cover IT lawsuits (fill out our online application for free quotes).
- Keep up-to-date with new laws, court rulings, and IT liability issues.
For more information on IT insurance, see our sample insurance quotes for estimates on a range of policies.