Editors’ Note: The following is an excerpt from an article published by SearchSecurity. To read the full article, click here. Registration required.
A data breach is a business crisis that can have enduring ramifications. While the discovery of a breach can initiate a drill — investigating what happened, remediating the security gaps, engaging law enforcement, and complying with state and federal notification laws — following these steps carefully and thoroughly might not be the end of a company’s headaches. Any company dealing with a data breach also needs to be concerned about follow-on litigation.
While litigation can come in the form of defending against a government enforcement suit, it can also come in the form of private actions against employees, consumers or third parties. This article provides an overview of the kinds of data breach litigation companies have faced, what legal theories have been used and what defenses might be employed.
First, who sues? Consumers, financial institutions and third parties that have contracts with the companies maintaining personal confidential information or patient health information are the prime candidates. While it might seem obvious that consumers will sue, it is becoming increasingly common to see financial institutions — banks and credit unions that have to issue new credit cards or reimburse consumers — filing class actions lawsuits to recoup their alleged costs and lost business.
Read the remainder here.