Hitachi

U.S.A.

Hitachi Group Global Network

Americas

Asia

Europe

Middle East and Africa

Oceania

Close

Data Breach Lawsuits: How Effective Are They Really?
You are here: Home \ Cyber Law \ Data Breach Lawsuits: How Effective Are They Really?
Data Breach Lawsuits
Posted on Monday, November 21st, 2016 by

Did you know that 83 class actions were filed in the United States in 2015 following a data breach?

 

Settling these lawsuits can involve millions of dollars and are certain to increase in the future. Sony PlayStation Network settled a class action lawsuit for $15 million after a data breach exposed 500 million customer names and addresses, login credentials and encrypted credit card numbers.

However, legal costs involve more than settlement amounts. The costs include attorney’s fees, fines, notification costs, credit card reissuing, identity theft repair and credit monitoring costs.

Organizations have to navigate through a complex web of legislation covering various approaches, such as system protection, data protection and proprietary information protection. In this context, the legal framework includes laws with extraterritorial application, privacy laws, information security laws, data breach notification laws, intelligence sharing laws and treaties in addition to contractual obligations.

 

Related webinar: “The Developing World of Cyber Litigation and Compliance”.

 

Outside from consumer or employees class lawsuits, organizations are also exposed to shareholders’ derivative suits, securities fraud class actions and enforcement actions by governmental agencies. These may include the Department of Justice, the Securities and Exchange Commission, the Federal Trade Commission, the Office of the Privacy Commissioner and industry-based regulators such as the Federal Communications Commission and the U.S. Department of Health & Human Services that applies the HIPAA regulation.

Most regulations have in common the concept of reasonableness according to which cybersecurity has to be reasonable. This is both a legal requirement and a defense to lawsuits, but what does it mean? The answer to this question is often challenging for businesses, who question whether compliance itself is sufficient to avoid liability.

The evolving world of cyber litigation is also particularly concerning for small to mid-sized organizations that are the most vulnerable to the fallbacks of a lawsuit, and who, in most cases do not have cyber insurance. The recent inclination to name directors in lawsuits is creating new, overwhelming responsibilities on executives to be conscious of their decisions with regards to information security. Even when legal action is dropped and lawsuits dismissed, these smaller businesses and the executives incur substantial costs, brand damage and often personal blame for the breach.  Organizations must take the consequences seriously be aware of the legal context within which they must take their cybersecurity decisions.

Join our webinar where I explain the legal landscape and the concept of ‘reasonable’ cybersecurity.  The webinar features real-life examples and case studies, to help attendees understand exactly what constitutes a reasonable cybersecurity for their business and how to effectively achieve this purpose in a given time frame. Click below to access it:

The World of Cyber Litigation and Compliance

Vanessa Henri
About author:
Vanessa is an academic and legal expert on data protection laws, as well as a certified data protection officer. Currently, Vanessa is Hitachi Systems Security’s Director of Legal and Compliance as well as Data Protection Officer. She oversees the performance of privacy advisory services by Hitachi Systems Security to its clientele, including services such as GDPR Posture Assessments. She advises boards of directors at the macro-strategic level on the implementation of privacy obligations through efficient reporting systems. She has published a variety of data privacy-related materials and has contributed as a speaker to various conferences about data protection laws, such as Code Blue, in Tokyo. Vanessa is a member of the Quebec Bar Association, and holds a master’s in laws from McGill University. She also teaches corporate cybersecurity practices at St Thomas University, in Miami, Florida. She is a certified Data Protection Officer.

Latest Webinars | Watch Now

 

The Next Generation of Managed Security, in collaboration with PCM.

Watch Now

Reporting Data Privacy Obligations to the Board: A Practical Approach to Ongoing Compliance, in collaboration with Nymity.

Watch Now