Data Breaches: Lawsuits & Liability

Instructor: Kaitlin Oglesby
With so many people's information at stake, you may think that companies open themselves up to a lawsuit anytime there is a data breach. In reality, there are a number of steps that can reduce liability.

Data Breaches and the Law

The amount of valuable information that is held by companies increases with every passing day. If you think that we're just talking about the secret recipe to the best-selling cookies, then you are sadly mistaken. Instead, many companies have gotten into the habit of holding onto information of their customers. For some companies, like health insurers or hospitals, this means plenty of very sensitive information that is required by law to be kept private. For many others, credit card and other payment information is kept on file for years.

That's all fine and good until someone does something that they are not supposed to do. In that case, we have a data breach, and the results can be disastrous. Not too long ago, retailer Home Depot had to pay an almost 20 million dollar settlement to end a class action lawsuit about a data breach that affected almost 50 million customers. From those numbers we can actually learn a great deal about how data breaches are treated under the law.

Who is Liable?

It is common advice in the information world that if you suspect a data breach, one of the first calls should be to the company lawyer. This way, the chance of a company being held liable for any costs is reduced. In doing so, companies can reduce their liability by acting quickly. Remember, the real harm from a data breach comes not from the breach itself, but from what follows. Therefore, if a company can prove that it acted in the customer's best interests, then as long as there are not any other mitigating circumstances, a company may emerge without a lawsuit. To do that, a company must be sure to release information about the data breach as quickly to the owners of the data as possible, while at the same time not accepting responsibility for the mishap. Of course, being able to prove that the company had adequate data protection procedures in place will further help to reduce liability.

The Legal Question

Very likely, however, if a company has a data breach, it very well may be sued. It may be by the clients, or it may be by the banks that suddenly have to refund any fraudulent charges. Again, the faster a firm acts, the less painful these suits will be. In the aforementioned example of Home Depot, the lawsuit was settled for 20 million dollars, but the total cost to Home Depot was more like $160 million. This is because the company had to perform a great deal of work outside of just paying people for damages. There were strong suspicions that Home Depot had not been as mindful of data as it could have been.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account