Court of Appeals Makes Every Business a Target

THE FACTS

The 7th Circuit Court of Appeals reinstated a lawsuit against Neiman Marcus that followed their 2013 breach. In reinstating the suit, the court overturned the precedent that prevented individuals from successfully suing companies following a breach. The precedent, called Clapper, required any person to provide legally sufficient evidence of damages in order to have standing to bring a suit.

In overturning the precedent, the judge stated that that “fear of hackers in the future is not too “speculative” for a day in court.” The judge further stated that "Why else [other than to cause harm] would hackers break into a store's database and steal consumers' private information?"

THE ANALYSIS

It is generally understood that the circumstance that will change the way companies deal with cyber security will be driven by the courts and civil lawsuits. The courts have been consistently frustrated and have begun to try to find a way to create change. Unfortunately, the result may not only be bad for businesses, but take the market in a dangerous direction. If consumers can successfully sue any company that has a breach, the end result may be that every breach becomes a business-ending event.

THE APPLICATION

One of the key factors as to whether a lawsuit will take place and be successful following a breach is whether the company can show that it has acted in good faith and taken reasonable steps to address the issues of data security and privacy. These reasonable steps MUST include having acted ahead of time to implement good security practices, they must be able to prove (in writing) that the program is in place and that it is actively in use. The program must also include provisions for how to deal with situations when things go wrong. The fastest way to be out of business is to sit, wait and hope for the best.

$188,000

average cost of a small business data breach in the US

197 days

time it takes companies to identify a data breach