The impact of serious data breaches are becoming both more common and more costly for businesses with each major attack. According to the New York State Attorney General, businesses reported 1,300 data breaches in 2016—a 60 percent increase from the prior year—that involved the personal data of 1.6 million New Yorkers.1 Further, a 2016 independent data breach study conducted by the Ponemon Institute estimated that the average cost of a data breach to a U.S. corporation is roughly $7 million, a 29 percent increase since 2013.2 When companies find themselves to be victims of a data breach, they must navigate an ever-expanding minefield of complex reputational, regulatory, and legal challenges. This article focuses on the potential for regulatory and civil liability for corporations in the aftermath of a data breach.
Regulatory Exposure
The recent trend has been for federal regulators, such as the Federal Trade Commission (FTC) and, more recently, the Securities and Exchange Commission (SEC), to treat hacked corporations less like victims and more like potential wrongdoers. This view is especially prevalent where the regulator concludes that the hacked corporation ignored red flags or failed to take appropriate precautions to protect sensitive data from theft. Despite the Trump Administration’s general pro-business posture, federal and state regulators are displaying an increasing interest in being seen as aggressive in this space.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]