Digital data is everywhere and nowhere. You have hundreds of personal messages, not to mention thousands of advertisements and receipts, stored on your smartphone. You can easily find them just by searching for a keyword, except when a document you were sure you had proves more elusive than you expected, and you spend an entire day searching for it in vain. Ideally, data should be easy for the right people to find and difficult for the wrong people to find, but this is a difficult balance to strike. We have all read news stories about people facing criminal charges for identity theft after they caused one or more consumers to suffer financial losses and need to rebuild their creditworthiness from scratch.
Data breaches at places of employment can lead to theft of financial data. Even if no one gets charges for financial crime as a result of the data breach, the company that failed to implement adequate data security measures to prevent the breach can be liable in a civil lawsuit. The data breach lawyers at HKM in Huntsville can help you if employees or customers suffer financial losses as a result of stolen data arising from a data security breach at your place of employment.
Everyone is Vulnerable to Data Breaches in the Digital Age
The theft of credit card numbers or bank account numbers can occur in many ways. The most low-tech ones involve an employee writing down customers’ credit numbers surreptitiously or using his or her smartphone to photograph papers or computer screens that show customers’ payment details. Credit card skimming devices can do this on a somewhat larger scale. All of these methods pale in comparison to data breaches, though.
A data breach occurs when a hacker illegally gains access to a device where a company has stored confidential identification or financial information. For example, the computers at a workplace might store the bank account numbers where they automatically debit customers’ accounts for recurring payments or where they deposit the paychecks of employees who have enrolled in direct deposit. Because devices at the same workplace are often linked to each other through an intranet, the hackers might be able to access the company’s entire network simply by breaching one device in the network. When this happens, they can steal the financial details of thousands of people, including customers, employees, and vendors.
Who is Responsible for Data Breaches?
The simple answer is that cybercriminals are the ones who commit data breaches. Of course, everyone who has ever used a work computer knows that there are people and bots out there trying to steal people’s payment information; data security is a basic part of using a computer. Companies that store payment information on behalf of customer employees have a legal duty to protect the data that they store on their devices from preventable threats such as data breaches. In the terminology of tort law, companies have a duty of care to prevent data breaches of their devices.
It is possible that a single employee can enable the data breach, such as by leaving his or her computer unattended while confidential information is visible, but such cases are the exception to the rule; if this happens, the employee could face criminal charges for conspiracy for his or her role in the data breach. More likely, though, the company’s entire data security strategy is insufficient to keep up with current data breach threats, and therefore ,the company is legally responsible for the breach, in the sense that it is responsible for compensating people whose data got stolen.
How to Prevent Data Breaches
The technologies for stealing confidential data are always evolving, and so are the technologies for protecting a company’s computer networks from data breaches and the theft of data. The biggest companies should hire in-house cybersecurity teams to monitor the company’s data infrastructure, repel threats before the company can suffer a data breach, and update its practices to keep up with evolving technologies. Small businesses do not have the resources to employ a cybersecurity staff on a full-time basis. They can, however, engage the services of data security consulting firms. Businesses should have cybersecurity firms assess their networks for data breach vulnerabilities at least once per year and address any weaknesses or threats that they detect.
If your company has not consulted cybersecurity experts about protecting your networks from data breaches, it should do so promptly. It should also follow these other best practices for preventing data breaches:
- Using cloud storage to keep files that include financial data instead of storing these files on hardware that hackers can breach more easily
- Installing patches for malware attacks whenever these patches become available
- Requiring two-factor authentication for employees to access company devices
- Requiring employees to change their passwords several times per year
- Setting high standards for password strength, such as requiring a combination of letters, numbers, and special characters and not allowing words found in English dictionaries or common personal names as part of passwords
- Requiring employees to answer security questions after entering their passwords
Data Breach Lawsuits
Employees and customers whose data gets stolen because of a corporate data breach have the right to file a lawsuit against the company that suffered the data breach. Failure to prevent a data breach constitutes negligence if the plaintiffs can prove that the data breach was preventable. Plaintiffs who prevail in a data breach lawsuit can recover compensation in the amount of the financial losses they incurred as a direct result of the data breach. The Huntsville data breach lawyers at HKM Employment Attorneys, LLP, have represented plaintiffs in class action lawsuits against large companies that failed to protect their employees’ data from data breaches.
Lawyers for Data Breaches
The Huntsville employment lawyers at HKM Employment Attorneys, LLP, can help you if you are an employee or a customer who suffered financial losses because of a corporate data breach. Contact our office in Huntsville, Alabama, to set up a consultation.
