Data breaches are everywhere.
Go to your favorite news site, tune in to the national news on TV, or simply Google it – you’ll find thousands of results breaking down breaches from phishing attacks, employee negligence, or a host of other brute-force methods. Attacks are happening with more frequency and increased complexity, raising more questions than can be answered.
One of the main questions that business owners should ask is this: “Am I liable for a data breach that happens within my business, even if it’s not directly the fault of my business?”
The short and simple answer is probably, though regulations vary from state-to-state.
Your clients, customers, and users expect your business to protect the data they have entrusted to you, be that as basic as names and addresses or as personal as Social Security numbers and banking information. Even if a vendor you hire to work for you is at fault, your name is the overarching company of record. Remember, the Target breach of 2013 came about due to a hacker stealing credentials from a third-party vendor. Nobody remembers the name of the vendor and the fines were levied against Target for the breach. Even more recently, Capital One fell victim to a breach by a former employee of a third-party vendor.