The liability issues involved with a breach
will depend on what kind of data the
policy holder has, says Michelle Kisloff,
head of the privacy litigation group for
Hogan Lovells. If the company accepts
payments, think Michaels, Target and
Home Depot, one of the liability issues is
whether or not the company is compliant
with the Payment Card Industry Data Security Standard (PCI DSS). Any business
that accepts credit cards is expected to
comply and if they don’t, the credit card
companies and banks could come after
the store for fraudulent charges.
Another risk involves class action suits,
which Kisloff says are becoming more
prevalent. “There was a class action suit
filed the day the Home Depot breach was
announced,” she explained, “for negli-
gence, breach of standards and failure to
protect personal information.”
A publicly traded company that suf-
fers a breach can face shareholder liability
claims and claims against the board of di-
rectors, which could impact directors and
officers liability coverage. Whether or not
the board failed in its fiduciary responsi-
bility to protect the customers’ informa-
tion becomes a central issue.
After the breach
Once the breach has been identified,
Kisloff outlines five steps each company
1.Activate the incident response team
2. Contain and control the incident. Stop
the breach and once it is over, let customers know it is safe to shop at the
store again. Bring in outside forensic
assistance if necessary to determine the
scope of the breach.
3. Consider whether or not to notify law
enforcement — this can include the
Secret Service, the FBI and the local
district attorney’s office. The decision
usually needs to be made quickly be-
cause of the scope of the breach and the
preservation of evidence.
4. Work with counsel — both internal
and external. This involves evaluating
the legal risks and protecting the data
and evidence that could be part of the
5. Determine if there is a notification obligation — there may be for legal reasons and it is just good business to notify customers before they hear about it
in the news.
The impact of a cyber breach can be
crippling beyond the financial costs
and businesses of all sizes in all industries are vulnerable. How quickly a
company recovers will be determined
by the steps taken way before an attack
One Claim At A Time,
and that will never change.”
-William “Bubba” Ryan, CEO
“Earning Your Trust T
“We Do It Differently.” We do it better and our Insurance
Industry Partners love us for the money we save them and
the service we provide to their satisfied customers.
RYTECH- The Industry Leader in
Water Mitigation & Mold Remediation.
• Centralized Administration/ Call Center.
• IICRC, WRT and ASD certified field
production staff on every job.
• Controlling Severity, from Rapid Response
& Restoration to Cost Containment.
• RYTRAC In-Field Mobile
Communications – Provides
real-time overview to specific claims.