QUILES LAW
  • Home
  • attorneys
    • Roger R. Quiles
    • Patrick P. Hankins
  • Servicing
    • Players & Coaches
    • Teams & Organizations >
      • Ebook
    • Content Creators
    • Businesses
    • Investors
  • Featured In
  • Resources
  • Blog
  • Contact

Blog

FOUR WAYS TO LIMIT LIABILITY FROM A CYBER SECURITY BREACH

12/18/2014

0 Comments

 
On November 24, 2014, Sony Pictures Entertainment became aware that its company's computer systems had been hacked by a group known as the "Guardians of Peace." In the following weeks, Sony had five of its movies (four of which had not yet been released in theaters) uploaded to file-sharing websites, personal emails from company executives criticizing public figures published, and the confidential medical records of employees released, Additionally, the company received a terror threat surrounding the premiere of The Interview, starring James Franco and Seth Rogen. 

Subsequently, Sony cancelled the release of The Interview. (At the time of this writing, the hack has been linked to North Korea, whose government disapproved of the films ending). The full extent of the confidential and personal information obtained about Sony employees is unknown. A full timeline of the hack's aftermath can be found here.

Sony Pictures Entertainment's security breach highlights the increasing importance of a business' cyber security in today's world. Such a cyber attack exposes a business to immense liability concerns. In fact, a class action lawsuit has already been filed on behalf of 15,000 Sony employees who had private information (such as social security numbers) released. A particularly scathing IT assessment conducted by Sony several months prior to the hacking is likely to play a central role in that litigation, as it is arguably evidence of the company's knowledge of cyber security weaknesses. So what can businesses do to protect themselves against some of the legal backlash from such attacks?

  1. Have a cyber security system- It goes without saying, but having some cyber security system in place is better than no system at all. Ideally, the system's strength will be directly proportionate to the sensitivity of the information the business stores. That is why certain industries (like the financial and medical industries) have statutory security  measures which must be complied with. Simply put, Congress did not want to allow businesses in those industries to cut corners, as complex cyber security systems can be expensive. Aside from those industries, most businesses hold sensitive information such as credit card data which must be secured. Last year, Target was hacked and some 40,000,000 customers' credit card information were stolen. By having a system in place in the event of a security breach and subsequent lawsuit, a business can argue that it took reasonably necessary measures to secure its sensitive data in order to limit or avoid liability. 
  2. Routinely test the cyber security system- This goes hand in hand with the first point, because what good is having a cyber security system if it becomes ineffective. Unfortunately, it can happen. As hardware and software are updated, as they should be regularly, vulnerabilities can become exposed which were once previously hidden. Therefore, its imperative for a business to test its cyber security system regularly. Failure to do so may constitute evidence of not taking the reasonably necessary measures to protect sensitive information.
  3. Determine the length of time that sensitive data will be stored- Sensitive data doesn't need to be held on to forever.  Some industries, particularly finance, are regulated in terms of how long they must retain specific data. Understandably, many businesses  in other industries retain some data for client convenience (i.e. saved credit card information). However, any stored sensitive data is also a potential liability. A business should weigh its liability risk for retaining certain data with the data's necessity. 
  4. Disclose the breach- The vast majority of states require that a business disclose a security breach that involves the loss of personally identifiable information (social security numbers, drivers license info, etc.). From a legal standpoint, once a business has such a security breach, one of the worst things it can do is not disclose the breach to the mandated entity/agency/persons. This may include disclosure to more than just the persons potentially affected by the breach. By failing to disclose the breach, a business is statutorily incurring liability in addition to its existing and potentially large amount of liability resulting from the breach. Take a look at this site for links to the 47 State security breach disclosure laws.

Following these four suggestions will aid a business in limiting its liability should a security breach occur. Hopefully, your business is never breached like Sony Pictures Entertainment was.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Quiles Law is an esports and content creator law firm headquartered in New York City, representing a global clientele.

      Newsletter sign up

    Subscribe

      Questions?

    Submit

    Archives

    June 2022
    October 2021
    July 2021
    June 2021
    November 2020
    March 2020
    February 2020
    November 2019
    August 2019
    July 2019
    June 2019
    May 2019
    March 2019
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    November 2017
    October 2017
    September 2017
    July 2017
    June 2017
    March 2017
    February 2017
    November 2015
    October 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014

    Categories

    All
    Aereo
    Ambush
    Apps
    Athletes
    Athletes Rights
    Basics
    Betting
    Bitcoin
    Blizzard
    Blog
    Burnout
    Business
    Business Formation
    Business Law
    Business Policies
    Call Of Duty
    CBA
    C Corporations
    Checklist
    College
    Constitution And Bylaws
    Content Creators
    Contract
    Contracts
    Copyright
    Corporate Law
    Corporations
    Criminal
    Crowdfunding
    Defamation
    Department Of Labor
    Discipline
    DMCA
    Donald Sterling
    Do's And Don'ts
    Due Diligence
    Employment
    Endorsements
    Equity
    Escape Clause
    Esports
    Exclusivity
    Fines
    Ftc
    Gambling
    How To
    Immigration
    Independent Contractors
    Influencer
    Info
    Infringement
    Insurance
    Intellectual Property
    Internet
    Interns
    Investment
    Ipad
    Lawsuit
    Leagues
    Legislation
    Liability
    Libel
    Licensing
    Litigation
    LLC
    Loans
    M&a
    Marketing
    Media
    Minors
    Mlb
    MLG
    Morals Clause
    Nba
    Ncaa
    Nda
    Negotiation
    New York
    Nfl
    Nintendo
    Non-disclosure Agreement
    Owners
    PEDs
    Players
    Privacy
    Pro Gaming
    Quora
    Regulation
    Representation
    Rules
    Sales
    S Corporations
    Small Business
    Social Media
    Sole Proprietor
    Sponsorships
    Sports
    Sports Agents
    Sports Business
    Sports Law
    Startups
    Streamers
    Substance Abuse
    Sue
    Supreme Court
    Swatting
    Tax
    Teams
    Tech
    Tortious Interference
    Trademark
    UAAA
    UK
    Video
    Video Games
    Virtual Currency
    Visa
    Website
    Wellness
    Yelp
    Youtube

    RSS Feed

    Contact
1177 Avenue of the Americas
Fifth Floor
​New York, NY 10036

(P) (917) 477-7942
(F) (917) 791-9782
Attorney Advertising. The information presented in this site should not be construed to be formal legal advice nor  is it intended to form any attorney/client relationship. Our attorneys are licensed to practice law in the States of New York, New Jersey, Texas and Wisconsin. Copyright Quiles Law, 2022. All rights reserved.
  • Home
  • attorneys
    • Roger R. Quiles
    • Patrick P. Hankins
  • Servicing
    • Players & Coaches
    • Teams & Organizations >
      • Ebook
    • Content Creators
    • Businesses
    • Investors
  • Featured In
  • Resources
  • Blog
  • Contact