Orange County Branch Newsletter
Law and CE News
Cyber Liability: Is Your Firm at Risk?
Cyber Liability is one of the fastest growing areas of risk that most businesses are not equipped to handle. During the 2013 holiday season, hackers gained access to Target’s computer systems compromising the personal financial information of approximately 70 million customers. Not surprisingly, financial institutions and consumers initiated litigation against Target as a result of this breach, which is continuing today.
While potential liability to design professional firms from data breaches may not be immediately apparent, one does not have to be a financial institution or retailer to have liability exposure from data breaches. Design professionals regularly gain access to confidential information from clients and often times have contractual obligations to safeguard that information. Understanding the areas where liability may arise and ensuring your firm is adequately prepared and protected is crucial to the future of your business.
An Evolving Area of Law
Understanding cyber liability exposure has evolved rapidly across the country as courts are faced with an increasing number of lawsuits. These cases often involve complicated, highly-technical facts and plaintiffs have used a number of different approaches to recover for these incidents. The California Customer Records Act (Civil Code §§ 1798.80, et seq.) requires businesses that own or license personal information to implement and maintain reasonable security measures and practices appropriate to the nature of the information maintained. Specifically, the information must be protected from unauthorized access, destruction, use, modification, or disclosure. In addition, any security breach must be disclosed in the most expedient time possible and without unreasonable delay. California’s Unfair Competition Law (Business & Professions Code § 17200, et seq.) has been used to seek injunctive relief against these companies as well as compensatory and punitive damages. Furthermore, negligence theories of liability have been pursued on the grounds that companies have a duty to protect personal information and timely disclose breaches with varying levels of success.
A recent case in the Northern District of California, In re Adobe Systems Inc. Privacy Litigation, provided further encouragement to plaintiffs pursuing these claims. The publishing software company Adobe offers a subscription-based service in which customers pay a monthly fee to utilize a range of products. In July 2013, hackers obtained unauthorized access to Adobe’s servers and spent several weeks removing customer data before detection. The individuals affected by this breach filed suit against Adobe alleging violations of the California Customer Records Act, among other things. However, the plaintiffs did not alleged actual misuse of the stolen financial information. Courts across the country have dismissed similar cases for lack of standing on the basis that a speculative threat of future injury is insufficient to maintain the lawsuit. However, the court found the danger that the stolen data would cause result in injury was immediate and impending and so permitted the lawsuit to continue on that basis. As a result, hacking of personal or protected data is an area of litigation that will continue to grow in California and around the nation.
Cyber Liability Can Impact Design Professionals
The loss of customer financial data presents a risk that all businesses must take seriously and protects against. The proliferation of computer software in all aspects of design development presents additional concerns which design professionals must carefully consider. For example, the introduction of a computer virus and malware to a firm’s network could result in delays to the completion of project deliverables. This inevitable delay could severely hamper an entire project’s schedule and result in significant liability, particularly if liquidated damages have been established. Furthermore, a data breach resulting in the loss of confidential client data, particularly regarding sensitive project information, is an ever-present risk for many design firms.
There is an emerging insurance market that is developing policies specifically designed to help companies, including design firms, manage their risks and protect themselves in the event of cyber theft. Since malware and other commercially-available software is not always sufficient to protect a computer system from unwanted intrusion, a number of insurance companies are now offering cyber liability policies that offer protection in case of a breach of contract or privacy agreement, network business interruptions, post-loss computer forensics, credit monitoring services, business income losses, and costs related to notifying regulatory authorities, to name a few. A good way to see if your company has protection in case of a theft of computer data is to speak with your insurance broker and find out what products are available that can supplement the coverage already in place for your business.
In conclusion, cyber liability is an expanding aspect of doing business and presents a risk for design professionals that should be considered and protected against.
Please contact us at the Oakland, South Pasadena, Orange, or San Diego offices to discuss further.
Nothing contained in this article should be considered legal advice. Anyone who reads this article should consult with an attorney before acting on anything contained in this or any other article on legal matters, as facts and circumstances will vary from case to case.