The Legal Implications of Cybersecurity When Collecting Personal Information
Understand the Stakes of Collecting Personal Information
Cybersecurity law has been called many things in recent years—evolving, complex, varied, cutting-edge, even hilarious. Ok, maybe not the last one. But I would offer another phrase that can serve as a key takeaway from this article. This phrase also highlights the importance of strong cybersecurity from a legal perspective when collecting personal information. That phrase would be: creating victim-defendants.
I know it doesn’t exactly roll off the tongue, but it exemplifies an important aspect of cybersecurity law: If victimized by a hacker, your business could be sued as a result of the data breach.
Businesses are accustomed to protecting their own sensitive information, such as trade secrets and financial information. If that information were stolen, the business would have a claim against the bad actor and wouldn’t necessarily expect to be sued.
Cybersecurity law is different because businesses often are sued after a data breach.
If you think of personal information as belonging to the customers or employees who provided their data, rather than as belonging to the business, you’ll see why cybersecurity raises many legal issues. You’ll also see how a business victimized by a data breach can become a defendant in a lawsuit.
The following are some of the major aspects of cybersecurity law. Understanding these issues will go a long way toward creating a legally compliant cybersecurity program and avoiding becoming a victim-defendant after a data breach.
To view the complete article originally published by Financial Poise on August 14, 2018, click here.