Over the next few weeks, we will endeavor to use these pages to share our perspectives on the burgeoning area of Privacy and Cyber Security Litigation (PCS Litigation). In particular, we will focus on steps you can take to both anticipate such litigation, and how you can effectively respond to such litigation should it land on your doorstep, regardless. At the end of the day, we hope to provide you with some guidance on how to navigate this fast-moving and quickly-evolving area of the law.
In order to prepare for PCS Litigation, one must first identify and understand the liability standards that would be utilized in a putative lawsuit. The triggering event in PCS Litigation is almost always a data breach: An unauthorized user accesses and collects information to which it is not legally entitled, usually through a computer network, a laptop or USB drive. A data breach can trigger any number of lawsuits, the nature of which depends on what was taken and by whom. Each, however, will have its own “standard of care” by which the breached company’s conduct will be judged. Below are just a few. Keeping these developing standards of care in mind is a great starting point for any cyber security preparedness effort.