If My Company’s Customer Data is Breached, Am I Liable?

It seems like every time we turn on the news we’re hearing about another data breach where an organization’s customer data has been compromised. Sometimes it’s basic data such as what’s available on a Facebook page. Other times, it’s more serious. For example, the recent Equifax data breach resulted in more than 143 million U.S. citizens having their social security numbers, birthdays, and home addresses compromised.

Naturally, as consumers, we worry about what data thieves have access to and what they might do with it. As a business owner, we worry about the consequences this kind of crime has on our customers—and about our own liability. Did I implement enough cyber-security measures? Were my databases secure enough? Should I have paid extra to encrypt all of my messages? These are some of the questions that may run through your mind if your business is the victim of a data breach.

Who’s to blame?

Business owners & CEOs top the list of who gets the blame when consumer data is hacked. This blame quickly falls into a CEO’s lap because most often they are the ones to approve budgets, which include funding for IT security. Many high-profile CEOs have resigned after a massive data hack, including Target’s former CEO, Gregg Steinhafel, who resigned after the company suffered a breach that left 40 million credit & debit card numbers vulnerable.

Chief Data Security Officers and other data security personnel often find themselves in the hot seat after a data breach. If the company has provided adequate funding to prevent cyber-attacks, the CISO is held liable for not detecting or interfering with a data breach with proper systems monitoring and maintenance.

Other data security personnel may come under fire when data is compromised too. It is said that a large percentage of data breaches occur as the result of human error. Providing regular systems maintenance and upgrades are a crucial part of helping security systems guard against third party attacks. Unqualified IT professionals pose a huge risk to any organization’s database, and companies should take care to hire and train experienced data security personnel to avoid damaging data breaches.

Who’s at risk?

Mega-corporations and mom & pop shops alike can be targeted by cyber-thieves. No specific industry is more or less likely to suffer a data breach. Surprisingly to some, the healthcare industry is extremely vulnerable. Studies show that 90% of healthcare organizations have been victims of a data breach in the last two years.

Data breach prevention is a collaborative effort. Most organizations house IT departments with a bevy of cybersecurity professionals and responsibilities. It’s very uncommon for one person or group to have sole responsibility. Still, a dangerous breach remains one bad decision or moment of negligence away. This results in a plunge in revenue and your customers’ trust.

Contact Us

BRADFORD, LTD makes its business about protection. Protection of your ideas, property, and data. We serve industries most likely to suffer a devastating breach, as well as those often overlooked. Contact us today at 303.325.5467 to find out how our team can help you protect your business—in any situation.

The following two tabs change content below.


Bradford LTD specializes in IP protections and maximization for startups and small businesses. We also provide scaled legal services to our clients, including fractional legal counsel and value-based rates. From trademark, copyright and service mark protections to patent protection and outside inside counsel, we help position entrepreneurs and owners for long-term success.

Latest posts by BRADFORD, LTD (see all)