The purchase and sale of goods and services at a storefront is rarer these days. Information technologies make online transactions more efficient and convenient. However, those same transactions expose businesses to greater risk and liability when receiving and using customer information. Information technology companies must not only must safeguard their electronic transactions, but also secure sensitive information and proactively combat data breaches. Failure to do so can lead to a huge economic loss for the customers and the company. Structure Law Group, LLP advises companies engaged in e-commerce on privacy and security issues, how to safeguard against the inadvertent data breaches and counsels them on the necessary steps to take if such an unfortunate event occurs.
California law protects the individual’s right to the safety and integrity of his/her personal information. California’s Information Security Act defines personal information as any information that could identify or describe a person. Personal information includes a person’s name, address, social security number, license number, medical information, and the like. If your website collects such information, then you are required by law to take reasonable steps to prevent disclosure of such personal and private information. California law obligates businesses to implement security measures reasonably designed to protect the integrity of the such information. Every business entity, from a sole proprietorship to a multi-national corporation is subject to the Information Security Act.
California law broadly defines “data breach.” Data breach includes any “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business.” The information may be used in good faith for the benefit of the person whose information is disclosed, provided that such disclosure is authorized.
California businesses must act expediently when a data breach of unencrypted information occurs. The business must disclose the details of the breach “without unreasonable delay.” The business must notify their customers, and law enforcement if necessary, in writing about the breach.
Damages for Data Breach
Consumers have recourse against the company for failure to protect private information. California law prohibits waiver of the rights granted to individuals from unauthorized disclosure of private information. The injured person may sue the company for damages under a negligence theory. Those damages would cover the actual loss as well as incidental damages caused by the data breach. However, if the injured party proves that the company acted wilfully, maliciously, or recklessly, then the consumer is entitled to a $3,000 penalty per violation. If the action is based upon mere negligence, then the party may recover a $500 penalty. Also, the company is liable for damages for failing to comply with the notice provisions of the law. The injured party can recover reasonable attorney’s fees and costs in addition to damages and the civil penalty.
Contact your San Jose Corporation Business Lawyer Today