What’s the Best Way to Protect Consumer Data?


In the tech-rich culture of San Jose, protection of intellectual property and consumer data is a constant concern for business owners. How can owners invoke legal protection for these assets in order to protect their legal interests and reassure customers that their data is secure? The answer depends upon the different types of liability a business can face when consumer data is compromised.

Contractual Liability

Contractual liability arises when one (or more) parties in a contract fail to fulfill their responsibilities agreed upon in the contract. Many technology companies have contracts with consumers. These are often contained in the Terms of Service issued to users of mobile apps or software. Some can be more detailed – especially when the company is hired to perform a specific service to the customer. For example, when a company provides customers with secure data storage based on a private server or the cloud, the Terms of Service are typically very inclusive. If such consumer data is compromised, a technology company can face contractual liability for failing to provide the secure data storage offered by the terms of the contract.

Such liability can be addressed proactively with both legal and logistical solutions. Technology companies should create security plans which use backup areas of protection for consumer data. When service contracts (or Terms of Service) are drafted, it is important to specify the security measures which will be taken. This can help a company defend against claims that it failed to provide the security which was promised.

Liability for Negligence

Separate from contractual liability is the liability all companies face for acts of negligence. In the context of consumer data security, negligence could be found any time a company failed to take reasonable steps to protect consumer data. Perhaps an employee who was recently fired was allowed continued access to consumer data. Maybe a security plan had only one level of protection and no backups in place in the event that level was breached. These and similar actions could lead a jury to determine that a company was negligent in securing its consumer data.

A recent example of this was the widespread breach of consumer data held by Equifax. Wired reports that hackers entered Equifax’s web application system through a vulnerability identified long before the cyber attacks occurred. In fact, the engineers had a patch available for the vulnerability two months before the data was compromised. These were two months in which the credit giant could have been taking reasonable precautions to protect consumers. It did not. Now, millions of Americans have had highly sensitive data compromised, and the company faces huge lawsuits as a result.

In the Equifax case – as in all negligence cases – liability will be determined by the reasonableness of the defendant’s actions. Tech companies can thus reduce their chances of facing liability by taking reasonable measures to protect consumer data. Constant monitoring, multiple levels of security, and having backup systems in place can all be used as evidence that the company was reasonable in its protective efforts.

Contact a California Intellectual Property Attorney Today

The experienced corporate attorneys at Structure Law Group help San Jose business owners protect their financial interests by identifying and addressing areas of potential liability. Schedule a consultation today by calling (408) 441-7500 today, or emailing slgadmin@structurelaw.com.