2014 legal issues




If you own a website that collects information, such as an email address or purchasing information, your biggest liability concern may not be what is on your site (privacy policy, terms of service, product claims, and so on).  It may be the private information not publicly available about your users.

A couple examples in the news highlight this issue.

First, there is the Target data breach.  Target clearly mishandled this by not notifying users their data had been compromised and only including a notice on a corporate site no one visits.  After the class action lawsuits started rolling in, and after banks such as Chase begin limiting and canceling cards, did Target decide it might be a good idea to act like a trusted business and notify customers personally and on its consumer site.

Websites get hacked all the time.  Your site is probably a lot less secure than Target’s site.   However, the data you hold may be just as important to consumers.  It is only a degree of scale.

If your website is hacked and email addresses are stolen for spam purposes – you have a liability exposure.  This may be the biggest exposure your company has.

Second, there are the claims against Facebook, Google, and others about behind the scenes tracking of users without obtaining their permission and invading their privacy.  It will be interesting to see how these cases resolve.  Settlement, without any definitive rulings is certainly a high likely scenario.

What you privately do with user data may not at all be what users expect.  Especially if you are using it in combination with other data received, or tracking users, for the purpose of “targeting” them to sell ads.  Some people get a tad upset when companies secretly use information about them to make a buck.  These types of lawsuit should not be surprising, but major companies seemingly cannot help themselves when it comes to gathering as much private information as possible without wanting anyone to know what they are really doing.

Perhaps they are auditioning to prove their worth to the National Security Agency.

The second issue, how you use user private data, is within your control.  The first, preventing hacks, less so.

Key questions if there is a breach, include whether you even know about it (!) , when you knew of the issue, what was the scope of the breach, and what if anything you then did to protect your users.

I suspect this is a much more common problem than many companies realize or publicly admit to.  How do you think the spammers got your email?

I would not be surprised to see a significant increase in lawsuits filed against companies whose websites are hacked and email addresses are stolen.




Filed under: Internet Law

Like this post? Subscribe to my RSS feed and get loads more!