I know what you’re thinking. As a manufacturer of encryption security products, we’re hardly coming from an unbiased perspective when we highlight the risk of litigation for the negligent loss of unencrypted data.
However, it is precisely because our products are used by some of the most security-conscious organisations, in more than 35 countries worldwide, that we are uniquely positioned to have an opinion.
Until recently, data breaches may have been seen as just another cost of doing business. The worst-case scenario for many organisations would have been a minor PR issue and the threat of some insignificant financial penalties.
As we have become more dependent upon high-speed data networks, the risks have become greater. Loss of intellectual property, breach of compliance obligations, severe financial penalties and long-term damage to brand reputation have ensued.
Despite this, organisations still seem reluctant to protect their data with high-assurance encryption solutions. In its Breach Level Index, Gemalto reveals over nine billion records have been lost or stolen in the past four years. Worryingly, only 4% of breaches involved encrypted data – rendering the information useless in the hands of unauthorised users.
Emerging data protection regulations (like the GDPR in Europe) set new levels of legislation and impose stricter compliance obligations on owners and processors of data. As the legislative landscape evolves, key individuals within the boardroom could find themselves held personally responsible for the affects of a data breach.
In a previous post, we discussed what happens when a failure to encrypt becomes negligence. Where there’s blame, there’s a claim. The logical next step in the event of a negligent data breach is a class action. The victims of a data breach, whether they be organisations or individuals, meet the essential criteria of a class action; in that they share a common injury from a common cause.
In its article for Lexology, “Could cyber-security class actions be on their way to Australia?” Corrs Chambers Westgarth highlights that litigation against organisations (and individual executives) for the negligent loss of unencrypted data could be just around the corner.
“While Australian courts have not yet been faced with a cyber security class action, the increase in high-profile data breaches and cyber attacks globally indicates it will only be a matter of time.”