·  Legal News, Analysis, & Commentary


Liability Considerations in Business: How to Keep Your Data Safe

— December 18, 2019

While these measures might seem a tad too tedious, remember that the liabilities for losing customer data in case of disruption will always be much greater than the time and money required to implement protective processes.

Far too often, business owners neglect thinking about and planning for what would happen to their businesses should a disruption occur. However, liability considerations are an important aspect of any business, and inadequate planning is often what leaves businesses completely crippled in the wake of an emergency. 

Today, business disasters are so much more than just natural calamities. With the rise of technology in business, cybercrime is also considered a business disaster. The truth is, there is no telling when a disruption may occur — be it a fire or a cyberattack; the best chance you can give your business to recuperate is to have a thorough plan in place, in case the worst happens.

Formulate a Business Continuity Plan 

A business continuity plan (BCP) is crucial for any business. As stated by Ontrack, a business continuity plan “will help a company in the event that the business experiences a disruption. When a business goes through a disruption, it typically costs money. To keep these losses to a minimum, a BCP document should cover all necessary steps and time frames to get resources, processes and functions up and running again.” 

Like any other business, a law firm also needs a thorough BCP. Without one, it is often hard to restore business in the aftermath of a disruption. In fact, an article on Stay in Business states that many law firms aren’t able to restart business even six months after an incident due to lack of a proper BCP. 

There are many things to consider when developing a BCP. Obviously, every BCP will differ depending on the type of business — so a BCP for a law firm is expected to be significantly different than one for an e-commerce venture. However, Ontrack recommends certain general guidelines to follow when formulating a BCP, no matter the business. These include: 

  • Planning for different disruptions, from basic reasons for data loss to calamitous events like flooding and fire.
  • Involving everyone in the formulation of the plan. The more people involved, the more vulnerabilities are addressed, eventually making for a more thorough and detailed plan. 
  • Putting the plan through test runs to see if it actually holds up.
  • Frequently updating the BCP as circumstances change so that it is always relevant and current. 

Upgrade Your Cybersecurity

Turned on monitor displaying function digital_best_reviews; image by Shahadat Rahman, via
Turned on monitor displaying function digital_best_reviews; image by Shahadat Rahman, via

Cybersecurity has never been more important than it is today. According to this article on Tech Times, “there were eight massive data breaches in the first half of 2019, which accounted for the compromise of 3.2 billion records. Three of these eight data breaches are the largest breaches of all time, with one of them being related to the American Medical Collection Agency (AMCA).”

A cyberattack can not only cost a business millions of dollars, but it can also compromise valuable customer data. Consider the security breach of Yahoo, which affected every one of its three billion customer accounts. The hack cost Yahoo $350 million, and that’s not considering indirect costs like damage to Yahoo’s reputation. Similarly, Equifax, a global credit rating agency, suffered a data breach that ended up costing $439 million. 

While big companies like Yahoo and Equifax have the money to recover from cybercrime, small to medium-sized businesses cannot always bear the costs. Furthermore, for law firms in particular, breaches that threaten sensitive information like phone numbers, social security numbers, and credit card details are a serious issue that can result in a complete loss of clients. Thus, cyberattacks can very often leave smaller businesses completely vulnerable, forcing them to shut down. 

To prevent your business from suffering the same fate, it is essential to have the latest cybersecurity measures in place. While firewalls and anti-virus software do still play a role in minimizing cybercrime, they are far from enough to protect your business from a full-scale cyberattack. Sometimes, you might have to convince higher-ups to upgrade to newer, better software. In case there is pushback, be sure to use recent cybercrime statistics to make a convincing presentation to other stakeholders, and focus on the many benefits of switching to advanced cybersecurity programs. 

You also have the option of outsourcing your cybersecurity to companies that can put together a custom security plan. Additionally, it is crucial that all employees go through cybersecurity training so as to be able to recognize a breach as it occurs. Cybercriminals and hackers tend to go after those with the least knowledge, so don’t let your employees be those unfortunate targets. 

Invest in Insurance

No matter how much you plan and prepare, there is no way to fully prevent a disaster from occurring. If one does occur, you’ll want to have business insurance. Smaller businesses often feel as though insurance is a waste of money — but in the event of a disaster, it is insurance that can make the difference between recuperating and shutting shop. Depending on the type of business insurance you choose, some to all of your recovery costs may be covered. 

Insurance is key for online businesses, as well. Like brick and mortar businesses, digital businesses also have certain liabilities. Today, options like Data Breach Insurance exist to help digital businesses recover from hacking events where customer data is stolen. General Liability Insurance, on the other hand, helps businesses stay protected from personal and advertising injury claims. 

Be sure to choose the right business insurance policy based on the type of business and your needs. In cases of international proceedings, be sure that all relevant local insurance documents are translated by vetted legal translators, so as to fully understand your coverage and exclusions. Additionally, as advised by the American Bar Association, always keep a copy of your insurance information in a safe, off-site location. This way, in the event of a disruption, you can always access the insurance information you need. 

While these measures might seem a tad too tedious, remember that the liabilities for losing customer data in case of disruption will always be much greater than the time and money required to implement protective processes such as the ones listed above. Thus, it is important that you have the latest security measures in place to continue to experience business success.

Join the conversation!