Academic journal article Journal of the International Academy for Case Studies

The Hack Attack at Winter's Tale Publishing: The Business Law Perspective

Academic journal article Journal of the International Academy for Case Studies

The Hack Attack at Winter's Tale Publishing: The Business Law Perspective

Article excerpt


The case can be examined across a business program in multiple courses to provide students with a holistic approach to evaluating the ramifications of business decisions to multiple dimensions of an organization. The case can also be addressed in an individual course. Upon reading, analyzing and discussing the case from the business law perspective, students should:

1. Be able to recognize the importance of a well-designed and legally compliant company hiring policy, and how to conduct a proper background check on potential employees.

2. Learn the elements of tort liability in negligence and defamation actions, and how to avoid/minimize such liability.

3. Be able to identify requirements for a business under Section 5 of the Federal Trade Commission's Act (FTC Act: 15 USC 45) and how to protect against violations of the Act.

4. Become aware of how to properly protect client privacy information, and learn the nature of a company's liability under state consumer notification laws.


The case can be taught from multiple perspectives in several different courses such as upper level marketing, business strategy, business law, human resources, forensic accounting/auditing, and information technology management. The following case notes address the issues from the perspective of business law. Case coverage should take approximately 30 to 45 minutes of course time; expect an extended time allocation if including question/answer research and discussions. Senior level students may be asked to analyze and write up the case using a case analysis template such as:


Identification of Legal Issues

Strengths and Weaknesses of Potential Causes of Action

Recommended Approaches to Identified Issues

Recommended Precautionary Measures and Implementation (what should have been done to prevent this situation.)

Possible business law questions that may be provided to students include the following:

1. After the data breach, several of Winter Tale's client authors discovered that the IT manager, Will Martin, was a convicted computer hacker. It appears that Will had provided a previous employer's computer data file access to an associate, who later stole personal information from the system and sold it to a criminal identity theft ring. It has filtered back to John that the authors are planning to file a "negligent hiring" suit against Winter's Tale Publishing. John has never heard of such an action, but is concerned that his failure to check Will's references may be a major factor in the case. What are the general elements of a "negligent hiring" cause of action, and do the authors have a potential case against Winter's Tale? Assuming that a negligent hiring action does exist in this situation, what safeguards should the publishing house consider adding to their future hiring practices?

A negligent hiring cause of action is made by an injured party against an employer, claiming that the employer knew or should have known that an employee's background posed a threat to the welfare of others. Nearly every state recognizes the negligent hiring tort, and the claim is based on the concept that it is the responsibility of an employer to take reasonable care in a hiring action. "To bring a prima facie case for negligent hiring, a plaintiff must demonstrate that: (1) employer was required to make an appropriate investigation of employee and failed to do so; (2) an appropriate investigation would have revealed the unsuitability of the employee for the particular duty to be performed or for employment in general; and (3) it was unreasonable for the employer to hire the employee in light of the information he knew or should have known." (Reuters, 2015). Although negligent hiring cases most often involve employees with high intensity public contact, such as real estate agents, delivery personnel, and healthcare workers, such actions against companies who employ individuals with computer crime convictions is increasing. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.