Magazine article Information Management

Organizations Are Typically Liable for Vendor-Related Breaches

Magazine article Information Management

Organizations Are Typically Liable for Vendor-Related Breaches

Article excerpt

To date, errant steps taken by third-party vendors have caused many notorious data breaches. The Netflix, Target, and Verizon incidents, for example, are just a few that can be cited. Such failures to protect data can lead to bad press, operational headaches, hits to the bottom line, and a host of fines and lawsuits.

How liable are the vendors? A recent LegalTechNews.com article offers answers to the question. Depending on the situation, a breach of an organization's data by a third-party vendor could open a company up to legal and regulatory liabilities under many state, federal, and international laws. Jason Vanto, of the law firm Polsinelli, says that even though a cybersecurity incident happens outside an organization, the organization is still liable for it because it's the custodian of the data. Further, according to Vanto, there's an expectation for organizations "to retain vendors that can keep the data secure."

Legal liability can vary based on such factors as state notification laws and industry sector. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.