The impact of serious data breaches are becoming both more common and more costly for businesses with each major attack. According to the New York State Attorney General, businesses reported 1,300 data breaches in 2016—a 60 percent increase from the prior year—that involved the personal data of 1.6 million New Yorkers. Further, a 2016 independent data breach study conducted by the Ponemon Institute estimated that the average cost of a data breach to a U.S. corporation is roughly $7 million, a 29 percent increase since 2013. When companies find themselves to be victims of a data breach, they must navigate an ever-expanding minefield of complex reputational, regulatory, and legal challenges. This article focuses on the potential for regulatory and civil liability for corporations in the aftermath of a data breach.
via So You’ve Been Hacked: The Changing Landscape of Post-Data Breach Liability | New York Law Journal