In 2010, a Ponemon Institute study found that 85 percent of American companies fell victim to an organizational data breach during 2009 (Zurich, 2010, p. 2). The Ponemon Institute findings illustrate a necessity for businesses to expect to be a target for nefarious actors who seek to procure sensitive customer data. In the assignment scenario, the retail store unwittingly became a member in the growing percentage of organizations faced with customer data breaches. In an attempt to dissect and analyze the retail store’s customer data breach, I will begin this essay with the legal obligations and repercussions that the company faces, both criminal and civil. Secondly, I will attempt to distill, from the analysis, sound ethical responses
…show more content…
Breach of fiduciary duty is a “failure to fulfill an obligation to act in the best interest of another party (customers). Plaintiffs may claim that federal privacy laws…and state consumer protection laws create fiduciary duties that are breached when data is lost or stolen” (Zurich, 2010, p. 6). Under breach of fiduciary duty, the retail store is liable if it fails to uphold the company’s duty to protect customers’ sensitive data because protecting customer data falls within the best interests of the customers. Finally, the retail store may face a breach of contract lawsuit. A breach of contract is a “failure to fulfill a condition of a contract. In the case of data breach claims, the contract in question may not be a (signed) physical document…plaintiffs may claim the defendant’s written privacy policy (protecting consumer data) is a contract” (Zurich, 2010, p. 6). If the retail store possessed a written policy, depicting their commitment to protect customers’ sensitive data, then exists the possibility of an impeding breach of contract grievance by the store’s …show more content…
Additionally, the store’s post-incident actions should be transparent and demonstrate a concern for victimized stakeholders, not just a concern for lost profit. The retail store’s first action should be to immediately contact and inform appropriate law enforcement authorities of the data breach (FTC, 2011, p. 23). Once law enforcement authorities are privy to the incident, the store should execute measures to ensure no additional customer data leaks from the company’s information system (Experian, 2014, p. 7). The store’s next step should be to contact all stakeholders (customers, credit card companies, credit bureaus…) whose sensitive data was potentially compromised. The notifications should be detailed enough to provide stakeholders with adequate information in order to enable the efficacy of their individual responses to minimize (or prevent) damages they incur from the breach. Additionally, the store should offer free credit monitoring services to customers in order to assist their actions to help abate or prevent damages suffered by the data breach (Experian, 2014, p.
Breach of fiduciary duty is a “failure to fulfill an obligation to act in the best interest of another party (customers). Plaintiffs may claim that federal privacy laws…and state consumer protection laws create fiduciary duties that are breached when data is lost or stolen” (Zurich, 2010, p. 6). Under breach of fiduciary duty, the retail store is liable if it fails to uphold the company’s duty to protect customers’ sensitive data because protecting customer data falls within the best interests of the customers. Finally, the retail store may face a breach of contract lawsuit. A breach of contract is a “failure to fulfill a condition of a contract. In the case of data breach claims, the contract in question may not be a (signed) physical document…plaintiffs may claim the defendant’s written privacy policy (protecting consumer data) is a contract” (Zurich, 2010, p. 6). If the retail store possessed a written policy, depicting their commitment to protect customers’ sensitive data, then exists the possibility of an impeding breach of contract grievance by the store’s …show more content…
Additionally, the store’s post-incident actions should be transparent and demonstrate a concern for victimized stakeholders, not just a concern for lost profit. The retail store’s first action should be to immediately contact and inform appropriate law enforcement authorities of the data breach (FTC, 2011, p. 23). Once law enforcement authorities are privy to the incident, the store should execute measures to ensure no additional customer data leaks from the company’s information system (Experian, 2014, p. 7). The store’s next step should be to contact all stakeholders (customers, credit card companies, credit bureaus…) whose sensitive data was potentially compromised. The notifications should be detailed enough to provide stakeholders with adequate information in order to enable the efficacy of their individual responses to minimize (or prevent) damages they incur from the breach. Additionally, the store should offer free credit monitoring services to customers in order to assist their actions to help abate or prevent damages suffered by the data breach (Experian, 2014, p.