Breach of fiduciary duty is a “failure to fulfill an obligation to act in the best interest of another party (customers). Plaintiffs may claim that federal privacy laws…and state consumer protection laws create fiduciary duties that are breached when data is lost or stolen” (Zurich, 2010, p. 6). Under breach of fiduciary duty, the retail store is liable if it fails to uphold the company’s duty to protect customers’ sensitive data because protecting customer data falls within the best interests of the customers. Finally, the retail store may face a breach of contract lawsuit. A breach of contract is a “failure to fulfill a condition of a contract. In the case of data breach claims, the contract in question may not be a (signed) physical document…plaintiffs may claim the defendant’s written privacy policy (protecting consumer data) is a contract” (Zurich, 2010, p. 6). If the retail store possessed a written policy, depicting their commitment to protect customers’ sensitive data, then exists the possibility of an impeding breach of contract grievance by the store’s …show more content…
Additionally, the store’s post-incident actions should be transparent and demonstrate a concern for victimized stakeholders, not just a concern for lost profit. The retail store’s first action should be to immediately contact and inform appropriate law enforcement authorities of the data breach (FTC, 2011, p. 23). Once law enforcement authorities are privy to the incident, the store should execute measures to ensure no additional customer data leaks from the company’s information system (Experian, 2014, p. 7). The store’s next step should be to contact all stakeholders (customers, credit card companies, credit bureaus…) whose sensitive data was potentially compromised. The notifications should be detailed enough to provide stakeholders with adequate information in order to enable the efficacy of their individual responses to minimize (or prevent) damages they incur from the breach. Additionally, the store should offer free credit monitoring services to customers in order to assist their actions to help abate or prevent damages suffered by the data breach (Experian, 2014, p.