Monday, July 25, 2005

Lawsuits broach data-security breaches

The Fort Wayne Journal Gazette is carrying an informative article originally from the Wall Street Journal on class action lawsuits stemming from the recent rash of security/privacy incidents.
Journal Gazette | 07/25/2005 | Lawsuits broach data-security breaches

"... The Marin County, Calif., salesman, along with two other plaintiffs, has filed a class-action lawsuit in California Superior Court in San Francisco against CardSystems Solutions Inc., which last month acknowledged that hackers had obtained information on approximately 200,000 credit- and debit-card accounts. The payment-processing concern might have put the personal information of as many as 40 million consumers at risk, including Schultz’s Visa debit-card account.

Schultz, 52, hasn’t discovered fraudulent activity in connection with his Visa account; and even if he wins, he isn’t likely to recoup much money for the time and trouble of monitoring his account and changing his automatic-payment arrangements.

But his suit against CardSystems, of Tucson, Ariz., might help answer one of the biggest questions arising from the recent rash of data-security breaches: Who should pay for damages?

In an earlier era, when little was known about particular hackings, accountability was difficult and data losses were deemed an unavoidable annoyance. Now, merchants, banks, payment processors, credit-card associations and even security auditors and software makers face the prospect of liability for lax practices.

“There is going to be a flood of lawsuits by both consumers and businesses,” said Mark Rasch, a former Justice Department prosecutor and now senior vice president for Solutionary Inc., a security-audit firm in Bethesda, Md. ..."

No comments: