If a data breach occurs, when are companies more likely to be sued? Legal complaints, from customers and employees, happen all the time following a data-leakage incident, but exactly which kind of incidents are more likely to force organizations into court?
If they lost a laptop containing your personal data? Dumped your records in the garbage? Got infiltrated by a hacker?
The answers may surprise you.
Sasha Romanosky, a Ph.D. student at Carnegie Mellon University’s Heinz College of Information Systems and Public Policy, and two other researchers, pored through 200 federal data breach suits from 1998 to 2011 to determine the probability of litigation in the event of a data compromise.
He joined me on the SC Magazine Podcast this week to discuss the findings, as well as chime in on the effectiveness of data breach disclosure rules, including the elusive federal law — and whether they encourage organizations to invest more heavily in security.