Accountability for Negligent Information Security

Almost all of us voluntarily share our private or confidential information with businesses. We trust banks, hospitals, grocery stores, retailers, restaurants, and social media companies with it. These entities rely on and use our information. Most of them could not earn profits without it. They have a duty to take reasonable steps to protect our private and confidential information from external hackers and insider threats. Many of them employ or contract with information security and privacy professionals who design, implement, audit, manage, and modify their information security and privacy programs.

The businesses we trust with our information can breach their duties to reasonably safeguard it if they fail to reasonably identify known and foreseeable risks, design programs to mitigate or eliminate the risks, manage those programs, audit those programs, or modify those programs as technology and threats evolve. Some of these duties arise from state or federal laws that prescribe standards for safeguarding our information. Some of these duties arise from contracts or terms of use agreements whereby businesses make promises to clients, customers, or third-party beneficiaries to reasonably safeguard their private information. Some of these duties arise from industry best practices or frameworks that businesses claim they use or adopted so they can attract or impress more clients or customers. When businesses breach their duties to reasonably safeguard private or confidential information and their breaches cause their clients, customers, or patients harm, they may be held liable in civil courts if they refuse to fairly compensate the people or businesses their negligent or reckless conduct harmed.

Cybersecurity cases often require a lot of pre-litigation investigation and research. It is important to contact an attorney who has experience litigating data breach or negligent disclosure cases as soon as you discover you have been harmed by a data breach or an unauthorized disclosure of your private information.


We represent individuals, businesses, and corporations who suffered substantial economic harm because other individuals, businesses, or corporations failed to reasonably safeguard their private or confidential data or information.


Contact our law firm to schedule a paid consultation with an attorney who has cybersecurity expertise and litigation experience.