Q
Problem solve Get help with specific problems with your technologies, process and projects.

Is settling a data breach lawsuit the best option for enterprises?

In the unfortunate event of a data breach lawsuit, it's often better to settle before the case reaches court. Expert Mike O. Villegas explains why and how CISOs can help.

Many of the major data breaches in recent years have resulted in class action lawsuits, and in virtually every...

case that's been resolved has resulted in the enterprise settling with plaintiffs. As a CISO, do you think settling is the best idea? Is a lawsuit something enterprises should prepare for in the event of a data breach? If so, how should they prepare?

Most attorneys will tell you that settling makes much more sense than going to court. One of the primary reasons for this is that it is less expensive to settle. Going to court means there will be expenses for attorney fees, expert witnesses, extensive depositions during discovery, travel and time. Settling eliminates the majority of those expenses. Another important reason to settle a data breach lawsuit is publicity. Details of the case can be kept private if the company settles. It's bad enough that the company has to settle with customers or partners affected by a breach, but to have the data breach lawsuit drawn out in court and to make the details public record is not good for business. Sometimes trials can take years to come to a decision and that in itself is costly and a reputation risk.

Even if the company wins the case, the affected party can still drag the process out longer with an appeal. During the settlement discussions, there is more flexibility as to what can be said and how evidence is provided. In a court case, there are rules of evidence and procedure that make it cumbersome, time-consuming and, again, expensive. Lastly, there is a "Not Guilty" verdict if you settle. It is a way to pay for an error on the part of the company without admitting guilt.

So when does a data breach lawsuit go to court? Almost never, but if the settlement terms are not fair and would exceed the cost of going to trial, then the latter is the better option. However, the affected party is ultimately the one that decides whether or not to settle.

The CISO should never assume the data breach lawsuit will be settled or not. He should always take due care to preserve the chain of custody, ensure computer systems are not tampered with accidentally or advertently, and preserve affected systems based on rules of evidence. The CISO has no influence over which way the case will go and he shouldn't; leave that to the attorneys. Just make sure that if the data breach lawsuit goes to trial, you have done everything to maintain the integrity of the affected systems and evidence.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Find out if the 2014 Neiman Marcus data breach lawsuit set a precedent

Learn how to avoid data breach lawsuits

Discover how the FTC lawsuit against Wyndham Hotels affects enterprises

This was last published in September 2016

Dig Deeper on Information security laws, investigations and ethics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you agree that it's better to settle data breach lawsuits? Why or why not?
Cancel
For financial reasons, I'd say yes. Though I do wonder about how it affects public perception - there might be the assumption of guilt in that instance.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close