Data breaches by large companies have been in the news for some time. Over the last several years several companies, including Marriott, Yahoo and Volkswagon, have been victimized by hackers who have broken into a company’s computer network. In some cases, the hackers have put the company’s confidential information on the internet. In other cases, the hackers have held the company’s information hostage through ransomware.
While companies are rightly concerned about the security of their own networks, there is another risk. Recent court cases are testing the liability of companies and their directors for data breaches suffered by their vendors or service providers.
This is not surprising because companies often need to share confidential information with their vendors or service providers. An example that comes immediately to mind is where a company outsources its payroll management to an outside vendor. In that case, the payroll vendor will necessarily have the names, Social Security numbers and other private information of the company’s employees. If the payroll vendor suffers a data breach, this private information may be disseminated, causing harm to the…
