John W Dozier Jr spoke at the annual Internet Retailer conference in June on data protection and managing the liabilities that can arise. Faced with a data loss, an online retailer or marketer or other business entity is often faced with notification laws, liability to banks for losses, FTC and State Attorney General investigations, and class action lawsuits. Given these exposures, most online businesses simply cannot survive to live another day. So John W Dozier Jr offered four suggestions to avoid and manage the risk of data loss:
1) Beware the Wolf in Sheep's Clothing: While your biggest concern may be the loss of credit card information, the fact is that much litigation is coming from inside jobs. Maintain your data internally on a "need to access" basis, and be vigilant in guarding against employee and contractor misappropriation. Don't let those with access to your data do any affiliate marketing on the side, for instance, and have strong written contracts with employees and contractors that will discourage the "borrowing" of your data.
2) Use Salt Liberally: Place your own (preferably fictitious) personally identifiable information in your databases so if they are stolen you will be the recipient of the end use of the data. Banks have been doing this for years. It's called "salting". Sprinkle into your databases information like an anonymous email address so if your data is stolen you'll get an email if someone decides to spam with it.
3) Put it on the Other Guy: No, don't just blame someone else. That's nothing new. Actually anticipate this issue arising and guard against assuming liability brought about by others. Make sure you have indemnification provisions in your web development, web hosting and other third party contracts so if the access is not your fault, you can look to a third party for reimbursement of your losses.
Traverse Internet Law specializes in the law of the web representing businesses. Contact one of our online retailer lawyers for a risk-free consultation.