February 2015
By: Leon Silver, Andy Castricone, & Christina Morgan
“The importance of risk assessment and data security is growing, even for those who don’t already know that the average cost of a data breach for U.S. companies is $5.85 million—Ponemon Institute LLC, 2014 Cost of Data Breach Study: Global Analysis 6. For many large retailers, the costs are substantially higher. For example, Neiman Marcus recently reported that it incurred $12.6 million in expenses relating to its 2013 data breach. Neiman Marcus Group LTD LLC, Quarterly Report (Form 10-K) 39 (Sept. 25, 2014). Target has incurred a staggering $236 million in expenses since its data breach in the fourth quarter of 2013. Target Corp., Quarterly Report (Form 10-Q) 9 (Aug. 27, 2014).
This amount does not account for the potential liability or the potential settlement in the pending class action. See In re Target Corp. Customer Data Security Breach Litigation, No. 0:14md-02522 (D. Minn. filed Apr. 2, 2014). So what’s a retailer to do? Aside from undertaking the measures needed to prevent data breaches and periodically updating those controls, retailers can help limit their exposure in litigation stemming from a data breach by understanding plaintiffs’ constantly evolving means of attack. This article aims to assist retailers and defense attorneys in that task by examining the evolving strategies of the plaintiffs’ bar, reconciling competing court rulings, and offering logistically practical suggestions to implement as part of your data governance program. By Leon Silver, Andy Castricone, and Christina Vander Werf Keeping up to date on the yet-unresolved dynamic of evolving case law in data breach litigation is imperative. “
