I just finished a short, 9-page guide for implementing business continuity in any organization. It includes links to tools and additional guides. It is free for download from http://bit.ly/2nQbxDT
Some courts making ‘it might happen’ grounds for litigation
The U.S. appeals courts are split on whether the simple perception or belief that stolen data might be used is grounds for litigation.
A recent federal appeals court ruling in a putative class action lawsuit that says plaintiffs can sue even if there is only fear of, but no actual, damage from a data breach further deepens an appeals court split on the issue and enhances its chances of being considered by the U.S. Supreme Court, experts say (Greenwald, 2017)
This is interesting and concerning. All organizations are vulnerabile to an attack. No security framework is perfect. Prevention, detection, and response are all important actions taken by diligent organizations, so how these are implemented and conducted should be considered. Juries and judges are likely not to understand this.
I agree that negligence should is grounds for litigation. However, no organization that promptly and effectively responds to a breach should not be held liable. Thoughts?