The Internet is a widely popular venue for businesses to reach customers to advertise and provide their products and services. The far-reaching nature of an online presence allows companies to greatly expand their operations. However, many businesses operate in industries that are removed from information technology (“IT”) services. Therefore, they must hire outside firms to provide IT services. Stated otherwise, they would have to outsource to a third party. These IT services can include building a website, managing a website, providing security for a website, and managing databases of business and customer information. For customer information, the database may contain personal information (e.g. name, date of birth, driver’s license or social security number, medical information, health insurance information, credit or debit card number, or email address along with a username/password).
An outside IT firm may be legally liable in the unfortunate event when there is a breach of a company’s network infrastructure, including, but not limited to, its website or database. In addition, the IT firm may be legally liable if the company’s website does not operate properly. While the struggling ObamaCare website is fast becoming an example of a failed IT project, all sorts of private, public, and government agencies looking to establish an online presence may face the same results.
At the Law Offices of Salar Atrizadeh, an experienced and knowledgeable attorney will assess the circumstances specific to your failed IT project to determine the legal ramifications and available remedies. An evaluation can help determine whether there was a breach by an outside IT firm, whether your company has a duty to provide notice to customers regarding the breach, and what causes of action are available to you and your business.
A breach into a company’s network infrastructure may render trade secrets and intellectual property vulnerable to outside attack. If company trade secrets are stolen, the company hired to provide security for the website may be liable for failing to take reasonable steps to protect the company. In the event that a company’s current or former employee caused the breach that led to the loss of trade secrets or intellectual property, the company may have a claim against that employee.
If the breach did not lead to lost trade secrets or intellectual property, but instead exposed customer information to outside attack, the business may hire a computer forensics team to evaluate the breach, determine the underlying violation, and attempt to secure the company. Indeed, under California’s Civil Code, businesses have a duty to provide “reasonable security” for a customer’s personal information. According to Senate Bill No. 46 (SB 46), which was passed on September 27, 2013, companies now have a heightened notification requirement to provide notice to customers if a breach has made their usernames or email addresses available to unauthorized third parties. Furthermore, if a company shares this information with a third party, it has a responsibility to ensure the third party also has security measures in place to protect the personal information.