Businesses can expect more court rulings allowing plaintiffs to pursue damages for data breaches, even where there is no evidence the information was ever improperly used, after an influential appeals court ruled on the issue late last month.
The ruling, concerning a breach at Marsh & McLennan Cos. Inc., is the latest in a line of federal and state court rulings that establish that just the risk of damage, rather than actual harm, can be considered a concrete injury and eligible for a damages award.
“You can minimize your cyber risk by encrypting as much sensitive information as humanly possible,” said Joshua Gold, a shareholder with Anderson Kill P.C. in New York.
He said one approach is to segregate and then restrict access to such data as much as possible.
To read this full article, click here.