Data Breaches Can Lead to Significant Problems for Small Businesses

Millions of small businesses nationwide may need to consider tech insurance as a means of safeguarding themselves against potential issues that may come as a result of suffering data breaches, which are growing more common, and more problematic after the fact.

Many companies are in charge of maintaining and protecting data of all types, and those storing medical information may be particularly at risk for dealing with major problems when it is exposed, either through hacking attacks or accidents, according to a report from Reuters. When lost or stolen laptops, hard drives, and other devices contain sensitive patient information, it's very likely that a lawsuit will soon follow.

Data from the U.S. Department of Health and Human Services shows that since 2009 alone, 587 healthcare data breaches affected more than 22 million people, with almost two in five larger incidents involving information stored on portable devices, the report said. Consequently, dozens of suits have been brought against these companies, and more recently, the ways in which these cases are being claimed has changed dramatically. Plaintiffs in data breach lawsuits used to have major issues proving that the incident caused them financial harm, and so now many lawyers who handle these cases instead sue for breach of contract and unjust enrichment, on a class-action rather than individual basis. In general, it's believed these types of suits could prove far more successful and lead more data breach victims to pursue such paths.

Why this is happening
The reason this could be a better tactic for lawyers to use, in general, is that part of the agreements consumers enter into with companies that maintain their sensitive personal information are expected to do all in their power to protect it, the report said. When they fail to do so, that may be viewed, in some instances, as a breach of contract, because they still received payment from those affected by these incidents. Just such a case in Florida has advanced farther than most other data breach lawsuits, with a circuit court overturning a decision against plaintiffs in a class action suit, rendered originally by a district court, over an insurance company with laptops containing information for 1.2 million having been stolen.

"People are paying the insurance company for a bunch of things, and one of them is to have their information kept secure," Jay Edelson of Edelson LLC in Chicago, who represented the plaintiffs in that case, told the newspaper. "Forget about if people have suffered identity theft: If they paid money and didn't get this protection, they lost the benefit of the bargain, and that's what the court endorsed."

However, other lawyers are less optimistic that these types of suits will succeed because typically when laptops are stolen, it is not because the thieves want the data that may be stored on them, but rather just to resell them for a quick payday, the report said. That, in turn, may mean that plaintiffs have a difficult time proving that they expected specific protocols to be followed when protecting such information.

Why this can be trouble for small business owners
Larger companies that save sensitive data may be far better equipped to protect it than smaller ones because they may have far larger budgets for security. As a consequence, independent companies are typically far more likely to be hit with data breaches that can cause major issues and significantly increase costs. For this reason it may be wise for such companies to invest in small business insurance that specifically shields them against the high costs of remediating data breaches, which can sometimes stretch into the millions.