Whose Fault is it When a Company’s Website is Hacked?

Consideration was given for the editing and publication of this post.

The issue of accountability when a company’s website is hacked and a data breach occurring is not that straightforward. Most believe that the business holding such information is at fault for allowing the breach to occur, but if stringent security testing and processes have been put in place then it can be argues there was nothing more that could be done. Still, depending on the exact nature of the hacking, it can sometimes be easier to see where the blame lies.

Current Consumer Laws

The data protection bill is designed to provide some legal level for when data breaches occur in the UK. However, there are still some issues with it and no proper system in place for consumers affected by a data breach to get proper redress. One suggestion is for the process to be streamlined so that independent bodies can represent consumers negatively impacted by a data breach.

In the USA individual state laws provide some level of protection, with California passing the first data breach law in 2003. Such laws require that consumers are notified if any of their personal information is compromised.

Liability for a Data Breach

If the worst happens and your business does experience a hacking and data breach, then there are a few potential parties who could be liable. As always, enough evidence must be present to prove/disprove any liability claims:

  • Web designer: If they have simply copied design code without proper testing
  • Coder/programmers: Again, through negligence in simply copying coding rather than thoroughly testing
  • CMS system: Vulnerabilities within it can lead to a hacking
  • Hosting company: It could be your hosting company is affected by malware or a virus, allowing it to spread
  • Your company: For not putting in place proper testing and security measures to minimise the risk of hacking

Prevention Measures

The best way to significantly reduce the chance of a data breach or hacking is to thoroughly test all protection measures. Constantly update software to ensure the latest versions are in action, offering the most effective protection to deal with evolving threats.

Liability insurance can also help protect businesses, as a data breach can be an expensive problem to deal with, as well as affecting your reputation. There are a wide variety of policies which can be taken out and implemented.

Always be vigilant with your company website where personal consumer data is concerned, to avoid being held responsible for any issues.