Legal Question in Technology Law in Washington

I know of an organization that has collected thousands of records of information including addresses, DOB, and SSN for people across the US. This information is stored on an accessible cloud share to anyone in the organization and is regularly downloaded to personal computers. The personal computers are not encrypted and are not password protected. The people in charge know that this is not right and continue to keep things status quo. What are the legal ramifications when and not if a data breach occurs?


Asked on 7/29/14, 3:03 pm

1 Answer from Attorneys
Charles Cruikshank Cruikshank Law Office-Since 1975

They probably are safe from any legal repercussions.

The first threshold is one of evidence: How do you prove that these unnamed persons about which you speak are the ones that leaked your personal information, after criminals obtained and used your information to turn your life upside down?

The second threshold is a matter of law: The standard defense in a lawsuit against the people, if they can be identified, who are exposing thousands of other people to risk in this fashion is what courts and lawyers call "assumption of risk."

If you let people have your personal information without some certainty that they will keep it secure, then you have "assumed the risk" of what happens when these people are negligent or even malicious.

The courts may find that you knew or should have known of the risk and agreed to assume that risk for whatever benefit you were seeking when you gave your personal information to the nincompoops who are not willing or able to protect it (and you.)

Read more
Answered on 7/29/14, 4:31 pm


Related Questions & Answers

More Computer & Technology Law questions and answers in Washington