Like a rider hailing an overcrowded uberPOOL heading to O’Hare on a busy weekday, the City of Chicago has joined the feeding frenzy surrounding the recently disclosed and controversially handled Uber breach.
At the recent 2017 GreyCastle Cybersecurity Symposium: Generation Cyber, I had the pleasure of presenting the “Top 10 Legal Pitfalls to Avoid in Relation to a Data Breach.”
For years now, business organizations have had a ready and reliable defense to the customer class-action lawsuits that inevitably follow whenever a new data breach is announced: You can’t sue us because any damage from the breach is purely speculative unless the names, addresses, credit card numbers, etc., that were stolen in the attack have actually been misused for fraudulent purchases or identity theft. No harm (yet), no foul.
As we have noted previously on the new DFS cybersecurity regulations, 23 N.Y.C.R.R. Part 500, the regulatory process is—by definition—vastly more swift and adaptable than the legislative process. What may get bogged down in legislative committee for months or years can be hammered out in a matter of days in the administrative state.