Transparency When It Comes To Online Security Breaches - Technologist
Technologist - The FindLaw Legal Technology Blog

Transparency When It Comes To Online Security Breaches

FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the internet.

The hacking of commercial websites can have real world consequences. Case in point: http://www.lush.co.uk

The United Kingdom website for Lush, a cosmetics retailer, voluntarily was shut down after having been hacked recently. According to an announcement posted on the website, ongoing monitoring demonstrated that the site continues to be targeted for further hacking entry attempts.

Thus, in order not to put its customers “at risk,” the website will remain closed. Meanwhile, Lush plans to set up an independent website soon that will be able to take orders for Lush products and will accepts payments via PayPal.

Notwithstanding the hacking and subsequent site shut down, Lush has emphasized that orders can be placed in its stores and over the telephone. That is well and good, but of course, Lush would prefer not to have lost the revenue stream from its UK website. Plainly, hacking causes business interruption and decreased revenue flow for companies that are victims of such activities. And one of the reasons for such interruption and decreased revenues is the potential responsibilities owed by companies to their customers.

Companies will be looked to by their customers and possibly by regulators to be transparent in terms of online security breaches and to protect the private data of customers. Indeed, according to Internet legal expert Jonathan Armstrong, the UK has adopted new rules on online advertising and the Office of Fair Trading there recently instituted a campaign on online fairness.

In a best case scenario, hackers will not be successful in penetrating and disrupting websites. But when they do succeed, remedial actions and openness make abundant sense.

Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP http://www.duanemorris.com where he focuses on litigation matters of various types, including information technology and intellectual property disputes. His Web site is http://www.sinrodlaw.com and he can be reached at ejsinrod@duanemorris.com To receive a weekly email link to Mr. Sinrod’s columns, please send an email to him with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.

Related Resources: