To reduce threat of lawsuits, “friend” risk management best practices

By Toby Levy, Vice President, Technology

Facebook is the subject of a class action suit over claims that Facebook violated it's privacy agreement by accessing users’ private messages, scanning links sent in messages and sharing this activity with advertisers, data aggregators and marketers. The lawsuit demands $100 per user for each day of violation, or $10,000 per user.

Privacy concerns create risk for Tech companies

Privacy continues to be a hot button issue among consumers — and makes the headlines. The reality is that many of our activities offline, as well as online, are tracked: shopping habits are profiled via savings and loyalty cards; traffic cameras designed to catch violators watch our comings and goings; credit card companies profile and share users’ spending habits.

But as accusations of privacy violations continue to be launched, Tech companies that collect, store or share consumer data are at risk. Even if a consumer lawsuit is dismissed, defending a lawsuit can cost the firm thousands and ruin its reputation with negative publicity.

Tips for reducing for consumer liability

Here are some steps Tech companies can take to reduce their risk:

  • Understand privacy expectations – No matter the size of the firm, when collecting consumer data, consumers should be informed about how data will be used, whether it will be shared, and have a means to opt-out of data collection if they choose.
  • Review consumer-facing privacy notices often – In addition to ensuring that privacy notices are easy to find and understand, the policy should be reviewed often. For example, whenever a new partnership or marketing approach is developed, current privacy notices and terms and conditions should be reviewed by the legal team. Keeping records of “due diligence” will go a long way toward bolstering the defense against a consumer lawsuit.
  • Check the data security of partners – Don’t forget the cyberliability angle of privacy. Tech companies should make sure their partners have good practices to guard against data breach. When companies transfer personally identifiable information to a third-party, they still could be held liable if the partner accidentally loses or shares data or it is breached by hackers.
  • Evaluate Errors & Omissions coverage – Cases like the one against Facebook punctuate the need for Technology-specific Errors & Omissions coverage, a coverage that some Tech companies may resist. Help clients understand that the coverage will help to protect the company financially against accusations of privacy breach, and other lawsuits alleging financial injury to a third-party arising from their products or services.