Can I sue a company that compromised my business’s data?
Our K-12 school currently uses a certain web-based company to manage our vast amount of data. This includes personal information, grades, bank accounts, etc.
Today, I noticed that an employee of their company posted a request for help on a forum. Apparently, he was having some trouble with a database connection script. While this is not a problem in itself, the employee posted the entire connection script without blanking out the passwords. The user name and password that is in the script is the master password for the company. It not only has access to our database, but hundreds of other schools as well.
While this probably was unintentional, the fact remains that it was done. We have had other security issues with this company in the fact, too. This lets anyone with knowledge enough to setup a ODBC connection read/write/delete our data. What are our options? Can we sue for Breach of Confidence? Maybe a class-action lawsuit with other schools? Thanks for any advice!
SEYMOUR
Tags: cruzer flashdrive, data center, econometric data analysis, data recovery program, recover data
February 4th, 2009 at 7:05 pm
INA
This is America where you can sue anyone for anything
February 5th, 2009 at 12:19 am
LAVE
You could try. It looks like it’s winnable, with a good lawyer in any event.
February 6th, 2009 at 9:09 pm
ALLY
provided the agreement you signed with this supplier has a clause for secrecy, you can. divulging intelectual property without the oweners consent is an offence. (not only the data in the database is confidential, but so are the paswords that access it)
there might also be a way to pin him on privacy laws, (im not american so im not sure which privacy laws in the us could apply)