OK, I freely admit that I was trying to be cutesy when I titled my April 19 blog entry “Waiting for More Shoes to Drop?” But it seems that I was prescient, because indeed, another shoe has dropped — in the form of a lawsuit against DSW Shoe Warehouse by the Ohio Attorney General.
The issue of liability for stolen data is going to become an increasingly ripe topic for debate as more and more data breaches become known to the public. A growing number of Federal Trade Commission enforcement actions, such as the Guess? Jeans case, have put companies on notice that they should expect to be held responsible if they fail to take reasonable precautions to prevent data theft.
As I discussed on The David Lawrence Show earlier this week, the idea of holding software companies responsible for security problems in their products isn’t a new one. And it’s only a small logical leap from there to holding companies responsible for failure to use readily available technologies — such as database encryption — to protect vulnerable data.