top of page


Data Sellers Face Increased Risks for Vendor Breaches

May 9, 2019

Share to:

As data breaches, and claims related to data breaches, become more prevalent, parties that collect or sell data have employed contractual means to insulate themselves from exposure, in the event a third-party vendor mishandles the data.  To draw an analogy, think of this in the context of the New York Labor Law -  building owners contract with general contractors, who in turn, contract with subcontractors, with indemnification flowing "downstream."  The idea being, building owners and general contractors look to protect themselves from liability stemming from the negligence of third parties, and utilize contractual indemnification to protect themselves.

The data breach world has a similar dynamic.  Parties that process, collect and sell data employ, and employ vendors for various reasons, seek to protect themselves from liability stemming from a vendor's mishandling of data.  But according to a <a href="">recent Legaltech News article on breach exposure</a>, the legal responsibility for a breach may still rest with the original seller of that data, regardless of whatever contractual protections that seller has in place.    So much for pushing the liability "downstream!"  The legal analysis of data breaches is literally evolving by the day, both federally and state by state.  If you have questions about this post, or our cyber-liability practice, please contact <a href="">Brian Gibbons</a>.

Headshot of Staff Member


bottom of page