Inside Business – Small Business Data Concerns

By Joshua J. Butera

Now, more than ever, data is likely a valuable commodity for your business. Customer data is crucial not only for marketing but also can help tailor your products to your customers. Data analytics tools can also help you analyze your own business; providing data on what areas your business is performing well and what areas may need additional attention.

The value that data can bring to your business is balanced by the effort necessary to protect such data. A business may be liable for cybersecurity or data breach if it did not implement sufficient safeguards to protect the data. In addition to any liability, there is also the damage to the business’s goodwill that may follow a data breach. You do not want to be in a position where you have to notify your customers that their personal data was compromised.

Protecting Your Data

The first step in protecting your business’s data is to create a cybersecurity plan. The Federal Communications Commission website provides a customizable guide as a starting point. (It is available here: Your cybersecurity plan should be multi-faceted: you should have a plan for backing up your data (frequency? physically or in the cloud?), educating your employees, and having appropriate anti-virus protection.

Of course, the need to protect your data does not mean your small business needs its own IT department. There are several online services, such as Amazon Web Services and Google Cloud, as well as IT firms of all sizes that can assist your business.

While creating a cybersecurity plan, you may also consider a data retention plan. A data retention plan provides a policy in writing on how long you plan to save certain data and how you intend to do so. There are at least three benefits to having such a policy. First, related to cybersecurity, if you no longer have a need for data, the costs of a data breach or losing that data far outweigh keeping it. Second, although the price of storing data continues to get cheaper, there is nevertheless no need to pay to store date that you do not need. Finally, a formal policy on data retention provides transparency when you do dispose of unwanted data. For example, if you were ever served with a lawsuit and had deleted data relevant to the claim, a formal data retention policy would protect the business by showing that deletion was consistent with the business’s policies.


What if, despite having a cybersecurity plan, your business suffers a data breach? Will your general commercial liability insurance cover any associated losses? It likely depends on the specific language in your insurance policy. There is a separate, robust cybersecurity insurance market and insurers have largely argued that general commercial liability does not cover data breaches. Some courts have held that general commercial liability insurance does cover a data breach, but these rulings are limited to specific policies. Insurers have responded by amending policies and explicitly carving out cybersecurity coverage. To be certain, it is best to review your insurance coverage with your insurance agent and attorney to ensure you have sufficient coverage.

Knowledge Library

Receive Our E-News

Client Review

What is extremely unique about PLDO is that they are great lawyers who actually care about me and my business. They make me feel as if I am the most important client in the firm and I am certain that all of their clients feel the same way. 

Michael Droitcour
PresidentThe Droitcour Company