Specialist data protection and cyber-security lawyers warn that SMEs could suffer disproportionately due to a malicious data protection leak.
Moore Blatch recently carried out research amongst SMEs which shows that 76% of the companies surveyed are concerned about cyber-security, with 17% having experienced a cyber-attack.
However, the issue for small businesses that may cater for high net individuals, such as antique jewellers, could be far worse financially due to the often more personal relationship that they have with their customers and the less utility-based products and services they provide, compared to larger businesses.
The key issue is that, while hackers are most interested in financial information, new legislation allows a customer to seek financial recompense for the distress caused by the loss of all their data, which for many people might mean that the financial data loss could be a secondary issue compared to their purchasing behaviour.
The legislation follows the recent Google Inc. v Vidal-Hall case where it is was agreed that claims can now also be made for emotional distress caused by a breach of the Data Protection Act 1998, even though no financial loss has been suffered.
For example, whilst a gas company may hold the same financial details as an SME, the loss of the product details, i.e. that you are a gas user, is unlikely to cause distress. A jeweller, on the other hand, might lose details of your antique jewellery collection, and the same principle applies across many business types, such as classic car dealers or fine wine sellers and boutique art dealers.
Financial loss because of reputational damage, and loss of trust are also likely to hit SMEs harder as for many this is one of their key trading propositions.
Paul Whitaker, partner, Moore Blatch, says: “The most commonly discussed financial cost relating to a cyber-attack and loss of data is the potential fine from the Information Office Commissioner. But, while this should not be ignored, the real financial issues for many SMEs lie elsewhere, as the loss of the client’s relationship and details about products and services lost could cause far greater emotional stress. Therefore, if an antique jeweller is hacked or loses client data, the claim for emotional distress could be far higher.”