Christopher Ballod Quoted by Legaltech News on Capital One Breach
(August 2, 2019) – Data Privacy & Cybersecurity Partner Christopher E. Ballod was recently quoted by Legaltech news for their article “Capital One Breach: Whose Liability Is It Anyway?” The article discusses the recently disclosed massive data breach at Capital One Financial Corp. and whether the bank’s use of Amazon Web Services’ (AWS) cloud infrastructure imputes any liability onto Amazon.
“AWS contracts are very detailed and tend to favor Amazon, not surprisingly. … With contracts like that it’s always difficult to get some liability share onto Amazon or the cloud host,” Mr. Ballod told Legaltech news.
However, as Mr. Ballod also noted, because the alleged perpetrator of the breach is a former AWS employee, this could defeat any contractual limitations of liability if it’s shown that she somehow used proprietary information in order to execute the breach.
“I think it would have to do with what she was exposed to prior during her employment, what Amazon did insofar as making it so she couldn’t take advantage of information she had,” said Mr. Ballod, explaining that companies aren’t required to update their security systems every time they lose an employee, but protecting against potential intrusions from those familiar with a system should begin well before a parting of ways.
Mr. Ballod is a partner in Lewis Brisbois’ Philadelphia and Pittsburgh offices. He has both the Certified Information Privacy Professional/United States (CIPP/US) credential required to perform ISO 27002 audits, and the Certified Information Privacy Professional/Europe (CIPP/E) credential.
Read the full Legaltech news article here (subscription may be required).