A Texas bank recently asked a federal court to declare that its Internet banking security system is “commercially reasonable” in light of the occurrence of a recent online identity theft where consumer’s bank account funds were stolen. One of the bank’s clients stated that it lost funds due to the bank’s failure to “employ commercially reasonable security measures” in its Internet banking system during several wire transfers. However, the bank seeks a judgment that its methods were in fact commercially reasonable, apparently because the bank met industry standards for funds transfers in the banking industry. The bank further alleges in its complaint that the client’s lost funds were caused by a person who obtained access to transmitting facilities of the client or who obtained the information that facilitated the client’s security breach from the client itself, rather than as a result of the online identity theft event that affected the bank’s other consumers.
Tip: It may be possible that by following industry standard measures for data security, a company can avoid liability for failure to adequately protect data or systems through which data is transmitted.