Virtual Liabilities: Cyber Risks and Self-Storage
The self-storage market has been valued globally at over $40 billion. As part of the industry’s growth and expanded use of technology to operate these businesses, self-storage operators are increasingly exposed as the targets of potential litigation, especially in the area of cyber and data liability.
These days, self-storage operators must not only tackle the regulatory compliance issues that are part of their state lien laws, but they must also hold themselves accountable to a myriad of other laws that impact their day-to-day management. Based on the size of their operations, facility operators must be aware of and comply with the Fair Credit Reporting Act (FCRA), Fair and Accurate Credit Transactions Act of 2003 (FACTA), California Consumer Privacy Act (CCPA), state and federal security breach notification laws, the Payment Card Industry Data Security Standard (PCI DSS), global requirements under the European Union’s General Data Protection Regulation (GDPR), and other federal and state cyber and data requirements.
As it stands now, all 50 states have enacted some form of data breach notification law, which imposes certain obligations on companies to notify customers when personally identifiable information is compromised. These laws require businesses to provide notification to their affected customers. In some states, notification is required to be made to state regulators and oftentimes incurs the expense of credit monitoring for the customer’s ongoing protection. Another growing area of potential cyber liability arises from the privacy laws that have been enacted already in a number of states, including California, Colorado, and Virginia. These state privacy laws control the types of data that companies can collect, limit how that information can be shared, and provide rights to the customer to “opt out” of any third-party sales (including the right to data destruction after use).
Although there have been discussions about the creation of a federal law to cover all privacy rights, it appears more likely that we’ll see the introduction of state-by-state privacy protection laws, each with their own compliance requirements. Self-storage operators need to be prepared to address these risks and the likely litigation issues which may arise from these risks as part of their standard operations. The following are some risk management obligations for self-storage operators to consider:
1. Re-drafting all web-based and mobile application privacy policies and terms of service provisions to address statutory legal notice requirements.
2. Reviewing all third-party technology licensing agreements and any data sharing agreements to address indemnity provisions for data loss.
3. Preparing action plans to respond to potential allegations of misuse of data, including requests for information from state attorney generals and/or the Federal Trade Commission.
4. Preparing action plans to respond to issues including online defamation and/or violations of social media terms of service.
5. Reviewing cyber insurance coverage solutions to handle data breach defense and related liability expenses.
6. Performing privacy and security-based due diligence to assess risks in mergers and acquisitions including the area of post-closing data integration management.
7. Developing incident response plans and cyber-attack response measures including breach containment, incident investigation, consumer notification, law enforcement and government relations communications, data and evidence preservation, regulatory reporting, and litigation management.
Unfortunately, the risks of cyber liability and compromise via data breach cannot be ignored as the self-storage industry shifts to more and more web-based and mobile applications where customer data is collected, stored, and utilized on a regular basis. The time has come to address these risks and prepare accordingly.
More Content
Popular Posts
The self storage industry is in a precarious...
The REITs new pricing strategy – lowering...
There are an estimated 700,000 hotels in the...
In a booming economy, expendable income...
Boat and RV storage has morphed and...
The question of “abandonment” of stored...
Self-storage is not an industry that is...
Joe Shoen, CEO of U-Haul, has had enough.
National Storage Affiliates Trust (NSA), the...
It’s said that necessity is the mother of...
With the approval of both companies’...
It’s odd that I ever get the “last word,”...
Mother Nature can be a cruel mistress....
As children, most of us played “follow the...
Over the last five years, as the use of...
Recent Posts
Thousands of atoms can be contained in an...
Most storage facility owners want to expand...
"It was one of my first shifts as a new...
Joe Shoen, CEO of U-Haul, has had enough.
Fires in self-storage facilities can have a...
If you’ve read the story about our 2024...
Self-storage is a space that’s full of...