Crime against businesses, services and retailers doesn’t usually involve physical businesses as much as it used to. Instead, what we find is a rise in cybercrime from both “freelancers” and hacking syndicates. They want sensitive user information to sell to identity thieves (or use themselves).

Yet, what about the legal consequences to businesses that fall victim to these attacks? Do they have a responsibility to protect information? And what is the extent of that responsibility?

The short answer, it depends.

Let’s look at a few previous cases and breaches to better determine your risk.