If your company handles other people’s sensitive data through a software vendor, two questions are now urgent. First, can you still rely on the longstanding California defense that says no liability attaches unless an unauthorized party actually viewed the data? And second, when a vendor sits between you and the end users whose information was exposed, who exactly has the …
