this post was submitted on 26 Nov 2023
16 points (86.4% liked)

No Stupid Questions

46 readers
1 users here now

There are no stupid questions.

Follow site rules.

Don't be a fascist.

founded 4 years ago
MODERATORS
 

Just something I'm curious about as I can totally imagine it happening in the real world.

Let's say that Healthcorp is a medical services provider of some kind, and as such are required to keep certain records for a certain amount of time. They sign a contract with Archivetopia to keep safe all the records that they absolutely have to hold onto. However, the guy that used to work at GitLab got hired for Archivetopia, and he accidentally deletes a ton of entries from their database, which included Healcorp's records, and there is no way to recover any of it. Then, Healthcorp gets subpoena'd, so they call up Archivetopia only to find out they can't produce the records they need.

Who is liable in this case?

top 13 comments
sorted by: hot top controversial new old
[–] [email protected] 10 points 11 months ago

Healthcorp is still liable, you can subcontract a job, but uou can't subcontract the responsibillity.

What I mean is that Healthcorp should have procedures to test the backup, and as soon as it failed, they should inform the government.

It can also be asked, why Healthcorp only had one backup of the data, when it is best practice to have a 3-2-1 backup system, if Archivetopia offered a service as a 3-2-1 solution, why didn't Healthcorp select that? If they did why didn't they verify the claims of the service?

At the end, Healthcorp would get hit with a fine, but they in turn could sue Archivetopia for breach of contract.

[–] [email protected] 8 points 11 months ago (1 children)

That may be the beginning of a chain of lawsuits starting with Healthcorp because the first breach of contract would be between them and the patient. They would then bring a lawsuit against the contractor for their failures that breached contract between companies.

This is guesswork, mind you and if someone has a sure answer I'd be interested in knowing. Great question!

[–] [email protected] 3 points 11 months ago
[–] ultranaut 7 points 11 months ago (2 children)

Unless Healthcorp can be shown to have contributed to the loss of data, I would think Archivetopia will take the full blame. For example, if they knew Archivetopia was prone to losing data and had a good chance of losing their data then perhaps they could also share in the liability.

[–] MimicJar 4 points 11 months ago

That makes the most sense to me. I imagine if Healthcorp were found liable, or even had a hint that they might be liable, they would turn around and sue Archivetopia (or execute whatever penalty clause they had already agreed to, assuming it covered all related damages.)

[–] [email protected] 1 points 11 months ago
[–] [email protected] 4 points 11 months ago (1 children)

Who is liable in this case?

What country did this happen in?

Without this all the answers will be useless if the person answering lives somewhere you don't.

[–] [email protected] 1 points 11 months ago (1 children)

Good point. I guess the US since most people here are probably from there.

[–] [email protected] 2 points 11 months ago (1 children)

most people here are probably from there.

I'm not...

While that may have been true of reddit, I have my doubts.

[–] [email protected] 1 points 11 months ago (1 children)

Fair enough, I'm curious about if this was in your country then.

[–] [email protected] 3 points 11 months ago

My guess would be:

Healthcorp would be in serious trouble as they are responsibly for the records.

Archivetopia would also be up for breach of contract but that would be a separate case and Healthcorp would not be able to abrogate their responsibility.

[–] [email protected] 3 points 11 months ago (1 children)

I'm not a lawyer, but I think this would be on archivetopia. I think the question would be whether healthcorp had taken reasonable care to preserve these records, or had been negligent by leaving them entirely in the hands of archivetopia. It seems to me that the former would be the case, and that archivetopia has failed to appropriately safeguard those files, if a random employee can delete them without any procedures in place to prevent that or to keep additional backups.

Obviously there are multiple points of failure here - any one out of healthcorp, archivetopia, or the employee could have acted differently to prevent this. But if healthcorp had a reasonable expectation that handing these documents over to archivetopia would meet their obligations to preserve them, they should be in the clear - just as they would be if their document warehouse met all health and safety regulations but somehow burned down anyway. In both cases, they did what they could but events beyond their control resulted in data loss. In both cases, there is still a question about reasonable care: Did their warehouse meet all safety requirements? Did they have good reason to believe that these documents would be safe with archivetopia? If the answer to those questions is no, they are still at fault. If yes, they are in the clear.

On top of this, archivetopia is certainly at fault (multiple parties may be in the wrong here). And of course, the employee is at fault, although I don't know if they'd be legally culpable or if it would be an internal matter.

Not a conclusive answer, but I hope this helps to clarify some of the considerations involved.

[–] [email protected] 2 points 11 months ago