Ask the Compliance Experts: What to do if someone threatens to sue you due to data compliance and processing issues?


In 2021, Webbula launched a video series, 'Ask the Email Experts' where we sat down with email industry experts to discuss various topics within the email marketing world. 

Webbula would like to introduce our new series. 'Ask the Compliance Experts'. A series that will spread compliance and security awareness within the email industry utilizing top deliverability and compliance experts within the industry.

Subscribe to our newsletter to keep up with new each month.  

Are you a compliance expert and want your voice to be heard in the series? Let us know! 


Ask the Compliance Experts: What to do if someone threatens to sue you due to data compliance and processing issues? 

Yanna-Torry Aspraki
Dennis Dayman
Tawab Safi 







Yanna-Torry Aspraki

Deliverability Specialist and CRO of EmailConsul


Of course, some of these “rules” can be a pain to our marketing or lead generation strategy but businesses don’t just wake up to a hefty fine one day unaware of what could have gone wrong. From what I have experienced or heard from my peers, the government is here to help everyone, individuals and businesses/senders. If there are things you aren’t doing correctly or can be done differently, they will advise and warn you. Fines tend to go to businesses who don’t want to change or implement any changes that are needed of them, or that are grossly negligent with data and privacy, for example. The most important part of warnings, fines, or even getting delisted from a blocklist is understanding some changes needed to be implemented. Furthermore, taking those positive steps toward compliance while remaining patient and courteous is crutial. Things won’t change in a day or because you wrote a very angry email. The rule of thumb is following best practices. Always! Personally, I would fear damaging my sender reputation by not following best practices more than getting sued!





Dennis Dayman

Resident Chief Information Security Officer of Proofpoint


The first step is to relax. Remember that most threats don't reach the stage of actual lawsuits because resolving or proving a privacy complaint via a court of law is a high-effort and expensive process. Most customers are likely willing to threaten a lawsuit to show how upset they are with their experience. That being said, that doesn't mean you should completely disregard their threat. Instead, acknowledge their dissatisfaction and follow your escalation procedures. If you rush to a solution or freeze and panic for help, you can end up saying things that further agitate the customer. 
  • Acknowledge the complaint as soon as possible after it is received. Speedy acknowledgment conveys an early impression that your company is responsive and efficient and saves time by preventing the complainant's follow-up. Even if the complaint requires further investigation or will be dealt with informally, quickly acknowledging the complaint can build the foundation for effective communication with the complainant.
  • Understand the reason, identify and address privacy complaints early.
    • It is unlikely that the initial complaint will contain all the information you need to decide how to deal with it. Talking with the complainant gives them a chance to tell their story and know that they are being heard. Ask questions and/or summarize the issues back to the complainant will help ensure you understand their position. This will assist in understanding the complainant's interests and how best to resolve their complaint and will help prevent misunderstandings. It also gives you the opportunity to find out their concerns and why they made the complaint. Sometimes a privacy complaint may express greater dissatisfaction with the company, for example, about how they have been treated. If this appears to be the case, resolving those underlying issues may help resolve the privacy complaint. 

A complainant who believes they have been listened to and their concerns have been heard will be more willing to resolve their complaint.

  • Give a meaningful apology.
    • One of the most common outcomes sought by complainants is an apology. Apologizing does not automatically mean your company agrees that its actions were terrible, nor does it stop a company from providing information about how its actions complied. A person complains because they are unhappy or dissatisfied. Even where your company hasn't breached its obligations, a complaint made means your company's actions negatively impacted the individual. Apologizing for this impact, especially when it is communicated sincerely, can go a long way towards informally resolving the issue and restoring the relationship between the individual and the company.







Tawab Safi

CEO of InnSolu


The first step is to avoid being sued due to data compliance. Data breach lawsuits can be hefty and push you out of business. A lawsuit will only be threatened if there is evidence of negligence or misconduct. If a company is not prepared to deal with the financial implications of litigation, then it may find itself in serious debt. This has been seen many times before where firms have lost millions due to legal proceedings and fees associated with bringing these cases forward. 

In other words, lawsuits can be a costly and unwanted experience for companies. A lawsuit against your company will not only have implications on your monetary resources, but the adverse impacts may spread out to harm the company's brand image, or in worst-case scenarios, some businesses are forced to shut down. To prevent this, have comprehensive security policies and procedures in place. 

If a lawsuit is threatened, the first step is to seek legal counsel, as it will help you understand your risks and exposures. You should also take immediate steps to remediate the issue. This may include increasing security, notifying affected individuals, and cooperating with law enforcement.

Meanwhile, your steps should also be to get to the root cause and determine which of your actions led to the data breach. Once that is done, the immediate next step is to remediate any vulnerabilities that are found, as it will help to prevent a data breach from happening in the first place. 

An ongoing process that a company should always follow is to make sure all staff are trained in different policies and procedures that prevent a data breach. If these steps were not in place previously, now is an excellent time to start the process as it will help to ensure that all staff is aware of their roles and responsibilities in preventing a data breach. 

The next step is to ensure you encrypt sensitive data as it will help protect the data if there is a data breach. If a data breach has been spotted as the root cause, the next step is to cooperate with law enforcement, as it will help to catch the perpetrators, prevent future breaches, and even help you build up your case against the threatening party. 

Another step is to update your firewall and antivirus software with the latest security features to help defend against attacks. 

Simultaneously, you should listen to professional advice from your lawyers. Once you understand your legal rights and obligations better, you can decide how to proceed. Depending on the circumstances, you may be able to reach a compromise with the person who is threatening to sue. Alternatively, you may need to take steps to ensure that your data processing practices comply with the law. You can choose any action, but remember to act quickly and decisively to protect your interests. 


  1. You could be threatened to be sued only if you don't follow best practices for data processing. 
  2. Understanding the risks associated with data processing allows a business to take timely steps to mitigate those risks. 
  3. It is important to have regular reviews of these policies and procedures to make sure they are up-to-date and effective.






If you enjoyed this post, be sure to look for future posts in this video series by signing up for our weekly newsletter!

Check back next month to listen to our next round of email experts' answers to, "What to do if someone threatens to sue you due to data compliance and processing issues."


Verify, Protect and Grow Your Database