- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
May 4th, 2011
Data security breaches are in the news, and companies that experience them are taking public relations hits and suffering loss of consumer confidence. If your business model requires you to collect personal consumer data, you may want to hear about a recent federal case that makes it much easier for consumers to sue companies for data security breaches.
Is data loss – without more – a legally sufficient injury?
Claridge appeared to suffer no measurable damage from the breach, because the hackers apparently did not use Claridge’s personal data for nefarious purposes such as accessing his bank accounts, stealing his identity, or destroying his credit rating. So RockYou filed a motion to dismiss based, in relevant part, on Claridge’s lack of standing under Article 3 of the U.S. Constitution. (In order to sue someone in federal court, you have to allege that you suffered an "injury in fact" – that is a "concrete, tangible, non-speculative harm or loss.") Claridge argued that his personal information was "valuable property" that he exchanged for RockYou’s products and services - and its promise to safeguard that information. While recognizing that personal-information-as-valuable-property was a “novel theory of damages” and expressing “doubts about [Claridge’s] ultimate ability to prove his damages,” the court denied the motion to dismiss, refusing to hold that Claridge had failed to allege an "injury in fact."
Why this matters.
If this theory of damages is adopted by other courts, companies will find it harder to dispose of weak claims at an early stage, adding yet another element to the rising cost of security breaches. In any case, companies must not ignore the importance of protecting consumer data and responding quickly to security breaches. As an initial step, companies should review their online privacy policies to ensure they are keeping their promises to protect personal data.
If you have questions about this alert or any other privacy law matters, please contact Nicole Hyland at (212) 826 5522 or firstname.lastname@example.org, Brian Murphy at (212) 826 5577 or email@example.com, or any other member of the Frankfurt Kurnit Technology, Digital Media and Privacy Group.
Other Technology Law Alerts
No Harm, No Foul: Court Dismisses Biometric Data Privacy Class Action Against NBA 2K Games
Biometric data — from, e.g., retina, face and fingerprint scans — plays a big role in the current wave of new technology services. For example, biometrics provide security features for financial and healthcare products. But companies using or thinking of using biometric data have to comply with myriad privacy and data security laws and regulations, or face potential enforcement action and litigation.
February 16 2017
ZeniMax v. Oculus: Lessons from a $500 Million VR Case Verdict
The Oculus Rift has been one of the most anticipated technology developments in modern video game history. Now — as a result of avoidable mistakes — it is also a teaching case for lawyers advising clients in the interactive entertainment space. Here's a rundown of the case and the traps the developers fell into.
February 9 2017
Are Augmented Reality Games Liable for Depictions of Buildings, Trademarks or Artwork?
In the few weeks since its release, Pokémon™ GO has dominated the interactive entertainment landscape. The augmented reality game has reportedly achieved more than 30 million downloads and lots of buzz. But as its popularity grows, so do questions about its legal implications - including the use of landmarks, buildings, monuments, and other frequented locations.
July 27 2016