- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
May 4th, 2011
Data security breaches are in the news, and companies that experience them are taking public relations hits and suffering loss of consumer confidence. If your business model requires you to collect personal consumer data, you may want to hear about a recent federal case that makes it much easier for consumers to sue companies for data security breaches.
Is data loss – without more – a legally sufficient injury?
Claridge appeared to suffer no measurable damage from the breach, because the hackers apparently did not use Claridge’s personal data for nefarious purposes such as accessing his bank accounts, stealing his identity, or destroying his credit rating. So RockYou filed a motion to dismiss based, in relevant part, on Claridge’s lack of standing under Article 3 of the U.S. Constitution. (In order to sue someone in federal court, you have to allege that you suffered an "injury in fact" – that is a "concrete, tangible, non-speculative harm or loss.") Claridge argued that his personal information was "valuable property" that he exchanged for RockYou’s products and services - and its promise to safeguard that information. While recognizing that personal-information-as-valuable-property was a “novel theory of damages” and expressing “doubts about [Claridge’s] ultimate ability to prove his damages,” the court denied the motion to dismiss, refusing to hold that Claridge had failed to allege an "injury in fact."
Why this matters.
If this theory of damages is adopted by other courts, companies will find it harder to dispose of weak claims at an early stage, adding yet another element to the rising cost of security breaches. In any case, companies must not ignore the importance of protecting consumer data and responding quickly to security breaches. As an initial step, companies should review their online privacy policies to ensure they are keeping their promises to protect personal data.
If you have questions about this alert or any other privacy law matters, please contact Nicole Hyland at (212) 826 5522 or firstname.lastname@example.org, Brian Murphy at (212) 826 5577 or email@example.com, or any other member of the Frankfurt Kurnit Technology, Digital Media and Privacy Group.
Other Technology Law Alerts
Shields On: 9th Circuit Strengthens Legal Defense for Video Game Developers
There's good news for game developers who incorporate real-world elements in their games. On October 20, 2017, the Court of Appeals for the Ninth Circuit affirmed a trial court decision which found that Gran Turismo, a Sony video game, was an expressive work entitled to First Amendment protection
November 2 2017
FTC Settles First-Ever Action Against Individual “Influencers”
September 18 2017
No Harm, No Foul: Court Dismisses Biometric Data Privacy Class Action Against NBA 2K Games
Biometric data — from, e.g., retina, face and fingerprint scans — plays a big role in the current wave of new technology services. For example, biometrics provide security features for financial and healthcare products. But companies using or thinking of using biometric data have to comply with myriad privacy and data security laws and regulations, or face potential enforcement action and litigation.
February 16 2017