- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
May 4th, 2011
Data security breaches are in the news, and companies that experience them are taking public relations hits and suffering loss of consumer confidence. If your business model requires you to collect personal consumer data, you may want to hear about a recent federal case that makes it much easier for consumers to sue companies for data security breaches.
Is data loss – without more – a legally sufficient injury?
Claridge appeared to suffer no measurable damage from the breach, because the hackers apparently did not use Claridge’s personal data for nefarious purposes such as accessing his bank accounts, stealing his identity, or destroying his credit rating. So RockYou filed a motion to dismiss based, in relevant part, on Claridge’s lack of standing under Article 3 of the U.S. Constitution. (In order to sue someone in federal court, you have to allege that you suffered an "injury in fact" – that is a "concrete, tangible, non-speculative harm or loss.") Claridge argued that his personal information was "valuable property" that he exchanged for RockYou’s products and services - and its promise to safeguard that information. While recognizing that personal-information-as-valuable-property was a “novel theory of damages” and expressing “doubts about [Claridge’s] ultimate ability to prove his damages,” the court denied the motion to dismiss, refusing to hold that Claridge had failed to allege an "injury in fact."
Why this matters.
If this theory of damages is adopted by other courts, companies will find it harder to dispose of weak claims at an early stage, adding yet another element to the rising cost of security breaches. In any case, companies must not ignore the importance of protecting consumer data and responding quickly to security breaches. As an initial step, companies should review their online privacy policies to ensure they are keeping their promises to protect personal data.
If you have questions about this alert or any other privacy law matters, please contact Nicole Hyland at (212) 826 5522 or firstname.lastname@example.org, Brian Murphy at (212) 826 5577 or email@example.com, or any other member of the Frankfurt Kurnit Technology, Digital Media and Privacy Group.
Share This Page
Other Technology Law Alerts
Risky Business Just Got Riskier - DOJ Changes Stance on Internet Gambling
Last week the U.S. Department of Justice (DOJ) made waves in the online gambling industry with an Opinion interpreting the Wire Act (18 U.S.C. § 1084). In the Opinion, DOJ's Office of Legal Counsel concluded that most sections of the Wire Act are not limited to sports-related wagers and instead prohibit the use of interstate wires for any bets or wagers. Read more.
January 23 2019
Video Games With Advanced Communications Services Must Now Be Accessible to Players With Disabilities
An important legal waiver recently expired and as a result, video game developers and publishers must now ensure that new and substantially upgraded games comply with the accessibility requirements of the 21st Century Communications and Video Accessibility Act (“CVAA”). Read more.
January 7 2019
Shields On: 9th Circuit Strengthens Legal Defense for Video Game Developers
There's good news for game developers who incorporate real-world elements in their games. On October 20, 2017, the Court of Appeals for the Ninth Circuit affirmed a trial court decision which found that Gran Turismo, a Sony video game, was an expressive work entitled to First Amendment protection Read more.
November 2 2017