Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

KickerFeaturesTopicsCommercial LawRegulationTechnology Media and TelecomSectionsNewsLJN Newsletterse-Commerce Law & Strategy

Privacy v. Data Security

By John Hutchins
February 29, 2016

The year 2005 really marked the beginning of the “era of data breaches,” and with it, the “era of data breach lawsuits.” The ChoicePoint data breach in late 2004, which first became newsworthy in early 2005, was the catalyst. See, “The ChoicePoint Data Security Breach (Feb. '05): What It Means for You,” Privacy Rights Clearinghouse. That breach involved approximately 163,000 records, which by 2005 standards was a “major” data breach, and ChoicePoint was the first organization to notify the data subjects of the breach under the first (and only) data breach notification law in the country ' the California law known back then by privacy experts simply as SB 1386. The media floodgates that opened in the aftermath of ChoicePoint's notification set off a chain reaction that ultimately resulted in similar data breach notification statutes being passed in 47 states, the District of Columbia, and three U.S. Territories, as well as under various federal statutes, including the Gramm-Leach Bliley Act and HIPAA (Health Insurance Portability and Accountability Act). It also resulted in what is now commonplace in the wake of major data breaches ' class action “privacy” litigation on behalf of data subjects, seeking millions of dollars in damages, under a dizzying array of legal theories.

What's perhaps not widely realized is that, more than 10 years later, significant obstacles to would-be class action plaintiffs still exist. In fact, there is still a divide among various U.S. circuit courts as to what is necessary to even establish standing by data subjects in these cases. Many pundits have been theorizing for years that this issue of standing is finally about to be resolved in favor of plaintiffs. But even in the few courts where plaintiffs have achieved favorable decisions on standing, there still has never been a single jury verdict in a consumer class action data breach case. One reason for that is because not a single court in the country has ever even certified a class in such a case. Not one ' in more than 10 years.

Read These Next
The DOJ's Corporate Enforcement Policy: One Year Later Image

The DOJ's Criminal Division issued three declinations since the issuance of the revised CEP a year ago. Review of these cases gives insight into DOJ's implementation of the new policy in practice.

The DOJ's New Parameters for Evaluating Corporate Compliance Programs Image

The parameters set forth in the DOJ's memorandum have implications not only for the government's evaluation of compliance programs in the context of criminal charging decisions, but also for how defense counsel structure their conference-room advocacy seeking declinations or lesser sanctions in both criminal and civil investigations.

Use of Deferred Prosecution Agreements In White Collar Investigations Image

This article discusses the practical and policy reasons for the use of DPAs and NPAs in white-collar criminal investigations, and considers the NDAA's new reporting provision and its relationship with other efforts to enhance transparency in DOJ decision-making.

Bankruptcy Sales: Finding a Diamond In the Rough Image

There is no efficient market for the sale of bankruptcy assets. Inefficient markets yield a transactional drag, potentially dampening the ability of debtors and trustees to maximize value for creditors. This article identifies ways in which investors may more easily discover bankruptcy asset sales.

A Lawyer's System for Active Reading Image

Active reading comprises many daily tasks lawyers engage in, including highlighting, annotating, note taking, comparing and searching texts. It demands more than flipping or turning pages.