Monday, November 9, 2015
Standing in Data Breach Cases
Standing in data breach cases has been tossed around with the tossing hinging on "harm" and its reality. The Eastern District court for Pennsylvania weighed into this issue. After years of hesitation to find standing in data breach cases, federal courts are now viewing factors to base standing. When the matter has been the disclosure of personally identifiable information (PII), the courts have not found standing in data breach because they required evidence of actual usage of that PII. The actual suffering of identity theft attacks brings upon the effects that the courts are seeing as highly relevant to finding standing in data breach cases.
In a case where computers were stolen and the files were not encrypted, the court found that the company breached its contract to protect personally identifiable information when the company did not safeguard the computers and did not reasonably invest in cyber security. The court in that light allowed the restitution claim to proceed as well as the breach of contract to protect the PII of employees and former employees.
The harm claimed by the plaintiff was demonstrated by the misappropriation of the plaintiff’s identity and its bank account, in addition to credit cards usage, financial transactions and employment applications filed using plaintiff’s identity. Despite the defendant’s claim that plaintiff’s harms were speculative, the court viewed them as a result of the fraudulent transactions that were made using the plaintiff’s identity and that sufficed to give the plaintiff standing in a data breach case.
See Enslin v. The Coca-Cola Co., No. 2:14-CV-06476 (E.D. Pa. Sept. 29, 2015).
Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.