Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

KickerFeaturesTopicsCommercial LawRegulationTechnology Media and TelecomSectionsNewsLJN Newsletterse-Commerce Law & Strategy

Privacy v. Data Security

By John Hutchins
February 29, 2016

The year 2005 really marked the beginning of the “era of data breaches,” and with it, the “era of data breach lawsuits.” The ChoicePoint data breach in late 2004, which first became newsworthy in early 2005, was the catalyst. See, “The ChoicePoint Data Security Breach (Feb. '05): What It Means for You,” Privacy Rights Clearinghouse. That breach involved approximately 163,000 records, which by 2005 standards was a “major” data breach, and ChoicePoint was the first organization to notify the data subjects of the breach under the first (and only) data breach notification law in the country ' the California law known back then by privacy experts simply as SB 1386. The media floodgates that opened in the aftermath of ChoicePoint's notification set off a chain reaction that ultimately resulted in similar data breach notification statutes being passed in 47 states, the District of Columbia, and three U.S. Territories, as well as under various federal statutes, including the Gramm-Leach Bliley Act and HIPAA (Health Insurance Portability and Accountability Act). It also resulted in what is now commonplace in the wake of major data breaches ' class action “privacy” litigation on behalf of data subjects, seeking millions of dollars in damages, under a dizzying array of legal theories.

What's perhaps not widely realized is that, more than 10 years later, significant obstacles to would-be class action plaintiffs still exist. In fact, there is still a divide among various U.S. circuit courts as to what is necessary to even establish standing by data subjects in these cases. Many pundits have been theorizing for years that this issue of standing is finally about to be resolved in favor of plaintiffs. But even in the few courts where plaintiffs have achieved favorable decisions on standing, there still has never been a single jury verdict in a consumer class action data breach case. One reason for that is because not a single court in the country has ever even certified a class in such a case. Not one ' in more than 10 years.

There have been many settlements, and many of them have been quite large. But the settlements have been driven mostly by the non-legal risks of data breaches ' the public relations nightmare, the customer churn, the glare of the regulatory spotlight, and the mounting legal fees.

Read These Next
Yachts, Jets, Horses & Hooch: Specialized Commercial Leasing Models Image

Defining commercial real estate asset class is essentially a property explaining how it identifies — not necessarily what its original intention was or what others think it ought to be. This article discusses, from a general issue-spot and contextual analysis perspective, how lawyers ought to think about specialized leasing formats and the regulatory backdrops that may inform what the documentation needs to contain for compliance purposes.

Hyperlinked Documents: The Latest e-Discovery Challenge Image

As courts and discovery experts debate whether hyperlinked content should be treated the same as traditional attachments, legal practitioners are grappling with the technical and legal complexities of collecting, analyzing and reviewing these documents in real-world cases.

Identifying Your Practice's Differentiator Image

How to Convey Your Merits In a Way That Earns Trust, Clients and Distinctions Just as no two individuals have the exact same face, no two lawyers practice in their respective fields or serve clients in the exact same way. Think of this as a "Unique Value Proposition." Internal consideration about what you uniquely bring to your clients, colleagues, firm and industry can provide untold benefits for your law practice.

Risks and Ad Fraud Protection In Digital Advertising Image

The ever-evolving digital marketing landscape, coupled with the industry-wide adoption of programmatic advertising, poses a significant threat to the effectiveness and integrity of digital advertising campaigns. This article explores various risks to digital advertising from pixel stuffing and ad stacking to domain spoofing and bots. It will also explore what should be done to ensure ad fraud protection and improve effectiveness.

Turning Business Development Plans Into Reality Image

This article offers practical insights and best practices to navigate the path from roadmap to rainmaking, ensuring your business development efforts are not just sporadic bursts of activity, but an integrated part of your daily success.