Data Privacy

American businesses spend an average of $7.01 million on a single data breach, including the price of notifying potentially affected individuals and ensuing legal costs. As the amount of data collected from and about people explodes, the number of breaches has also grown. Companies affected by data breaches subsequently face significant enforcement by federal and state regulators, as well as litigation by opportunistic plaintiffs' lawyers. Data privacy, as a result, is predicted to become “the new asbestos.” Reforms can help curb unreasonable costs to businesses while still providing relief to those who have truly been harmed. read more...


Information holders no longer just have to worry about whether employees are disposing of data correctly—from domestic hackers to hostile foreign governments, cyberattacks have grown in number and in sophistication. As businesses work to navigate the evolving landscape, they find themselves bombarded by federal and state regulators using outdated laws, to plaintiffs seeking large settlements despite showing no actual injury from a data breach.

It is unclear for businesses what the scope of their liability is and to whom. The U.S. has a patchwork of federal laws intended to protect personal information. At the same time, states have passed their own laws, which impose different (and sometimes contradictory) requirements for data privacy, including when and how victims of data breaches must notify their customers. Regulators have struggled to keep pace with the rising number of incidents and individuals’ concerns, with the result being a piecemeal, hastily-assembled legal regime.

A standard federal law governing breach notification requirements, preempting state laws, would provide much-needed predictability for businesses and protect them from abusive and overlapping enforcement. There is public support for this commonsense solution. Only those who are actually at risk or who have been harmed by a data breach should get notice or be able to sue.

Moreover, vague laws prohibiting unfair and deceptive practices, from Section 5 of the Federal Trade Commission (FTC) Act to similar state laws, are ripe for abuse; the FTC and some state attorneys general have broadly wielded them to go after businesses’ privacy and security practices. To make matters worse, individual and class action plaintiffs, led by the plaintiff’s bar, have jumped on the bandwagon as well.

It is important that privacy laws address real harms and place reasonable limits on liability while discouraging meritless suits that simply take advantage of businesses. Holding businesses to impossible standards and allowing excessive and duplicative litigation hurts Americans and the economy.

Research

A Perilous Patchwork: Data Privacy and Civil Liability in the Era of the Data Breach

October 27, 2015 | This paper provides an overview of the patchwork of civil liability that U.S. companies face over data breaches, including actions by federal regulators, state attorneys general and private plaintiffs.

Lawsuit Ecosystem II: New Trends, Targets and Players

December 04, 2014 | This report, authored by a distinguished group of practitioners, explores the evolving lawsuit "ecosystem." It considers how plaintiffs' lawyers generate litigation and significant developments that will spur more lawsuits or rein in excessive liability.

All Results for Data Privacy

Data Breaches Soar to Record Levels in New York

March 23, 2017 | News and Blog

New York businesses disclosed nearly 1,300 incidents of data security breaches in 2016 that compromised 1.6 million residents, writes Law360. Read More »

In the News Today - March 16, 2017

March 16, 2017 | News and Blog

U.S. courts approved the highest number of securities class action settlements since 2010. Continuing the growth observed in the prior year, there were 85 approved settlements in 2016, five more than in 2015. Both years are a substantial increase over the annual numbers from 2011 through 2014. Additionally, the $6 billion of approved settlements in 2016 was nearly double the total settlement value in 2015. Read More »

Of Lawsuits and Data Security

March 15, 2017 | News and Blog

Technology is a powerful thing. But it can also be very dangerous. It's advancing at a speed that gives businesses, small and large, a plethora of new opportunities to innovate and grow. However, it often outpaces the law. Read More »

In the News Today - February 1, 2017

February 01, 2017 | News and Blog

According to a newly released Pew Research Center study "many Americans lack faith in various public and private institutions to protect their personal information from bad actors." Out of 1,040 adults surveyed, 64 percent reported they have personally experienced a major data breach. Read More »

New FTC Chair Will Shift Data Security Focus to Actual Harm

January 27, 2017 | News and Blog

Maureen Ohlhausen was appointed acting chairwoman of the Federal Trade Commission (FTC) this week. Law360 writes that she is likely to steer the FTC "away from privacy and consumer protection issues where consumer harm isn't crystal clear, and could finally answer businesses' long-standing calls for clarity on what exactly constitutes ‘reasonable' data security efforts." Read More »

In the News Today - January 11, 2017

January 11, 2017 | News and Blog

Tune in at 9:30 am EST as U.S. Chamber of Commerce President and CEO Thomas J. Donohue delivers his annual State of American Business address to outline the top challenges facing the business community and the Chamber's policy priorities for 2017. Click here to watch live. Read More »

Opening Remarks: Lisa A. Rickard

October 27, 2016 | Video

Watch »

In the News Today - June 27, 2016

June 27, 2016 | News and Blog

"Starbucks CEO Howard Schultz must be wincing" over a class action suit against the company for under-filling lattes, "but perhaps he has new appreciation for those who fight America's tort-lawyer thievery." Read More »

  • bulletClick to Narrow Your Results