Data Privacy

American businesses spend an average of $7.01 million on a single data breach, including the price of notifying potentially affected individuals and ensuing legal costs. As the amount of data collected from and about people explodes, the number of breaches has also grown. Companies affected by data breaches subsequently face significant enforcement by federal and state regulators, as well as litigation by opportunistic plaintiffs' lawyers. Data privacy, as a result, is predicted to become “the new asbestos.” Reforms can help curb unreasonable costs to businesses while still providing relief to those who have truly been harmed. read more...


Information holders no longer just have to worry about whether employees are disposing of data correctly—from domestic hackers to hostile foreign governments, cyberattacks have grown in number and in sophistication. As businesses work to navigate the evolving landscape, they find themselves bombarded by federal and state regulators using outdated laws, to plaintiffs seeking large settlements despite showing no actual injury from a data breach.

It is unclear for businesses what the scope of their liability is and to whom. The U.S. has a patchwork of federal laws intended to protect personal information. At the same time, states have passed their own laws, which impose different (and sometimes contradictory) requirements for data privacy, including when and how victims of data breaches must notify their customers. Regulators have struggled to keep pace with the rising number of incidents and individuals’ concerns, with the result being a piecemeal, hastily-assembled legal regime.

A standard federal law governing breach notification requirements, preempting state laws, would provide much-needed predictability for businesses and protect them from abusive and overlapping enforcement. There is public support for this commonsense solution. Only those who are actually at risk or who have been harmed by a data breach should get notice or be able to sue.

Moreover, vague laws prohibiting unfair and deceptive practices, from Section 5 of the Federal Trade Commission (FTC) Act to similar state laws, are ripe for abuse; the FTC and some state attorneys general have broadly wielded them to go after businesses’ privacy and security practices. To make matters worse, individual and class action plaintiffs, led by the plaintiff’s bar, have jumped on the bandwagon as well.

It is important that privacy laws address real harms and place reasonable limits on liability while discouraging meritless suits that simply take advantage of businesses. Holding businesses to impossible standards and allowing excessive and duplicative litigation hurts Americans and the economy.

Research

The ILR Research Review - Spring 2017

May 08, 2017 | This edition of the ILR Research Review offers valuable insights from ILR's recent research on the latest trends in litigation and the tactics and strategies entrepreneurial plaintiffs' firms are using to expand their business models and bring more lawsuits in local, state, federal, and international courts.

Engineered Liability: The Plaintiffs' Bar's Campaign to Expand Data Privacy and Security Litigation

April 19, 2017 | As data breaches are becoming more commonplace, the plaintiffs' bar is engineer a staggering expansion of liability in the areas of privacy and data security. Class action lawyers are pursuing data privacy cases and amassing fortunes even where no one has been harmed. This paper examines the data privacy and security legal landscape, plaintiffs' bar tactics, major cases and settlements, and a suggested framework for reform.

All Results for Data Privacy

In the News Today - October 16, 2017

October 16, 2017 | News and Blog

Spike in IL lawsuits vs employers over fingerprints, other biometric data may be just the beginning; Carson: Government considering ending use of False Claims Act against FHA lenders Read More »

In the News Today - September 13, 2017

September 13, 2017 | News and Blog

Litigation Risk Ebbs Even As Data Hacks Rise, Report Says: Law firm Bryan Cave released a report on data breach litigation, which found that data breach class actions went up by seven percent in 2016 over 2015, though the number of breaches that attracted litigation went down. Read More »

Inconsistent Data Breach Rulings Raises Chances of SCOTUS Consideration

August 17, 2017 | News and Blog

Circuit courts appear to be split on whether the fear of damage from a potential data breach gives plaintiffs standing to bring a putative class action lawsuit. Experts say this raises the chances the U.S. Supreme Court would consider the issue, writes Business Insurance. Read More »

In the News Today - May 10, 2017

May 10, 2017 | News and Blog

The American Bar Association called on Congress to pursue national data protection standards for companies that handle consumers' financial data. "It's time to get serious about building a security infrastructure that brings banks, payment networks and retailers together," ABA said. "It's time to pass a strong, consistent national standard for fighting data breaches." Read More »

The ILR Research Review - Spring 2017

May 08, 2017 | Research

This edition of the ILR Research Review offers valuable insights from ILR's recent research on the latest trends in litigation and the tactics and strategies entrepreneurial plaintiffs' firms are using to expand their business models and bring more lawsuits in local, state, federal, and international courts. Read More »

In the News Today - April 21, 2017

April 21, 2017 | News and Blog

Trevor McFadden, Acting Principal Deputy Assistant Attorney General for the Department of Justice Criminal Division, said that prosecutors are "committed to wrapping up old Foreign Corrupt Practices Act cases and investigating new ones more quickly." Read More »

Engineered Liability: The Plaintiffs' Bar's Campaign to Expand Data Privacy and Security Litigation

Author: Divonne Smoyer and Kimberly Chow, Reed Smith LLP | April 19, 2017 | Research

As data breaches are becoming more commonplace, the plaintiffs' bar is engineer a staggering expansion of liability in the areas of privacy and data security. Class action lawyers are pursuing data privacy cases and amassing fortunes even where no one has been harmed. This paper examines the data privacy and security legal landscape, plaintiffs' bar tactics, major cases and settlements, and a suggested framework for reform. Read More »

Torts of the Future: Addressing the Liability and Regulatory Implications of Emerging Technologies

Author: Cary Silverman, Phil Goldberg & Jonathan Wilson, Shook, Hardy & Bacon L.L.P. | March 29, 2017 | Research

Torts of the Future examines the emerging technology sectors of autonomous vehicles, commercial drones, private space exploration, the "sharing economy," and the Internet of Things, and assesses the existing regulatory and litigation environments and future liability trends for each. The paper also draws from experience in each area to present guiding principles for addressing the liability and regulatory implications of emerging technologies. Read More »

Data Breaches Soar to Record Levels in New York

March 23, 2017 | News and Blog

New York businesses disclosed nearly 1,300 incidents of data security breaches in 2016 that compromised 1.6 million residents, writes Law360. Read More »

In the News Today - March 16, 2017

March 16, 2017 | News and Blog

U.S. courts approved the highest number of securities class action settlements since 2010. Continuing the growth observed in the prior year, there were 85 approved settlements in 2016, five more than in 2015. Both years are a substantial increase over the annual numbers from 2011 through 2014. Additionally, the $6 billion of approved settlements in 2016 was nearly double the total settlement value in 2015. Read More »

  • bulletClick to Narrow Your Results