Data Privacy

American businesses spend an average of $7.01 million on a single data breach, including the price of notifying potentially affected individuals and ensuing legal costs. As the amount of data collected from and about people explodes, the number of breaches has also grown. Companies affected by data breaches subsequently face significant enforcement by federal and state regulators, as well as litigation by opportunistic plaintiffs' lawyers. Data privacy, as a result, is predicted to become “the new asbestos.” Reforms can help curb unreasonable costs to businesses while still providing relief to those who have truly been harmed. read more...


Information holders no longer just have to worry about whether employees are disposing of data correctly—from domestic hackers to hostile foreign governments, cyberattacks have grown in number and in sophistication. As businesses work to navigate the evolving landscape, they find themselves bombarded by federal and state regulators using outdated laws, to plaintiffs seeking large settlements despite showing no actual injury from a data breach.

It is unclear for businesses what the scope of their liability is and to whom. The U.S. has a patchwork of federal laws intended to protect personal information. At the same time, states have passed their own laws, which impose different (and sometimes contradictory) requirements for data privacy, including when and how victims of data breaches must notify their customers. Regulators have struggled to keep pace with the rising number of incidents and individuals’ concerns, with the result being a piecemeal, hastily-assembled legal regime.

A standard federal law governing breach notification requirements, preempting state laws, would provide much-needed predictability for businesses and protect them from abusive and overlapping enforcement. There is public support for this commonsense solution. Only those who are actually at risk or who have been harmed by a data breach should get notice or be able to sue.

Moreover, vague laws prohibiting unfair and deceptive practices, from Section 5 of the Federal Trade Commission (FTC) Act to similar state laws, are ripe for abuse; the FTC and some state attorneys general have broadly wielded them to go after businesses’ privacy and security practices. To make matters worse, individual and class action plaintiffs, led by the plaintiff’s bar, have jumped on the bandwagon as well.

It is important that privacy laws address real harms and place reasonable limits on liability while discouraging meritless suits that simply take advantage of businesses. Holding businesses to impossible standards and allowing excessive and duplicative litigation hurts Americans and the economy.

Research

The ILR Research Review - Spring 2017

May 08, 2017 | This edition of the ILR Research Review offers valuable insights from ILR's recent research on the latest trends in litigation and the tactics and strategies entrepreneurial plaintiffs' firms are using to expand their business models and bring more lawsuits in local, state, federal, and international courts.

Engineered Liability: The Plaintiffs' Bar's Campaign to Expand Data Privacy and Security Litigation

April 19, 2017 | As data breaches are becoming more commonplace, the plaintiffs' bar is engineer a staggering expansion of liability in the areas of privacy and data security. Class action lawyers are pursuing data privacy cases and amassing fortunes even where no one has been harmed. This paper examines the data privacy and security legal landscape, plaintiffs' bar tactics, major cases and settlements, and a suggested framework for reform.

All Results for Data Privacy

A Perilous Patchwork: Data Privacy and Civil Liability in the Era of the Data Breach

Author: Liisa M. Thomas, Robert H. Newman, and Alessandra Swanson, Winston & Strawn LLP | October 27, 2015 | Research

This paper provides an overview of the patchwork of civil liability that U.S. companies face over data breaches, including actions by federal regulators, state attorneys general and private plaintiffs. Read More »

ILR Summit Series: Is data privacy the next lawsuit megatrend?

October 26, 2015 | News and Blog

Data privacy is a hot topic. With popular companies like Target and Uber facing class action lawsuits over data breaches and new hacks occurring every single day, customers and businesses alike are concerned about data privacy – and the lawsuits that come with data breaches. Read More »

Lawsuit Ecosystem II: New Trends, Targets and Players

Author: Victor E. Schwartz & Cary Silverman, Shook, Hardy & Bacon LLP | December 04, 2014 | Research

This report, authored by a distinguished group of practitioners, explores the evolving lawsuit "ecosystem." It considers how plaintiffs' lawyers generate litigation and significant developments that will spur more lawsuits or rein in excessive liability. Read More »

Perils and Pitfalls: Social Media Law and the Workplace

Author: Sara A. Begley, Joel S. Barras, Divonne Smoyer, and Amanda D. Haverstick, Reed Smith LLP | October 21, 2014 | Research

This paper discusses why and how the increase in workplace social media use presents U.S. employers with considerable risks. The uncertain legal environment created by the inconsistency among state privacy statutes and recent ad hoc social media rulings by the NLRB make social media a high risk area for U.S. businesses. Read More »

A Peek Inside The New Data Privacy Lawsuit Playbook

November 12, 2013 | News and Blog

When a blogger revealed that Facebook tracked users even after they had logged off from Facebook's service, the company thanked him and promised an immediate fix. But plaintiffs' attorneys socked the company with a class action seeking $15 billion in damages for alleged privacy violations, a number just shy of what Facebook raised in its IPO. Read More »

New Research on Lawsuit Trends Headlines Chamber's Legal Reform Summit

October 23, 2013 | Press Release

ILR today identified asbestos, class-action, data privacy, and False Claims Act lawsuits among the leading lawsuit trends, in a paper released at its 14th Annual Legal Reform Summit. Read More »

The New Lawsuit Ecosystem: Trends, Targets and Players

Author: Victor E. Schwartz and Cary Silverman Shook, Hardy & Bacon L.L.P. | October 23, 2013 | Research

Authored by a distinguished group of practitioners, this report examines the developing lawsuit "ecosystem" and areas of litigation of most concern to the business community. Read More »

  • bulletClick to Narrow Your Results
  • 2017 Legal Reform Summit Recap