Data Privacy

American businesses spend an average of $7.01 million on a single data breach, including the price of notifying potentially affected individuals and ensuing legal costs. As the amount of data collected from and about people explodes, the number of breaches has also grown. Companies affected by data breaches subsequently face significant enforcement by federal and state regulators, as well as litigation by opportunistic plaintiffs' lawyers. Data privacy, as a result, is predicted to become “the new asbestos.” Reforms can help curb unreasonable costs to businesses while still providing relief to those who have truly been harmed. Read More...

Information holders no longer just have to worry about whether employees are disposing of data correctly—from domestic hackers to hostile foreign governments, cyberattacks have grown in number and in sophistication. As businesses work to navigate the evolving landscape, they find themselves bombarded by federal and state regulators using outdated laws, to plaintiffs seeking large settlements despite showing no actual injury from a data breach.

It is unclear for businesses what the scope of their liability is and to whom. The U.S. has a patchwork of federal laws intended to protect personal information. At the same time, states laws continue to evolve, imposing different (and sometimes contradictory) requirements for data privacy, including when and how victims of data breaches must notify their customers. Regulators have struggled to keep pace with the rising number of incidents and individuals’ concerns, with the result being a piecemeal, hastily-assembled legal regime.

A standard federal law governing breach notification requirements, preempting state laws, would provide much-needed predictability for businesses and protect them from abusive and overlapping enforcement. There is public support for this commonsense solution. Only those who are actually at risk or who have been harmed by a data breach should get notice or be able to sue.

Moreover, vague laws prohibiting unfair and deceptive practices, from Section 5 of the Federal Trade Commission (FTC) Act to similar state laws, are ripe for abuse; the FTC and some state attorneys general have broadly wielded them to go after businesses’ privacy and security practices. To make matters worse, individual and class action plaintiffs, led by the plaintiff’s bar, have jumped on the bandwagon as well.

It is important that privacy laws address real harms and actual injury and place reasonable limits on liability while discouraging meritless suits that simply take advantage of businesses. Holding businesses to impossible standards and allowing excessive and duplicative litigation hurts Americans and the economy.

Suggested Resources

Research
  • Torts of the Future: Addressing the Liability and Regulatory Implications of Emerging Technologies

    Torts of the Future: Addressing the Liability and Regulatory Implications of Emerging Technologies

    March 29, 2017

    Torts of the Future examines the emerging technology sectors of autonomous vehicles, commercial drones, private space exploration, the "sharing economy," and the Internet of Things, and assesses the existing regulatory and litigation environments and future liability trends for each. The paper also draws from experience in each area to present guiding principles for addressing the liability and regulatory implications of emerging technologies. Read More

  • Engineered Liability: The Plaintiffs' Bar's Campaign to Expand Data Privacy and Security Litigation

    Engineered Liability: The Plaintiffs' Bar's Campaign to Expand Data Privacy and Security Litigation

    April 19, 2017

    As data breaches are becoming more commonplace, the plaintiffs' bar is engineer a staggering expansion of liability in the areas of privacy and data security. Class action lawyers are pursuing data privacy cases and amassing fortunes even where no one has been harmed. This paper examines the data privacy and security legal landscape, plaintiffs' bar tactics, major cases and settlements, and a suggested framework for reform. Read More

All Results for Data Privacy

  1. In the News Today - October 10, 2018

    October 10, 2018 | News

    Data Breach-Related Securities Lawsuits on the Rise; Texas Counties To Release Private Lawyer Billing Records for Free; Class Action Settlement "Appears Inaccurate on its Face"... Read More

  2. In the News Today - October 9, 2018

    October 09, 2018 | News

    UK High Court Blocks Class Action, Says Only Lawyers and Funders Will Benefit... Read More

  3. In the News Today - September 28, 2018

    September 28, 2018 | News

    The Administration's "Approach To Data Privacy, And Next Steps"... Read More

  4. Lawyers, Businesses Warn Of Legal Ramifications of Data Privacy Laws

    September 27, 2018 | News

    Lawyers and businesses in the U.S and abroad have expressed concerns over the ramifications of new data privacy laws, according to stories in BankInfoSecurity.com and Broadcasting Cable.... Read More

  5. In the News Today - September 21, 2018

    September 21, 2018 | News

    "How The British Airways Breach Will Reveal The True Cost Of GDPR"... Read More

  6. 20 Years of Tech: How ILR Has Led the Legal Conversation on Emerging Technologies

    August 21, 2018 | Blogs

    ILR continues to confront new issues by identifying trends and applying the latest strategies and tactics to advocate for key legal reforms. ... Read More

  7. In the News Today - August 21, 2018

    August 21, 2018 | News

    Approved $115 Million Settlement Reserves Only 13 Percent of Cash for Victims; West Virginia Senate President Hopes to Start State Supreme Court Impeachment Trials By Mid-September... Read More

  8. U.S. Treasury Calls for National Data Breach Standard

    August 01, 2018 | News

    In a series of recommendations on financial technology regulation, the U.S. Treasury Department called on Congress to create a national standard on data breach notifications, POLITICO reports.... Read More

  9. In the News Today - July 24, 2018

    July 24, 2018 | News

    TCPA the "Poster Child for Abusive Class Action Litigation," Says ILR's Kim; Top Privacy Developments Of 2018, Part 1... Read More

  10. In the News Today - July 10, 2018

    July 10, 2018 | News

    Examining California's New Data Privacy Law... Read More