Last week, the D.C. Circuit joined an increasing number of federal courts applying a broad interpretation of the degree of harm required to satisfy Article III standing and expanding the holding of last summer’s Spokeo, Inc. v. Robbins, 136 S. Ct. 1540 (2016).
Last week, the Eighth Circuit Court of Appeals rejected the district court’s approval of the class action settlement in the Target data breach litigation. See In re Target Corp. Customer Data Sec. Breach Litig., 2017 U.S. App. Lexis 1767 (8th Cir. Feb. 1 2017).
Two decisions last week further widened the divide among the Courts of Appeals in applying Spokeo in cybersecurity litigation.
Two Courts of Appeals have issued decisions during the past week related to cybersecurity and data retention which anyone who maintains electronic data and personal information should read.
In a case that will have significant ramifications for the legal landscape relating to cybersecurity, the Third Circuit Court of Appeals affirmed a lower court’s decision that the Federal Trade Commission (FTC) had the authority to regulate companies’ data security practices.
As the Supreme Court revels in its summer hiatus, and the federal government slows to its August halt, here is a status update and forecast on pending data breach litigation:
Last week the Seventh Circuit reinstated the Neiman Marcus data breach class action, holding that plaintiffs had satisfied Article III’s standing requirements based on at least some of the injuries they alleged. In doing so, the Seventh Circuit became the first federal court of appeals to rule on a challenge to the standing of purported data breach victims in light of the Supreme Court’s decision in Clapper v. Amnesty International, 133 S. Ct. 1138 (2013), and diverged from the growing majority of federal district courts that have held similar allegations are insufficient to confer standing.
Last week, the Eastern District of Louisiana joined the growing majority of district courts around the country that have held increased risk of future identity theft or identity fraud posed by a data breach is not sufficient to confer Article III standing on individuals whose information has been compromised but not yet misused.
The risk of a data breach now tops the list of concerns of many in-house counsel and C-suite executives. Cyber insurance is an important component in managing this risk and mitigating the damages and loss that follow a data breach.
- Cybersecurity and Privacy Law
- Cybersecurity Regulation
- Data Breach
- Class Action Litigation
- Privacy Laws
- General Data Protection Regulation
- Mergers & Acquisitions
- Incident Response Plan
- Information Governance
- Corporate Law
- Federal Trade Commission
- Seventh Circuit
- Department of Justice
- Cyber Insurance
- September 2018 Was a Busy Month for Data Privacy
- GDPR - 90 Days Later
- GDPR: Less Than 100 Day and Counting to "G-Day" - Here's What You Need to Know
- SEC Issues Guidance on Cybersecurity Disclosures
- New D.C. Circuit Ruling Finds Substantial Risk of Harm Inherent to Data Breach
- Target Class Action Settlement Temporarily Upended
- Spokeo Continues to Divide the Lower Courts in Cybersecurity Litigation
- Cyber Breach Incident Notification Guidelines Ahead
- CyberSecurity News: Spokeo, Galaria and Braitberg
- Privacy Class Action Dismissed Under Spokeo