No Harm, No Foul In Yet Another Data Leak Case

from the yet-again dept

Over the last few years we've been hearing story after story after story about data leaks. These kinds of leaks didn't just start happening, but we're finally hearing about them because of new laws that require disclosure. One of the big problems is that there's very little risk to companies if they leak someone's data. They issue an apology, agree to pay for one year of credit monitoring and go back to storing data in easily leaked ways. Not surprisingly, many of the folks whose data was put at risk don't feel that's adequate and have tried to sue over the matter, but in a decision that mimics earlier decisions the 7th U.S. Circuit Court of Appeals has said that those suing Old National Bancorp have no right to sue, because nothing was actually done with the leaked data. In other words, since they weren't directly harmed, they don't have standing to sue. You can understand the legal reasoning here, but it still makes you question why simply leaking data shouldn't be considered negligence on the part of these companies, even if the data wasn't later used for criminal purposes?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Matt Bennett, Aug 24th, 2007 @ 2:11pm

    Well, it's kinda like driving drunk PAST someones kid. You can't be sued, cuz you didn't hit the kid. You could be arrested for drunk driving, though, if y'know, there was a law against that. But there's not.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Overcast, Aug 24th, 2007 @ 2:33pm

    A key word here could very well be, "Yet...."

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Aug 24th, 2007 @ 3:10pm

    "the 7th U.S. Circuit Court of Appeals has said that those suing Old National Bancorp have no right to sue, because nothing was actually done with the leaked data."

    That's BS. It's personal information given to a company with the promise that it will be kept private. It seems that the Old National Bancorp has probably made some hefty political 'donations' recently.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Ronnie Moore, Aug 24th, 2007 @ 3:56pm

    plain sense

    Even if said data is not used these companys are setting themselves up for a major lawsuilt if a number of people's data is used for illegal purpsice. It would simply be eaiser and cheaper to close the barn door before the horse gets out.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Aug 24th, 2007 @ 5:34pm

    One required element for suing for negligence is injury/damage. As the above poster wisely put it, I can't sue because I was "Almost" hit by the drunk driver. However, an interesting thread to follow will be if some of the information is eventually used, when will the statute of limitations start? upon the breach or the actual harm?

    Has anyone ever discussed copyrighting their personal information, and only "licensing" it to the banks and credit card companies? then upon breach, suing under the DMCA?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Aug 24th, 2007 @ 7:38pm

    hearing about them because of new laws

    I hate to say it but we need more laws to make these breaches illegal in themselves, and enforcing serious punishment for corporate officers.

    Why corporate officers? Because they are responsible for running the company. They sure take credit when profits are made.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    barren waste, Aug 25th, 2007 @ 6:39am

    hmmm

    At the very least it sounds like breach of contract to me. The bank promised to keep the information confidential and then failed to deliver on that promise. Maybe we should all overdraw accounts there, promise to pay it back, then fail to do so. Thats fair isn't it?

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Clueby4, Aug 27th, 2007 @ 3:07pm

    Lets use this logic on Civil Copy Right Infringeme

    Let them use that logic on civil copyright infringement cases.

    The real problem is that there are not real criminal penalties for privacy breaches. Which there should be, since it might force some companies, with dubious justifications, not to require and/or retain personal information.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This