Over the last few years we've been hearing story after story after story about data leaks. These kinds of leaks didn't just start happening, but we're finally hearing about them because of new laws that require disclosure. One of the big problems is that there's very little risk to companies if they leak someone's data. They issue an apology, agree to pay for one year of credit monitoring
and go back to storing data in easily leaked
ways. Not surprisingly, many of the folks whose data was put at risk don't feel that's adequate and have tried to sue over the matter, but in a decision that mimics
the 7th U.S. Circuit Court of Appeals has said that those suing Old National Bancorp have no right to sue
, because nothing was actually done with the leaked data. In other words, since they weren't directly harmed, they don't have standing to sue. You can understand the legal reasoning here, but it still makes you question why simply leaking data shouldn't be considered negligence on the part of these companies, even if the data wasn't later used for criminal purposes?