No Harm, No Foul In Yet Another Data Leak Case

from the yet-again dept

Over the last few years we’ve been hearing story after story after story about data leaks. These kinds of leaks didn’t just start happening, but we’re finally hearing about them because of new laws that require disclosure. One of the big problems is that there’s very little risk to companies if they leak someone’s data. They issue an apology, agree to pay for one year of credit monitoring and go back to storing data in easily leaked ways. Not surprisingly, many of the folks whose data was put at risk don’t feel that’s adequate and have tried to sue over the matter, but in a decision that mimics earlier decisions the 7th U.S. Circuit Court of Appeals has said that those suing Old National Bancorp have no right to sue, because nothing was actually done with the leaked data. In other words, since they weren’t directly harmed, they don’t have standing to sue. You can understand the legal reasoning here, but it still makes you question why simply leaking data shouldn’t be considered negligence on the part of these companies, even if the data wasn’t later used for criminal purposes?

Filed Under: ,
Companies: old national bancorp

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “No Harm, No Foul In Yet Another Data Leak Case”

Subscribe: RSS Leave a comment
Anonymous Coward says:

“the 7th U.S. Circuit Court of Appeals has said that those suing Old National Bancorp have no right to sue, because nothing was actually done with the leaked data.”

That’s BS. It’s personal information given to a company with the promise that it will be kept private. It seems that the Old National Bancorp has probably made some hefty political ‘donations’ recently.

Anonymous Coward says:

One required element for suing for negligence is injury/damage. As the above poster wisely put it, I can’t sue because I was “Almost” hit by the drunk driver. However, an interesting thread to follow will be if some of the information is eventually used, when will the statute of limitations start? upon the breach or the actual harm?

Has anyone ever discussed copyrighting their personal information, and only “licensing” it to the banks and credit card companies? then upon breach, suing under the DMCA?

Clueby4 says:

Lets use this logic on Civil Copy Right Infringeme

Let them use that logic on civil copyright infringement cases.

The real problem is that there are not real criminal penalties for privacy breaches. Which there should be, since it might force some companies, with dubious justifications, not to require and/or retain personal information.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...