No Harm, No Foul In Yet Another Data Leak Case
from the yet-again dept
Over the last few years we’ve been hearing story after story after story about data leaks. These kinds of leaks didn’t just start happening, but we’re finally hearing about them because of new laws that require disclosure. One of the big problems is that there’s very little risk to companies if they leak someone’s data. They issue an apology, agree to pay for one year of credit monitoring and go back to storing data in easily leaked ways. Not surprisingly, many of the folks whose data was put at risk don’t feel that’s adequate and have tried to sue over the matter, but in a decision that mimics earlier decisions the 7th U.S. Circuit Court of Appeals has said that those suing Old National Bancorp have no right to sue, because nothing was actually done with the leaked data. In other words, since they weren’t directly harmed, they don’t have standing to sue. You can understand the legal reasoning here, but it still makes you question why simply leaking data shouldn’t be considered negligence on the part of these companies, even if the data wasn’t later used for criminal purposes?
Filed Under: data leaks, liability
Companies: old national bancorp
Comments on “No Harm, No Foul In Yet Another Data Leak Case”
Well, it’s kinda like driving drunk PAST someones kid. You can’t be sued, cuz you didn’t hit the kid. You could be arrested for drunk driving, though, if y’know, there was a law against that. But there’s not.
A key word here could very well be, “Yet….”
“the 7th U.S. Circuit Court of Appeals has said that those suing Old National Bancorp have no right to sue, because nothing was actually done with the leaked data.”
That’s BS. It’s personal information given to a company with the promise that it will be kept private. It seems that the Old National Bancorp has probably made some hefty political ‘donations’ recently.
plain sense
Even if said data is not used these companys are setting themselves up for a major lawsuilt if a number of people’s data is used for illegal purpsice. It would simply be eaiser and cheaper to close the barn door before the horse gets out.
One required element for suing for negligence is injury/damage. As the above poster wisely put it, I can’t sue because I was “Almost” hit by the drunk driver. However, an interesting thread to follow will be if some of the information is eventually used, when will the statute of limitations start? upon the breach or the actual harm?
Has anyone ever discussed copyrighting their personal information, and only “licensing” it to the banks and credit card companies? then upon breach, suing under the DMCA?
hearing about them because of new laws
I hate to say it but we need more laws to make these breaches illegal in themselves, and enforcing serious punishment for corporate officers.
Why corporate officers? Because they are responsible for running the company. They sure take credit when profits are made.
hmmm
At the very least it sounds like breach of contract to me. The bank promised to keep the information confidential and then failed to deliver on that promise. Maybe we should all overdraw accounts there, promise to pay it back, then fail to do so. Thats fair isn’t it?
Lets use this logic on Civil Copy Right Infringeme
Let them use that logic on civil copyright infringement cases.
The real problem is that there are not real criminal penalties for privacy breaches. Which there should be, since it might force some companies, with dubious justifications, not to require and/or retain personal information.