'No Harm No Foul' Becoming The Norm In Data Breach Lawsuits

from the no-blood-no-foul dept

Back in April, a judge ruled that Wells Fargo should not be penalized for a data breach because there was no evidence that those who acquired the data had done anything criminal with it. This seemed like poor reasoning; Wells Fargo had no control whether anyone would use the data in a criminal manner, but it did have control over how it stored the data. In that case, data was lost because it was stored in an unencrypted format on a laptop. Certainly some could argue that that was negligent. But it looks like this line of reasoning is becoming standard. A recent suit brought against data broker Axciom for letting customer data slip out was dismissed since the plaintiffs couldn't prove that anything bad had been done with it. Again, either the company was negligent in letting personal data out, or it wasn't; that should be the measure upon which these cases are decided, not what was done later with the data. There is a flipside, which is that if plaintiffs started winning these cases, data breach lawsuits could easily become the latest class action charade (We can see the commercials now, "Has your personal data been leaked? Call the law offices of..."). But companies can't keep getting let off the hook just because harm can't be proven, or they'll have little incentive to protect the data.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 19 Oct 2006 @ 12:41pm


    The "harm" is unlawful disclosure of my personal information. The question unanswered by the courts is how much is my personal information worth? Even if its $1 and the damage was done by negligence then the company should be required to pay $1 per account. If its $10 then.. again.. $10 per account.

    Its the same thing as your neighbor borrowing your lawnmower then selling it. Even if the lawnmower was never used and was later returned undamaged does not mean your neighbor isn't liable for "unlawful deprivation of property".

    In this case I may have opened an account, provided my personal information and expected the company to either return or destroy that information when it was finished. To simply "leave the door open" so anyone can take my “borrowed” stuff is, at best, an ethics violation. At worst, in my eyes, its criminal deprivation of property.

    Of course another issue for the courts to address is weather you actually own your personal information and therefore have any right to it. If we, as a society, succeed our identities for the highest bidder (or most clever hacker) then we have nobody else to blame but ourselves.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.