Sony Beware: New Argument Seeks To Establish Standing In 'Harmless' Data Breach Lawsuits
from the people-suing-sony-should-pay-attention dept
But, of course, the problem with that is that it lessens the damage that can hit companies for being downright careless with your private data. However, this case in the Northern District of California, involving Alan Claridge suing RockYou, has gone differently so far (found via Michael Scott), because Claridge made a different kind of argument:
While many plaintiffs in data breach cases (unsuccessfully) allege harm suffered based on an increased risk of identity theft as well as inconvenience and out-of-pocket expenses associated with credit monitoring, Plaintiff employed a unique argument. As the court described, “Plaintiff generally alleges that defendant’s customers, including plaintiff, ‘pay’ for the products and services they ‘buy’ from defendant by providing their PII [personally identifiable information], and that the PII constitutes valuable property that is exchanged not only for defendant’s products and services, but also in exchange for defendant’s promise to employ commercially reasonable methods to safeguard the PII that is exchanged. As a result, defendant’s role in allegedly contributing to the breach of plaintiff’s PII caused plaintiff to lose the ‘value’ of their PII, in the form of their breached personal data.”The court is still skeptical of the argument, but is at least willing to hear things out. In other words, this is still very early, and it's at the district court level, so those who like this argument shouldn't get their hopes up yet. But, it's certainly making it a case worth watching.
According to the court, the alleged was enough for purposes of standing. “On balance, the court declines to hold at this juncture that, as a matter of law, plaintiff has failed to allege an injury in fact sufficient to support Article III standing . . . [T]he court finds plaintiff’s allegations of harm sufficient at this stage to allege a generalized injury in fact.”
And I'd be remiss in not mentioning that this is the kind of thing that we'll almost certainly be discussing at our upcoming dinner salon, since it very much taps into the theme of how companies need to act when their "customers" are also their "product," in terms of the information and data they collect...