Sony Beware: New Argument Seeks To Establish Standing In 'Harmless' Data Breach Lawsuits
from the people-suing-sony-should-pay-attention dept
Whoever is filing class action lawsuits against Sony for the PSN hack may want to pay attention to a totally different case in Northern California. You see, for years, we’ve noted that judges will toss out lawsuits about data breaches if the person suing can’t show any actual harm. It’s happened again and again and again. To some extent, you can understand the reasoning: if your data wasn’t used to cause you any harm, should you really have much of a legal leg to stand on?
But, of course, the problem with that is that it lessens the damage that can hit companies for being downright careless with your private data. However, this case in the Northern District of California, involving Alan Claridge suing RockYou, has gone differently so far (found via Michael Scott), because Claridge made a different kind of argument:
While many plaintiffs in data breach cases (unsuccessfully) allege harm suffered based on an increased risk of identity theft as well as inconvenience and out-of-pocket expenses associated with credit monitoring, Plaintiff employed a unique argument. As the court described, ?Plaintiff generally alleges that defendant?s customers, including plaintiff, ?pay? for the products and services they ?buy? from defendant by providing their PII [personally identifiable information], and that the PII constitutes valuable property that is exchanged not only for defendant?s products and services, but also in exchange for defendant?s promise to employ commercially reasonable methods to safeguard the PII that is exchanged. As a result, defendant?s role in allegedly contributing to the breach of plaintiff?s PII caused plaintiff to lose the ?value? of their PII, in the form of their breached personal data.?
According to the court, the alleged was enough for purposes of standing. ?On balance, the court declines to hold at this juncture that, as a matter of law, plaintiff has failed to allege an injury in fact sufficient to support Article III standing . . . [T]he court finds plaintiff?s allegations of harm sufficient at this stage to allege a generalized injury in fact.?
The court is still skeptical of the argument, but is at least willing to hear things out. In other words, this is still very early, and it’s at the district court level, so those who like this argument shouldn’t get their hopes up yet. But, it’s certainly making it a case worth watching.
And I’d be remiss in not mentioning that this is the kind of thing that we’ll almost certainly be discussing at our upcoming dinner salon, since it very much taps into the theme of how companies need to act when their “customers” are also their “product,” in terms of the information and data they collect…
Filed Under: data breach, standing
Companies: sony
Comments on “Sony Beware: New Argument Seeks To Establish Standing In 'Harmless' Data Breach Lawsuits”
What about the harm of loss of access to their online network? It might be minimal, but it is enough harm to bring the lawsuit forward to trial. Also potential harm might be a factor. RIAA seems to succeed in that one with the damages they suggest in many of their filesharing lawsuits. We should all just copyright our primary contact information so we can file a copyright violation for Sony data sharing…
head to head fight!!!!
now we have a problem…..
1.last week the “high” court said that “binding arbitration takes president over class action suits”
2.class action suits have a new twist ….
3. sony says bring it on….You must go to binding arbitration..it’s in your eula….one at a time please and we split the cost!!(about $980 per hour in my neck of the woods)
plus the cost of a lower lawyer
4. WHAT??? no takers i can”t imagine why???
Mike, I think you came up with this story simply for the shameless plug.
What steps will you be taking to protect the PII of the participants?
Re: Response to: Pixelation on May 2nd, 2011 @ 6:00pm
TROLL HARDER!
Re: Re:
He’ll be eating it on stage.
It seems to me that a company should have some liability for any information regarding customers that they store. That liability should increase when it is stored beyond the point where it is absolutely necessary. Mainly stored CC#s and SS#s. If you want to store this information, you better be prepared for the consequences of having it cracked from your system. It needs to be unappealing.
@Ironm@sk I was just funnin’.
How is this different than Copyright Infringement? Oh, that's right the **AA's bought the laws
So if individuals have to prove ‘actual harm’ when a company hands over all of their personal information (lets start calling it PIP – Personal Intellectual Property which is what it is after all). Why don’t companies have to prove ‘actual harm’ when an individual hands one piece of their IP to someone else?
Yes, I know it’s because there is a law with a ‘statutory damages’ clause that makes this possible….
So lets get a new law passed (anyone out there own a congress critter to get this going?) applying the same ‘statutory damages’ concept to companies infringing on individuals PIP. I think it would be fair to add a ‘punitive damages’ clause to PIP losses as well, since without these excessive damage awards, companies will never learn that they need to be careful with everyone’s intellectual property, not just their own.
If sharing one song is worth $150,000, I’m sure that sharing one individuals PIP would be worth at least $1,500,000 in statutory damages, and another $5,000,000 in punitive damages, after all one individual could have produced an infinite number of songs/movies/games/software/etc, if only their valuable personal intellectual property hadn’t been stolen by those dirty rotten corporations….
I’m not really serious…. or am i? /sarcasm off