No Harm, No Foul In Yet Another Data Leak Case

from the yet-again dept

Fri, Aug 24th 2007 2:07pm — Mike Masnick

Over the last few years we've been hearing story after story after story about data leaks. These kinds of leaks didn't just start happening, but we're finally hearing about them because of new laws that require disclosure. One of the big problems is that there's very little risk to companies if they leak someone's data. They issue an apology, agree to pay for one year of credit monitoring and go back to storing data in easily leaked ways. Not surprisingly, many of the folks whose data was put at risk don't feel that's adequate and have tried to sue over the matter, but in a decision that mimics earlier decisions the 7th U.S. Circuit Court of Appeals has said that those suing Old National Bancorp have no right to sue, because nothing was actually done with the leaked data. In other words, since they weren't directly harmed, they don't have standing to sue. You can understand the legal reasoning here, but it still makes you question why simply leaking data shouldn't be considered negligence on the part of these companies, even if the data wasn't later used for criminal purposes?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data leaks, liability
Companies: old national bancorp

8 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Matt Bennett, 24 Aug 2007 @ 2:11pm

Well, it's kinda like driving drunk PAST someones kid. You can't be sued, cuz you didn't hit the kid. You could be arrested for drunk driving, though, if y'know, there was a law against that. But there's not.
[ link to this | view in chronology ]
Overcast, 24 Aug 2007 @ 2:33pm

A key word here could very well be, "Yet...."
[ link to this | view in chronology ]
Anonymous Coward, 24 Aug 2007 @ 3:10pm

"the 7th U.S. Circuit Court of Appeals has said that those suing Old National Bancorp have no right to sue, because nothing was actually done with the leaked data."

That's BS. It's personal information given to a company with the promise that it will be kept private. It seems that the Old National Bancorp has probably made some hefty political 'donations' recently.
[ link to this | view in chronology ]
Ronnie Moore, 24 Aug 2007 @ 3:56pm

plain sense
Even if said data is not used these companys are setting themselves up for a major lawsuilt if a number of people's data is used for illegal purpsice. It would simply be eaiser and cheaper to close the barn door before the horse gets out.
[ link to this | view in chronology ]
Anonymous Coward, 24 Aug 2007 @ 5:34pm

One required element for suing for negligence is injury/damage. As the above poster wisely put it, I can't sue because I was "Almost" hit by the drunk driver. However, an interesting thread to follow will be if some of the information is eventually used, when will the statute of limitations start? upon the breach or the actual harm?

Has anyone ever discussed copyrighting their personal information, and only "licensing" it to the banks and credit card companies? then upon breach, suing under the DMCA?
[ link to this | view in chronology ]
Anonymous Coward, 24 Aug 2007 @ 7:38pm

hearing about them because of new laws
I hate to say it but we need more laws to make these breaches illegal in themselves, and enforcing serious punishment for corporate officers.

Why corporate officers? Because they are responsible for running the company. They sure take credit when profits are made.
[ link to this | view in chronology ]
barren waste, 25 Aug 2007 @ 6:39am

hmmm
At the very least it sounds like breach of contract to me. The bank promised to keep the information confidential and then failed to deliver on that promise. Maybe we should all overdraw accounts there, promise to pay it back, then fail to do so. Thats fair isn't it?
[ link to this | view in chronology ]
Clueby4, 27 Aug 2007 @ 3:07pm

Lets use this logic on Civil Copy Right Infringeme
Let them use that logic on civil copyright infringement cases.

The real problem is that there are not real criminal penalties for privacy breaches. Which there should be, since it might force some companies, with dubious justifications, not to require and/or retain personal information.
[ link to this | view in chronology ]