from the people-suing-sony-should-pay-attention dept
Whoever is filing class action
lawsuits against Sony for the
PSN hack may want to pay attention to a totally different case in Northern California. You see, for years, we've noted that judges will
toss out lawsuits about data breaches if the person suing can't show any actual harm. It's happened
again and
again and
again. To some extent, you can understand the reasoning: if your data wasn't used to cause you any harm, should you really have much of a legal leg to stand on?
But, of course, the problem with that is that it lessens the damage that can hit companies for being downright careless with your private data. However, this case in the Northern District of California, involving Alan Claridge suing RockYou,
has gone differently so far (found via
Michael Scott), because Claridge made a different kind of argument:
While many plaintiffs in data breach cases (unsuccessfully) allege harm suffered based on an increased risk of identity theft as well as inconvenience and out-of-pocket expenses associated with credit monitoring, Plaintiff employed a unique argument. As the court described, “Plaintiff generally alleges that defendant’s customers, including plaintiff, ‘pay’ for the products and services they ‘buy’ from defendant by providing their PII [personally identifiable information], and that the PII constitutes valuable property that is exchanged not only for defendant’s products and services, but also in exchange for defendant’s promise to employ commercially reasonable methods to safeguard the PII that is exchanged. As a result, defendant’s role in allegedly contributing to the breach of plaintiff’s PII caused plaintiff to lose the ‘value’ of their PII, in the form of their breached personal data.”
According to the court, the alleged was enough for purposes of standing. “On balance, the court declines to hold at this juncture that, as a matter of law, plaintiff has failed to allege an injury in fact sufficient to support Article III standing . . . [T]he court finds plaintiff’s allegations of harm sufficient at this stage to allege a generalized injury in fact.”
The court is still skeptical of the argument, but is at least willing to hear things out. In other words, this is still very early, and it's at the district court level, so those who like this argument shouldn't get their hopes up yet. But, it's certainly making it a case worth watching.
And I'd be remiss in not mentioning that this is the kind of thing that we'll almost certainly be discussing at our
upcoming dinner salon, since it very much taps into the theme of how companies need to act when their "customers" are also their "product," in terms of the information and data they collect...
Filed Under: data breach, standing
Companies: sony
