Cybersecurity and data privacy litigation continues to grow rapidly in scale and complexity. Putative class actions not only follow major data breaches but also increasingly allege vulnerabilities in a wide range of products, from cars to toys, even before any attack has occurred. And plaintiffs continue to assert privacy claims against both cutting-edge technologies and longestablished business practices.
Significant financial and reputational risks can accompany cybersecurity and data privacy litigation. These high stakes make it important for companies to respond strategically and practically. To that end, while each case differs, companies generally should evaluate the following five questions if they face cybersecurity or data privacy litigation.
Does the Plaintiff Have Standing?
Whether a plaintiff has standing to bring suit in federal court continues to be a central question in most, if not all, cybersecurity and data privacy cases. In particular, whether the plaintiff has suffered an injury in fact is frequently pivotal. The US Supreme Court’s recent decision in Spokeo, Inc. v. Robins, 135 S. Ct. 1540 (2016), clarified that a plaintiff cannot merely allege a technical legal violation but must suffer an actual, real-world injury (or face the certainly impending threat of one). Companies will look to rely on the Spokeo decision in the coming years, including as they litigate the types of future injuries that may still be sufficient to confer standing under Clapper v. Amnesty International USA, 133 S. Ct. 1138 (2013). A judge in the Sixth Circuit recently noted that the US courts of appeals already have split on that latter point, for example, and further significant litigation is highly likely. For the full article click here
from cyber security caucus http://cybersecuritycaucus.com/united-states-five-questions-general-counsels-should-ask-about-cybersecurity-and-data-privacy-litigation/
via IFTTT
No comments:
Post a Comment