March 14, 2016 Articles

Who Can Sue after a Data Breach?

Courts disagree over whether plaintiffs whose data have not been misused have standing.

By Brittany Robbins

In 1793, Thomas Jefferson asked the Supreme Court to issue an advisory opinion addressing 29 foreign affairs issues. 13 Federal Practice and Procedure, Jurisdiction § 3529.1 (3d ed.). The Supreme Court refused to answer them, reasoning that its power was limited to cases and controversies. Supreme Court of the United States, The Court and Constitutional Interpretation (last updated Oct. 15, 2015).

Fast forward 200 years. Business torts, including data breaches, continue to raise traditional standing concerns. A plaintiff filing a data breach lawsuit in federal court must establish an injury in fact that is (1) concrete and particularized and (2) actual or imminent. The injury must be fairly traceable to the challenged action, and it must be likely the injury will be redressed by a verdict for the plaintiff. Lujan v. Defs. of Wildlife, 504 U.S. 555, 560–61 (1992); In re Google, Inc. Privacy Policy Litig. No. 5:12-cv-01382, slip op. at 8 (N.D. Cal. Dec. 3, 2012).

Premium Content For:
  • Litigation Section
Join - Now