As the frequency of data breaches increases, plaintiffs are turning to new legal theories to bring claims against defendants. Organizations of all types and sizes are at risk of data breaches, which can result in severe financial losses and reputational damage. One recent case highlighting the issue is Trevor Miller v. Syracuse University, 5:21-CV-1073-LEK/TWD, 2023 WL 2572937 (N.D.N.Y. Mar. 20, 2023), in which the plaintiff alleged that the university's deficient cybersecurity measures caused a data breach compromising the sensitive information of almost 10,000 individuals. The plaintiff survived a motion to dismiss by alleging claims of negligence, breach of express and implied contracts, and deceptive practices under New York statutory law.
For litigators, it is essential to understand the potential theories of liability involved in data breach lawsuits and to advise clients on how to protect themselves from such lawsuits. Here are some practice points to keep in mind: