James Westerlind and Andrew Dykens Interviewed on Data Breach Matters
James and Andrew noted that most courts will say that in a data breach lawsuit, the threat of future harm is not enough to confer standing. According to James and Andrew, “most courts have held that a named plaintiff needs to allege having been the victim of actual identity theft after the data breach.” Although James and Andrew noted that presently, there is an even split among the federal Circuit Courts of Appeals on the issue. When asked whether or not the Supreme Court might review decisions granting or denying standing to data breach victims based on circuit splits, James and Andrew explained that “it is likely that the Supreme Court will grant certiorari because of a widening split between the circuits regarding the extent to which standing may be based on the threat of future harm”.
James and Andrew also addressed the issues that plaintiffs’ counsel should focus on when arguing to establish the threat of harm, and how defendants’ attorneys should respond to data breach lawsuits. “If plaintiffs’ attorneys cannot find actual plaintiffs who have suffered from actual identity theft that may have been caused by the subject of data breach, then they should determine if there is evidence that there was a sophisticated theft of information . . . . Defendant’s counsel should consider a motion to dismiss backed on a lack of Article III standing whenever plaintiffs’ complaint only alleges that the named plaintiffs have suffered the threat of future harm.”
- Related Practices