Damon W. Silver writes:
Among the multitude of unpleasant issues facing a company whose network has been breached is potential liability to customers and employees whose personal information has been compromised. However, recent district court decisions from around the country continue to limit the opportunity of those customers and employees to have their day in court. Specifically, these cases have held that, in order for a customer or employee whose data has been stolen to gain standing to sue the company that experienced the breach, the customer or employee must show that the stolen data was, in fact, used to the customer or employee’s financial detriment. And such financial detriment must be “concrete.” Increased risk of future harm does not suffice, damages are not recoverable for “mitigation” measures – such as the purchase of credit monitoring services – taken to protect against speculative future harm, and an individual’s allegations that he fears such future harm will generally not be enough to establish a claim for emotional distress.
Read more on Jackson Lewis Workplace Privacy Data Management & Security Law Report.