Angus Loten reports:
A deluge of data-breach lawsuits has a growing number of U.S. judges insisting victims show exactly how their leaked personal data caused “tangible harm,” a high bar that is getting more cases tossed out of court.
Judges are also requiring plaintiffs to trace any damages back to a particular breach—a tougher condition to meet as more hackers trade stolen data on the dark web.
“The message is clear,” said John Carlin, chair of the cyber group at law firm Paul, Weiss, Rifkind, Wharton & Garrison: “Having personal information exposed in a data breach—which has happened to everyone—is not enough to sue.”
Instead, judges want to see out-of-pocket expenses or actual losses from identity theft or fraud, said James Lee, data privacy and cybersecurity partner at Boies Schiller Flexner. “They are less inclined to find an injury-in-fact for emotional distress or a potential future harm,” he said.
Read more at The Wall Street Journal.