U.S. Appeals Court lowers burden of proof for data breach lawsuits
An October decision of the 4th US Circuit Court of Appeals in Virginia has — yet again — altered the risk calculus of data breaches by easing litigants’ ability to successfully sue breached companies in limited situations.
The case involved an insurance company data breach that resulted in the driver’s license information of almost 3 million customers being leaked. Until this appellate decision, most courts had ruled that having certain types of data stolen alone is not sufficient to prove damages. With such data, plaintiffs must provide proof of actual damage or evidence of actual fraud, the courts have mostly ruled.
Whereas theft of private data, such as medical records, has automatically been considered damaging, most data available from a driver’s license, for example, is public, with even a driver’s license number not helpful to a fraudster, unless joined with other information to enable identity theft. Courts have ruled that plaintiffs must prove thieves had indeed accessed multiple pieces of information.
Read more at CSO Online