Data breach litigation and regulatory enforcement: A survey of our present and how to prepare for the future

Behnam Dayanim, Partner and Edward George, Associate, Paul Hastings

Click the button below to download the full text of the article.


Abstract: Americans have grown accustomed to the drumbeat of data breaches, particularly because most have involved credit card data where individuals are protected from harm and almost never suffer out-of-pocket losses. But the more recent data breaches — Equifax, Yahoo! and the United States Office of Personnel Management — raise new concerns because of the amount of highly sensitive data that has been compromised. These compromises have caught the attention of the Federal Trade Commission (FTC), state attorneys general and Congress, and, as a result, the approaches to privacy-related harms are changing. This paper explores the circuit courts of appeals’ approaches to privacy harms in data breach cases, specifically with regard to Article III standing, and the FTC’s approach in its privacy and cyber security enforcement actions. After examining both approaches, this paper concludes with insights into best practices on dealing with the shifting legislative, judicial and regulatory climate surrounding breaches.


Keywords: privacy, cyber security, data breach, standing, Federal Trade Commission, circuit courts of appeals, emerging trends


Behnam Dayanim is a partner in the Washington, DC office of the international law firm Paul Hastings LLP, where he is global co-chair of the Privacy and Cybersecurity Practice and chair of the Advertising and Gaming Practice.


Edward George is an associate in the Privacy and Cybersecurity Practice and the Advertising and Gaming Practice groups.

Read this featured article now.
To read this article and receive further updates on Henry Stewart Publications content please register using the form below.