"In the age of information overload, it is refreshing to have a publication whose primary purpose is to serve and educate its readership. A publication that is governed by the people in the industry is always the most compelling and the quality of experience leveraged and information gathered is immediately evident. This journal serves as an industry standard for excellence in reporting on the many facets of our profession, as well as showing where it is going."
Data breach litigation and regulatory enforcement: A survey of our present and how to prepare for the future
Click the button below to download the full text of the article.
Abstract: Americans have grown accustomed to the drumbeat of data breaches, particularly because most have involved credit card data where individuals are protected from harm and almost never suffer out-of-pocket losses. But the more recent data breaches — Equifax, Yahoo! and the United States Office of Personnel Management — raise new concerns because of the amount of highly sensitive data that has been compromised. These compromises have caught the attention of the Federal Trade Commission (FTC), state attorneys general and Congress, and, as a result, the approaches to privacy-related harms are changing. This paper explores the circuit courts of appeals’ approaches to privacy harms in data breach cases, specifically with regard to Article III standing, and the FTC’s approach in its privacy and cyber security enforcement actions. After examining both approaches, this paper concludes with insights into best practices on dealing with the shifting legislative, judicial and regulatory climate surrounding breaches.
Keywords: privacy, cyber security, data breach, standing, Federal Trade Commission, circuit courts of appeals, emerging trends
Behnam Dayanim is a partner in the Washington, DC office of the international law firm Paul Hastings LLP, where he is global co-chair of the Privacy and Cybersecurity Practice and chair of the Advertising and Gaming Practice.
Edward George is an associate in the Privacy and Cybersecurity Practice and the Advertising and Gaming Practice groups.