October 27, 2015

A Perilous Patchwork: Data Privacy and Civil Liability in the Era of the Data Breach

After a data breach, companies are often accused of having failed to adequately protect their customers’ information, with that failure-so the argument goes-having led to the breach. Who brings these allegations? Many may think that they are brought by “the government.” However, there is no single agency in the United States charged with enforcing data protection. Instead, there is a patchwork of regulatory agencies that handle these issues, depending on both the nature of the company’s business and the activities in which it engages.

Historically, the Federal Trade Commission (FTC) has taken the lead in privacy law enforcement, largely bringing privacy violation actions under an unfair or deceptive trade practice theory. Now, however, with the rise of security breaches and an ever-increasing ability for companies to collect, store, and make use of consumer data, state attorneys general (AGs) and the class action bar are joining the brigade by bringing privacy-related actions under varied legal theories. This medley of enforcers and laws, coupled with the evolving nature of privacy concerns generally, means that companies in the United States face significant compliance challenges both when developing new products and technology and when establishing or refining programs to protect existing data and information systems.

What does all of this mean? As companies face the reality that they may be the next victim of a data breach, they must also understand and prepare themselves for the additional legal challenges that could follow. This is an area of the law that is constantly developing, and courts have had different interpretations of what plaintiffs must show to maintain a suit. It is clear that businesses are faced with a multifaceted enforcement landscape, which adds a significant layer of complexity to the existing collection of data-privacy-related laws that companies must juggle.

View PDF
ILR Briefly: A Bad Match: Illinois and the Biometric Information Privacy Act Data Privacy ILR Briefly: Municipality Litigation: A Continuing Threat Municipality Litigation, State Attorneys General Litigation vs. Restoration: Addressing Louisiana's Coastal Land Loss Municipality Litigation, State Attorneys General ILR Briefly COVID-19 Series: Liability Overview COVID-19 Liability, Data Privacy, False Claims Act (FCA), Securities Litigation Reform, Third Party Litigation Funding (TPLF) 2019 Winter | ILR Research Review | Volume 6, Issue 3 Data Privacy, Third Party Litigation Funding (TPLF)
We Use Cookies to Make your Experience Better

What do we use cookies for?

We use cookies and similar technologies to recognize your repeat visits and preferences, as well as to measure the effectiveness of campaigns and analyze traffic. To learn more about cookies, including how to disable them, view our Cookie Policy. By clicking "I Accept" or "X" on this banner, or using our site, you consent to the use of cookies unless you have disabled them.