Chalk up another one for corporations: The Bank of New York Mellon was successful in having a lawsuit against it dismissed. A lawsuit was brought forward when the bank lost a tape with personal information. Encryption software like AlertBoot was not used in to protect the contents of the backup tape, which prompted a number of the bank's clients to sue it.
The loss of the backup tape, which prompted the lawsuit, occurred back in 2008. It's not a secret that the US legal system works slowly. While many might point to it as evidence of a system that is not up to speed and possibly breaking down, I'd like to think that the courts are spending a lot of energy in trying to decide what the correct approach to the issue happens to be. After all, it's also no secret that our laws do not reflect the various social issues that have exploded on the scene with the advent of the digital revolution. At this point, though, it's pretty apparent what the courts think: future-oriented harm is grounds for a summary judgment to the defendants. You can't castigate anyone for hypothetical and conjectural harms. I mean, we've seen what happened in the eastern European bloc during the Cold War: it's a slippery slope.
The loss of the backup tape, which prompted the lawsuit, occurred back in 2008.
It's not a secret that the US legal system works slowly. While many might point to it as evidence of a system that is not up to speed and possibly breaking down, I'd like to think that the courts are spending a lot of energy in trying to decide what the correct approach to the issue happens to be.
After all, it's also no secret that our laws do not reflect the various social issues that have exploded on the scene with the advent of the digital revolution.
At this point, though, it's pretty apparent what the courts think: future-oriented harm is grounds for a summary judgment to the defendants. You can't castigate anyone for hypothetical and conjectural harms. I mean, we've seen what happened in the eastern European bloc during the Cold War: it's a slippery slope.
Nope, instead, plaintiffs must be able to show that they were harmed by a data breach. And, even then, there are caveats: Although several plaintiffs experienced unauthorized credit transactions after the tapes were lost, they acknowledged during discovery that they had not suffered identity theft or any fraud as a result of the tape loss thereby dooming their claims [prokauser.com] As a non-lawyer, I'm not sure why unauthorized credit transactions wouldn't be considered fraud. Perhaps these transactions were reversed (or refunded) by the bank, or possibly the credit card companies, meaning that there was no harm? Regardless, the latest case just goes on to prove what legal experts have said from day one: these is no way to win these lawsuits. In my opinion, a better approach might be to use these same resources (time, money, and energy) into lobbying your representatives for a new law. I mean, currently, the only laws that have any bearing on the issue are the many state laws on data breach notifications, which include security tools like laptop encryption from AlertBoot as a reason for granting safe harbor--not an unjustifiable decision, actually. But, it seems like companies could be pressured to do a little bit more when it comes to data security. The existing laws have successfully revealed that the nation has a problem, and a big one at that. Perhaps now is the time to take the next step.
Nope, instead, plaintiffs must be able to show that they were harmed by a data breach. And, even then, there are caveats:
Although several plaintiffs experienced unauthorized credit transactions after the tapes were lost, they acknowledged during discovery that they had not suffered identity theft or any fraud as a result of the tape loss thereby dooming their claims [prokauser.com]
As a non-lawyer, I'm not sure why unauthorized credit transactions wouldn't be considered fraud. Perhaps these transactions were reversed (or refunded) by the bank, or possibly the credit card companies, meaning that there was no harm?
Regardless, the latest case just goes on to prove what legal experts have said from day one: these is no way to win these lawsuits. In my opinion, a better approach might be to use these same resources (time, money, and energy) into lobbying your representatives for a new law.
I mean, currently, the only laws that have any bearing on the issue are the many state laws on data breach notifications, which include security tools like laptop encryption from AlertBoot as a reason for granting safe harbor--not an unjustifiable decision, actually.
But, it seems like companies could be pressured to do a little bit more when it comes to data security. The existing laws have successfully revealed that the nation has a problem, and a big one at that. Perhaps now is the time to take the next step.
Related Articles and Sites:http://privacylaw.proskauer.com/2010/06/articles/data-breaches/proskauer-litigators-notch-another-victory-for-the-bank-of-new-york-mellon-in-identity-exposure-lawsuit/http://www.databreaches.net/?p=12352