Data Losses May Spur LawsuitsBy Matt Hines | Posted 2006-06-08 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce REGISTER >
Corporations may be sued over data breaches if security measures don't improve.From the nation's largest financial services institutions to the local YMCA, legal and privacy experts maintain that organizations that inadvertently or secretly expose their customers' data will increasingly face legal action.
On June 6, the Department of Veterans Affairs was hit with two class action lawsuits related to the theft of an employee's laptop computer. The theft, reported in late May, held the information of 26.5 million current and former servicemen. The veterans behind the suit are seeking $1,000 for each person whose information was stolen.
According to legal experts, most companies are not yet operating under the same type of rigorous data protection statutes that the federal government requires of its branches. That means individuals affected by such data losses at corporate enterprises lack the options available to those who seek legal recourse against a federal government branch.
But the legal tide may turn, and technology managers will be on the front lines securing information to keep their companies out of the courtroom.
"It's very important to enforce our existing privacy laws and bring these types of cases because the government and the private sector seem to be doing such a poor job of safeguarding people's information," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, in Washington. "Enforcement of the Federal Privacy Act is critical to protecting individuals, and we will see more lawsuits."
In some cases, including the Ohio attorney general's pending suit against retailer Designer Shoe Warehouse, plaintiffs will push companies to spell out all the gory details of their customer data mishandlings. In other cases, such as a recently filed class action suit brought by California consumers against a Los Angeles used-car company, Drive Time, plaintiffs will seek financial remuneration against companies that deal customer data to others without first getting permission to do so.
In cases such as these, and in many other scenarios, companies will be held more accountable under the law, experts said.
Rotenberg, a lawyer and law professor at Georgetown University, said that although the Federal Privacy Actpassed by Congress in 1974may need to be updated to address new technologies and electronic data uses, the legislation should serve as a sufficient basis for legal claims as more consumers look for payback.
Other lawyers agree. Ray Everett-Church, an attorney and chief privacy officer at Philadelphia-based consultancy ePrivacy Group, said the Federal Trade Commission's fining of ChoicePoint, a consumer data aggregator found guilty of selling the information of 163,000 Americans to fraudsters, paves the way for future legal action. The FTC fined ChoicePoint $15 million in January for failing to better protect consumer data.
Read the full story on eWEEK.com: Data Losses May Spur Lawsuits