In a Data-Breach Lawsuit, Can Plaintiffs Use a Company’s Data Breach Notice to Establish Standing?
Alex M. Pearce of Ellis & Winters LLP writes:
….. When a business suffers a data breach, state laws require the business to send a notice to affected individuals. Those laws typically prescribe the contents of the required notice—sometimes in detail. North Carolina’s data breach notification statute, for instance, requires the notice to include “[a]dvice that directs the person to remain vigilant by reviewing account statements and monitoring free credit reports.”
An interesting new decision from a federal court in California called Brett v. Brooks Brothers examines how this advice—which one might read as tacitly acknowledging that breaches create a risk of future fraud and identity theft—can affect a court’s standing analysis.
Read more on Lexology.