Standing in Data Breach Cases: A Review of Recent Trends

Robert D. Fram, Simon J. Frankel and Amanda C. Lynch of Covington & Burling write:

For most substantial companies, it is said, experiencing a data breach is not a matter of “if,” but “when.” Particularly when a company is consumer-facing, any publicized data breach is likely to be followed by consumer class action lawsuits.

For several years, Covington and other litigation defense teams have succeeded in obtaining dismissals of class action privacy and security lawsuits at an early stage because named plaintiffs have failed to prove sufficient actual harm to merit standing to sue. And we are engaged in briefing how the law of standing will be addressed by the U.S. Supreme Court in its next term in the case of Robins v. Spokeo Inc., 742 F.3d 409 (9th Cir. 2014), cert.granted, 135 S. Ct. 1892 (Apr. 27, 2015) (No. 113-1339).1

This article addresses how courts approach standing in data breach cases following the Supreme Court’s decision in Clapper v. Amnesty International, 133 S. Ct. 1138 (2013), and analyzes which alleged injuries are more likely to be durable in the face of a motion to dismiss.

Read more on Bloomberg BNA.

About the author: Dissent