Who Has Standing in a Data Breach Litigation? In The Third Circuit, Fear of Speculative Future Harm Still Doesn’t Cut It
Aaron Garavaglia and Kristin Bryan of Squire Patton Boggs write:
As the number of data breaches continue to rise, so too will the number of lawsuits filed. As CPW previously reported, the number of data breaches in 2020 was more than double that of 2019. One can only wonder what 2021 will bring. Yet with this increase in data breach litigation, a recent opinion within the Third Circuit reminds us of the crucial issue of standing, which is often challenged at the onset of a lawsuit. In a data breach, when (if ever) does a plaintiff suffer an actual injury? Is the disclosure of certain categories of information in a breach, such as Social Security numbers, by itself enough, or must (as the majority of courts have held) a plaintiff allege that she was actually the victim of identity theft and fraudulent charges were placed on her accounts? Clemens v. Execupharm, Inc., No. 20-cv-3383, 2021 U.S. Dist. LEXIS 35178 (E.D. Pa. Feb. 25, 2021) reminds us that the Third Circuit at least requires more than theft or disclosure of personal information for a plaintiff to have standing in a data breach litigation.
Read more on Consumer Privacy World.