All posts in Lawsuits

When Do Data Breaches Cause Harm?

Daniel Solove
Founder of TeachPrivacy

 

Harm has become the key issue in data breach cases. During the past 20 years, there have been hundreds of lawsuits over data breaches. In many cases, the plaintiffs have evidence to establish that reasonable care wasn’t used to protect their data. But the cases have often been dismissed because courts conclude that the plaintiffs have not suffered harm as a result of the breach. Some courts are beginning to recognize harm, leading to significant inconsistency and uncertainty in this body of law.

Continue Reading

A Gaping Hole in Consumer Privacy Protection Law

Daniel Solove
Founder of TeachPrivacy

A Gaping Hole in Consumer Privacy Protection Law

Recently, the U.S. Court of Appeals for the 9th Circuit issued a decision with profound implications for consumer privacy protection law. In FTC v. AT&T Mobility (9th Cir. Aug. 29, 2016), a 3-judge panel of the 9th Circuit held that the Federal Trade Commission (FTC) lacks jurisdiction over companies that engage in common carrier activity. The result is that there is now a gaping hole in consumer privacy protection law.

Continue Reading

The Hulk Hogan Gawker Sex Video Case, Free Speech, and the Verdict’s Impact

Daniel Solove
Founder of TeachPrivacy

Wikicommons - Public Domain Photo by Kristin Fitzsimmons

In a high-profile privacy lawsuit, former pro-wrestler Hulk Hogan won a $115 million jury verdict against Gawker for posting his sex video without his consent. Hulk Hogan, whose real name is TerryBollea, brought a lawsuit for invasion of privacy and other torts.  Under one of the main privacy torts — public disclosure of private facts — one can be liable if one widely and publicly discloses private information about another that would be highly offensive to a reasonable person and not of legitimate concern to the public.

Continue Reading

Can the FBI Force Apple to Write Software to Weaken Its Software?

Daniel Solove
Founder of TeachPrivacy

Privacy Awareness TrainingA dramatic legal battle is taking place that will have dramatic implications for the future of technology, privacy, security, and the extent of government power.  The FBI obtained an order from a magistrate judge to force Apple to develop software to help the FBI break into an encrypted iPhone.

Continue Reading

Without Scalia, Will There Be a 4th Amendment Revolution?

Daniel Solove
Founder of TeachPrivacy

title image

The passing of Justice Antonin Scalia has brought a wave of speculation about current and future U.S. Supreme Court cases.  One area where there might be a significant impact will be the 4th Amendment, which provides the primary constitutional protection against government surveillance and information gathering.  A new justice could usher in a dramatic expansion in 4th Amendment protections against government surveillance.

Continue Reading

Sunken Safe Harbor: 5 Implications of Schrems and US-EU Data Transfer

Daniel Solove
Founder of TeachPrivacy

sunken safe harbor

By Daniel J. Solove

In a profound ruling with enormous implications,the European Court of Justice (ECJ) has declared the Safe Harbor Arrangement to be invalid.

[Press Release]  [Opinion]

The Safe Harbor Arrangement

The Safe Harbor Arrangement has been in place since 2000, and it is a central means by which data about EU citizens can be transferred to companies in the US.  Under the EU Data Protection Directive, data can only be transferred to countries with an “adequate level of protection” of personal data.  The EU has not deemed the US to provide an adequate level of protection, so Safe Harbor was created as a work around.

Continue Reading

Boards of Directors Must Grapple with Privacy and Cybersecurity

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

Privacy and cybersecurity have become issues that should be addressed at the board level. No longer minor risks, privacy and cybersecurity have become existential issues. The costs and reputational harm of privacy and security incidents can be devastating.

Yet not enough boards are adequately engaged with these issues. According to a survey last year, 58% of members of boards of directors believed that they should be actively involved in cyber security. But only 14% of them stated that they were actively involved.

Continue Reading

Law Firm Cyber Security and Privacy Risks

Daniel Solove
Founder of TeachPrivacy

Title image

By Daniel J. Solove

Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organizations. Incidents can be catastrophic. On a scale of 1 to 10, the risks law firms are facing are an 11.

This is not time for firms to keep calm and carry on. The proper response is to freak out.

Continue Reading

Drones, Data Breaches, Cramming, and Other Privacy + Security Updates

Daniel Solove
Founder of TeachPrivacy

drones and data breaches

by Daniel J. Solove

This post is co-authored with Professor Paul M. Schwartz.

This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here.

We became quite busy after the last update, so we’re a bit backlogged. We are catching up on developments late last year and we have a lot of material. We will release the next issue soon, as there is too much material to fit into this issue.

For a PDF version of this post, click here.

Continue Reading

Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole

Daniel Solove
Founder of TeachPrivacy

hipaa lawsuits 1

by Daniel J. Solove

At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with a way to sue when their rights under these laws are violated. Instead, these laws are enforced by agencies.

Continue Reading

Jennifer Lawrence’s Nude Photos and Civil Rights Law: An Interview with Danielle Citron

Daniel Solove
Founder of TeachPrivacy

Online Harm

“It is a sexual violation. It’s disgusting.
The law needs to be changed, and we need to change.”
Jennifer Lawrence on her nude photos being
non-consensually disclosed online

Fairly recently, Jennifer Lawrence’s iCloud account was hacked and her private nude photos were stolen and posted online. She was mortified.

Her case is just one of many, according to Professor Danielle Citron (University of Maryland School of Law), who very recently published a book about online harassment, Hate Crimes in Cyberspace (Harvard University Press 2014).

Citron - Hate Crimes in Cyberspace

It is a compelling and provocative book. It is a bold book. And as the recent news stories indicate, it is a book that couldn’t be more timely and more needed. One might think that online harassment is rare. Who would write such mean and vile things? What kind of person would harass Zelda Williams, the daughter of Robin Williams, who was viciously attacked online immediately after her father’s death? Even Caligula would show more humanity.

Continue Reading

Why Do Lawsuits for Data Breaches Continue Even Though the Law Is Against Plaintiffs?

Daniel Solove
Founder of TeachPrivacy

chess pic 1

by Daniel J. Solove

If there’s a big data breach, the class action lawyers will start nipping like a bunch of hungry crocodiles. Upwards of forty separate lawsuits were filed against Target after its data breach, and one was filed the day after the breach became public knowledge.

The law, however, has thus far been far from kind to plaintiffs in data breaches. Most courts dismiss claims for lack of harm. I have written extensively about harm in a series of posts on this blog, and I have chided courts for failing to recognize harm when they should.

Continue Reading

Why the C-Suite Should Have Coffee with the Privacy and Security Officers Every Week

Daniel Solove
Founder of TeachPrivacy

 

c suite blog 1

by Daniel J. Solove

As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme:

The C-Suite must care

The workforce must be aware

In this post, I want to focus on the “C-Suite” – a term used for the upper management of an organization, its top officers.

The C-Suite must care about data security.

But far too often, the C-Suite doesn’t fully appreciate the risks and could use a better understanding of the law.

Continue Reading

How Should the Law Handle Privacy and Data Security Harms?

Daniel Solove
Founder of TeachPrivacy

law handle privacy and data security harms 1

by Daniel J. Solove

In three earlier posts, I’ve been exploring the nature of privacy and data security harms.

In the first post, Privacy and Data Security Violations: What’s The Harm?, I explored how the law often fails to recognize harm for privacy violations and data breaches.

In the second post, Why the Law Often Doesn’t Recognize Privacy and Data Security Harms, I examined why the law has struggled in recognizing harm for privacy violations and data breaches.

Continue Reading

Do Privacy Violations and Data Breaches Cause Harm?

Daniel Solove
Founder of TeachPrivacy

L

by Daniel J. Solove

In two earlier posts, I’ve been exploring the nature of privacy and data security harms.

Post 1: Privacy and Data Security Violations: What’s The Harm?

Post 2: Why the Law Often Doesn’t Recognize Privacy and Data Security Harms

In this post, I want to explore two issues that frequently emerge in privacy and data security cases: (a) the future risk of harm; and (b) individual vs. social harm.

Continue Reading

Why the Law Often Doesn’t Recognize Privacy and Data Security Harms

Daniel Solove
Founder of TeachPrivacy

why the law blog 1

by Daniel J. Solove

In my previous post on privacy/security harms, I explained how the law is struggling to deal with privacy and data security harms. In this post, I will explore why.

The Collective Harm Problem

One of the challenges with data harms is that they are often created by the aggregation of many dispersed actors over a long period of time. They are akin to a form of pollution where each particular infraction might, in and of itself, not cause much harm, but collectively, the infractions do create harm.

Continue Reading

The SeaWorld Killer Whale Death Video and the Right to Privacy

Daniel Solove
Founder of TeachPrivacy

Orca Sea World

The Washingtonienne Case and the Still-Very-Much-Alive Public Disclosure Tort

Daniel Solove
Founder of TeachPrivacy

Washingtonienne Case

Earlier this summer, I blogged about the Washingtonienne case. Recently law professor Andrew McClurg wrote a piece for the Washington Post about the case. He writes:

Cutler’s blog, written under the pseudonym Washingtonienne, was a daily diary of her sex life while working as a staffer for Sen. Mike DeWine (R-Ohio). It recounted, entertainingly and in considerable — sometimes embarrassing — detail, her ongoing relationships with six men, including [the] plaintiff. . . .

Although McClurg notes that the plaintiff “suffered a genuine wrong,” he also states that the law “appears to be against him” because he “does not allege that any of the statements about him are untrue.” McClurg notes that the plaintiff is suing under the public disclosure of private facts tort, which “provides a remedy when one publicizes private, embarrassing, non-newsworthy facts about a person in a manner that reasonable people would find highly offensive.” McClurg notes that “while Cutler’s actions may meet this standard, courts have long been hostile to such lawsuits because of a fear of inhibiting free speech.” McClurg continues:

In 1989 the court tossed out a lawsuit against a newspaper for publishing a rape victim’s name in violation of Florida law. While it stopped short of ruling that a state may never punish true speech, the test it adopted for when that can be done without violating the First Amendment is so stringent Justice Byron White lamented in dissent that the court had “obliterate[d]” the public disclosure tort.

Not so. Time after time the Supreme Court has explicitly carved out space for the public disclosure tort to exist. In the series of cases involving the First Amendment and privacy restrictions on true speech, the Court has always confined the First Amendment to speech about matters “of public significance.” The Court did this in Smith v. Daily Mail Pub. Co., 443 U.S. 97, 103 (1979) as well as its most recent case on the issue, Bartnicki v. Vopper, 532 U.S. 514 (2001), where the Court held that “privacy concerns give way when balanced against the interest in publishing matters of public importance.” Id. at 534.

Continue Reading