PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Standing in Data Breach Cases: Why Harm Is Not “Manufactured”

Data Breach Standing - 11th Circuit

In a recent case, the U.S. Court of Appeals for the 11th Circuit weighed in on an issue that has continued to confound courts: Is there an injury caused by a data breach when victims don’t immediately suffer financial fraud?  I wrote on this issue in an article with Professor Danielle Citron in 2018, Risk and Anxiety: […]

Read More…

Privacy Harms

Privacy Harms

Professor Danielle Keats Citron (University of Virginia School of Law) and I have just posted a draft of our new article, Privacy Harms, on SSRN (free download). Here’s the abstract: Privacy harms have become one of the largest impediments in privacy law enforcement. In most tort and contract cases, plaintiffs must establish that they have […]

Read More…

Top 10 Privacy Law Developments of the Decade 2010-2019

Top 10 Privacy Law Developments of the Decade 2010-2019 02

It is an understatement to say that a lot has happened in privacy law during the past decade. Here is my list of the most notable developments. NOTE: I am giving a particular emphasis to what I find to be notable from a United States perspective.  What is notable privacy law depends upon where one […]

Read More…

The Trouble with Spokeo: Standing, Privacy Harms, and Biometric Information

Rivera v Google BIPA - Illinois Biometric Information Privacy Act - Facial Recognition - Spokeo

A recent case involving the Illinois Biometric Information Privacy Act (BIPA), Rivera v Google (N.D. Ill. No. 16 C 02714, Dec. 28, 2018), puts the ills of Spokeo Inc. v. Robins on full display.  In Rivera, plaintiffs sued Google under BIPA, which prohibits companies from collecting and storing specific types of biometric data without people’s consent.  The plaintiffs alleged that Google […]

Read More…

The Robocall Wars: The Rise of Robocalls and the TCPA Robocall Cops

Robocalls and the TCPA Robocall Cops 02

Move over robocop, there’s a new constable in town — the robocall cop. In the past decade, robocalls have surged.  There has also been a dramatic rise in litigation about these calls under the Telephone Consumer Protection Act (TCPA). The TCPA litigation is led by a small group of serial litigators, people who have assumed the […]

Read More…

The Future of Cybersecurity Insurance and Litigation: An Interview with Kimberly Horn

Cybersecurity litigation is currently at a crossroads. Courts have struggled in these cases, coming out in wildly inconsistent ways about whether a data breach causes harm. Although the litigation landscape is uncertain, there are some near certainties about cybersecurity generally: There will be many data breaches, and they will be terrible and costly. We thus […]

Read More…

Why I Love the GDPR: 10 Reasons

GDPR Love 01

I have a confession to make, one that is difficult to fess up to on the US side of the pond: I love the GDPR. There, I said it. . . In the United States, a common refrain about GDPR is that it is unreasonable, unworkable, an insane piece of legislation that doesn’t understand how […]

Read More…

In re Zappos: The 9th Circuit Recognizes Data Breach Harm

Data Breach Harm and Standing: Increased Risk of Future Harm

In In re Zappos.com, Inc., Customer Data Security Breach Litigation (9th Cir., Mar. 8, 2018), the U.S. Court of Appeals for the 9th Circuit issued a decision that represents a more expansive way to understand data security harm.  The case arises out of a breach where hackers stole personal data on 24 million+ individuals.  Although […]

Read More…

Risk and Anxiety: A Theory of Data Breach Harms

Risk and Anxiety Theory of Data Breach Harms

My new article was just published: Risk and Anxiety: A Theory of Data Breach Harms,  96 Texas Law Review 737 (2018).  I co-authored the piece with Professor Danielle Keats Citron.  We argue that the issue of harm needs a serious rethinking. Courts are too quick to conclude that data breaches don’t create harm.  There are two […]

Read More…