PRIVACY + SECURITY BLOG

News, Developments, and Insights

In re Zappos: The 9th Circuit Recognizes Data Breach Harm

Data Breach Harm and Standing: Increased Risk of Future Harm

In In re Zappos.com, Inc., Customer Data Security Breach Litigation (9th Cir., Mar. 8, 2018), the U.S. Court of Appeals for the 9th Circuit issued a decision that represents a more expansive way to understand data security harm.  The case arises out of a breach where hackers stole personal data on 24 million+ individuals.  Although […]

Read More…

Risk and Anxiety: A Theory of Data Breach Harms

Risk and Anxiety Theory of Data Breach Harms

My new article was just published: Risk and Anxiety: A Theory of Data Breach Harms,  96 Texas Law Review 737 (2018).  I co-authored the piece with Professor Danielle Keats Citron.  We argue that the issue of harm needs a serious rethinking. Courts are too quick to conclude that data breaches don’t create harm.  There are two […]

Read More…

My Privacy and Security Scholarship in 2017

Scholarship about Privacy and Security

In this post, I provide a brief overview of my scholarship last year. Risk and Anxiety: A Theory of Data Breach Harms  I co-authored  Risk and Anxiety: A Theory of Data Breach Harms with Professor Daniel Keats Citron.  The piece is forthcoming in Texas Law Review this year.  Even though there continues to be a steady […]

Read More…

When Do Data Breaches Cause Harm?

  Harm has become the key issue in data breach cases. During the past 20 years, there have been hundreds of lawsuits over data breaches. In many cases, the plaintiffs have evidence to establish that reasonable care wasn’t used to protect their data. But the cases have often been dismissed because courts conclude that the […]

Read More…

When Is a Person Harmed by a Privacy Violation? Thoughts on Spokeo v. Robins

privacy

When is a person harmed by a privacy violation? The U.S. Supreme Court just handed down a decision in an important case, Spokeo Inc. v. Robins.   Plaintiff Thomas Robins sued Spokeo under the Fair Credit Reporting Act (FCRA) because Spokeo had inaccurate information about him in its profile.  Spokeo’s profiles are used by potential employers […]

Read More…