What constitutes a privacy harm? For those of us covering data breaches and privacy breaches, there’s been a somewhat disturbing trend by courts to restrict the notion of “harm” to unreimbursed financial harm due to a breach. Worry, embarrassment, time lost, and increased risk of future harm are recognized as being consequences, but generally, plaintiffs haven’t prevailed unless they can prove actual financial damages. Here’s another opinion out of the Ninth Circuit in that trend.
Dan Goodin reports:
A man whose social security number and other personal data were exposed by a company that processed his job application has no legal claims because no actual damage resulted from the privacy breach, a federal appeals court has ruled.
The decision, issued late last week by the Ninth US Circuit Court of Appeals, is likely to make life more difficult for people suing Facebook and other companies in California for not adequately protecting user information. It upheld a lower court ruling that said the mere possibility of damage and the cost of monitoring credit reports didn’t count as the harm needed to bring a lawsuit under laws in the state.
The case arose from the theft of one or more laptops from Vangent, a company that processed job applications for clothing retailer The Gap.
Read more in The Register.
Previous coverage of this breach can be found in PogoWasRight.org’s archives, here.
The court’s opinion: Ruiz v. Gap, Inc. (9th Cir. May 28, 2010)