"A deluge of data-breach lawsuits has a growing number of U.S. judges insisting victims show exactly how their leaked personal data caused "tangible harm," a high bar that is getting more cases tossed out of court. Judges are also requiring plaintiffs to trace any damages back to a particular breach-a tougher condition to meet as more hackers trade stolen data on the dark web."
""The message is clear," said John Carlin, chair of the cyber group at law firm Paul, Weiss, Rifkind, Wharton & Garrison: "Having personal information exposed in a data breach-which has happened to everyone-is not enough to sue." Instead, judges want to see out-of-pocket expenses or actual losses from identity theft or fraud, said James Lee, data privacy and cybersecurity partner at Boies Schiller Flexner. "They are less inclined to find an injury-in-fact for emotional distress or a potential future harm," he said."
U.S. courts are raising the bar for data-breach plaintiffs by requiring concrete, tangible harm and a direct link between damages and a specific breach. Many lawsuits are being dismissed because exposed personal information alone does not satisfy injury requirements. Courts demand out-of-pocket costs or demonstrable losses from identity theft or fraud as proof of injury. Emotional distress and speculative future harms are increasingly insufficient to establish standing. The proliferation of stolen-data trading on the dark web complicates efforts to trace damages to a single breach, making it harder for victims to meet evidentiary thresholds and sustain litigation.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]