Plaintiffs seeking to pursue negligence claims for the disclosure of their personal information in a data breach often face hurdles in pleading a sufficient injury. The claimants’ failure to plead a sufficient injury frequently is the basis for dismissal. However, in a very interesting recent decision, the Georgia Supreme Court reversed the intermediate appellate court’s affirmance of the dismissal of the plaintiffs’ data breach claims, finding that the claimants had sufficient standing to assert their claims where they alleged that the disclosure of their personal information left them at an “imminent and substantial risk of identity theft.” As discussed below, the Court’s holding arguably makes data breach claims under Georgia law less susceptible to dismissal. However, as also discussed below, there are important limitations to the Court’s holding.
Continue Reading Georgia Supreme Court: Risk of Future Identity Theft Sufficient to Support Data Breach Negligence Claim

John Reed Stark

The Capital One data hack has attracted a great deal of attention, not least because of the size and extent of the breach, but also because the hacker apparently managed to steal data from The Cloud. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a closer look at this aspect of the Capital One data breach and asked whether Amazon, the cloud service provider, can be held liable for the hack? Stark takes a close look at the technology involved and analyzes the potential liability issues between Capital One, on the one hand, and Amazon, on the other. A version of this article originally appeared on Securities Docket. My thanks to John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Is Amazon Liable for the Capital One Hack?