Individual plaintiffs have not had much success bringing private actions against businesses affected by security breaches.  In particular, a number of courts have held that the abstract risk of identity theft is not a cognizable injury.  And most recently, the Maine Supreme Judicial Court has determined that even those individuals actually victimized by identity theft may have difficulty establishing injury if they are reimbursed in full by their financial institutions. 

The Maine court found that time and effort that victims of identity theft spend identifying and correcting fraudulent credit card activity is not sufficient to show a cognizable injury for purposes of a negligence or breach of an implied contract claim.  The court found these are uncompensable as the “typical annoyances or inconveniences that are a part of everyday life.” 

The court was responding to a question certified by the U.S. District Court for the District of Maine in connection with more than two dozen class complaints filed against Maine-based grocery chain Hannaford Bros. Co.  The claims against Hannaford were filed after its May 2008 announcement that a hacker had compromised its electronic payment processing system and stolen up to 4.2 million customer debit and credit card numbers, expiration dates, security codes, PINs, and other customer information.

Tags: Class Action, Data Breach, Data Security
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws.

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations. 

Chambers USA 2024 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”

Read more about Libbie CanterEmail
Show more Show less