Last week, the Ninth Circuit issued two opinions in connection with the theft of an unencrypted laptop that contained personal information about Starbucks employees.  First, the court held in a published opinion that Starbucks employees whose names, addresses and Social Security numbers were on the stolen computer could show that they had suffered enough injury to sustain their claim for purposes of getting into federal court.  Specifically, the court found that the increased risk of identity theft satisfies the requirement that plaintiffs show an injury so long as there is a “credible threat of harm” that is “both real and immediate, not conjectural or hypothetical.”  The court also found that “generalized anxiety and stress” are other kinds of harm that could satisfy the requirement.

Although the Starbucks employees satisfied the injury requirement, a second, unpublished Ninth Circuit opinion issued the same day indicated that they had not shown damages — a key issue in privacy litigation.  “The mere danger of future harm, unaccompanied by present damage, will not support a negligence action,” held the court. (We have elsewhere reported on the challenges that individuals affected by security breaches face in establishing damages.)  The Ninth Circuit also found that the Starbucks employees failed to show the existence of an implied contract under Washington law.

Tags: Article III, Damages, Data Breach, Injury, Starbucks
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

Read more about Libbie CanterEmail
Show more Show less