2 Cybersecurity Litigation
For good reason, businesses pay close attention to the FTC's statements about data security. After all, the FTC is, by far, the leading regulator when it comes to data security. However, businesses are just as concerned about the threat of class action litigation arising from data breaches and other cybersecurity incidents. Using centuries‐old common‐law claims such as negligence, misrepresentation, and breach of contract—as well as private actions available under some state consumer protection statutes—plaintiffs' lawyers are increasingly seeking large damages from companies that they argue failed to adequately safeguard customer data. Indeed, after high‐profile data breaches, it is common to see plaintiffs' lawyers battle to represent the class of individuals whose data was exposed (entitling the lawyers to a rather hefty fee if they prevail).
To understand the concepts in this chapter, it is helpful to briefly review the key procedural stages of civil lawsuits. Civil litigation in U.S. federal courts begins with the filing of a complaint, in which the plaintiffs provide a short and plain statement of the facts of their lawsuit1 and describe why the defendant's actions raised concerns under either a common‐law cause of action (e.g., negligence or breach of contract) or a statute (e.g., a state consumer protection law). The defendant then has a chance to file a motion to dismiss, in which the defendant argues that even if all of the facts ...
Get Cybersecurity Law, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.