CHAPTER MENU

1. Article III Standing
2. Common Causes of Action Arising from Data Breaches
3. Class Action Certification in Data Breach Litigation
4. Insurance Coverage for Cybersecurity Incidents
5. Protecting Cybersecurity Work Product and Communications from Discovery

For good reason, businesses pay close attention to the FTC's statements about data security. After all, the FTC is, by far, the leading regulator when it comes to data security. However, businesses are just as concerned about the threat of class action litigation arising from data breaches and other cybersecurity incidents. Using centuries-old common law claims such as negligence, misrepresentation, and breach of contract – as well as private actions available under some state consumer protection statutes – plaintiffs' lawyers are increasingly seeking large damages from companies that they argue failed to adequately safeguard customer data. Indeed, after high-profile data breaches, it is common to see plaintiffs' lawyers battle to represent the class of individuals whose data was exposed (entitling the lawyers to a rather hefty fee if they prevail).

To understand the concepts in this chapter, it is helpful to briefly review the key procedural stages of civil lawsuits. Civil litigation in U.S. federal courts begins with the filing of a complaint, in which the plaintiffs provide a short and plain statement of the facts of their lawsuit, and describe why the defendant's actions violated either ...