We’ve discussed before challenges faced by plaintiffs in establishing Article III standing when they sue companies after a data breach, and some of the novel theories they’ve used to clear the Article III hurdle. Today’s post looks at the latest one of these theories. When a business suffers a data […]
Data-privacy legislation is in vogue. Including in North Carolina. But this post looks at the new data-privacy law in a different state, California. The law, called the California Consumer Privacy Act (or “CaCPA” to some), was a hurried response to a proposed citizen-ballot initiative (the history of which is the […]
In a typical data-breach lawsuit, a business acknowledges it has been hacked. Indeed, the precipitating event leading to litigation is often the business’s notification to affected individuals that their personal information has been compromised. What if individuals suspect a business has been hacked, but the business denies it? Can those […]
As we’ve discussed, after a company experiences a data breach, government regulators can be a key source of privacy and data-security litigation. The Federal Trade Commission, for instance, often uses its authority under Section 5 of the FTC Act to sue companies for privacy and data-security failures. One common theory? […]