Abstract

http://ssrn.com/abstract=1710761
 
 

Footnotes (182)



 


 



Warranting Data Security


Juliet M. Moringiello


Widener University - School of Law

November 17, 2010

Brooklyn Journal of Corporate, Financial & Commercial Law, Vol. 5, 2010
Widener Law School Legal Studies Research Paper No. 10-36

Abstract:     
Massive data security breaches have grabbed headlines in the past few years. The data thieves responsible for these breaches have stolen the credit and debit card data of customers of retailers such as TJ Maxx, DSW Shoe Warehouse, BJ’s Wholesale Club, and the Hannaford grocery store chain. A thief in control of this payment card data, which can include debit and credit card numbers, expiration dates, security codes and personal identification numbers, has the ability to open new credit accounts and make charges on existing consumer accounts. These data breaches leave individuals fearful that their personal information will be used in ways that will disrupt their financial transactions and damage their credit.

Consumers affected by data breaches understandably feel exposed to serious financial harm, even in the absence of liability for fraudulent charges. A consumer’s credit score affects her ability to finance important purchases, and the events that occur in aftermath of a data breach can negatively affect that score. Because these losses are not addressed by existing privacy and payment system statutes, consumers have attempted to recover them using various common law theories, but have uniformly failed in recovering anything for these losses. In this paper, prepared for a symposium on Data Security and Data Privacy in the Payment System, I will discuss the cases in which consumers have been denied recovery for losses arising out of data breaches, and then focus on one argument made by the plaintiffs in the Hannaford case, the argument that, under Article 2 of the Uniform Commercial Code (U.C.C.), every time a retailer accepts a payment card from a buyer, it warrants that its payment system is secure.

While a warranty of data security might be a good idea, Article 2, because of its limitation to the sale of goods, is not the best place for it. Instead, courts could impose a common law warranty of data security, under which all sellers would warrant that their chosen payment system is secure. Below, I will make some arguments supporting a non-waivable common-law warranty of data security that is drawn both from the Article 2 warranties and the warranties in Articles 3 and 4 of the U.C.C., which apply to negotiable instruments and the check collection system. I will then compare the problem of ensuring safe data transactions today to the problem of ensuring the habitability of rental housing in the mid-20th century, which judges addressed by imposing an implied warranty of habitability in leases for residential real property. The story of that warranty can add to the debate about how best to ensure the safety of personal data.

Number of Pages in PDF File: 23

Keywords: payment systems, c redit cards, debit cards, data breaches, identity theft, warranties

Accepted Paper Series


Download This Paper

Date posted: November 18, 2010 ; Last revised: February 1, 2014

Suggested Citation

Moringiello, Juliet M., Warranting Data Security (November 17, 2010). Brooklyn Journal of Corporate, Financial & Commercial Law, Vol. 5, 2010; Widener Law School Legal Studies Research Paper No. 10-36. Available at SSRN: http://ssrn.com/abstract=1710761

Contact Information

Juliet M. Moringiello (Contact Author)
Widener University - School of Law ( email )
3800 Vartan Way
P.O. Box 69382
Harrisburg, PA 17106
United States
Feedback to SSRN


Paper statistics
Abstract Views: 776
Downloads: 81
Download Rank: 179,927
Footnotes:  182

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo5 in 0.360 seconds