Poised on the Precipice: A Critical Examination of Privacy Litigation
73 Pages Posted: 11 Feb 2009 Last revised: 1 Feb 2014
Date Written: February 10, 2009
A collection of factors has caused the United States to be poised on the precipice of a new wave of litigation - litigation arising from the improper use or collection of information. Public concern over privacy is ever increasing while, and some would say because, information has become critical to our everyday existence. In what is now a self-reinforcing cycle, increased public concern has caused an exponential increase in regulations, and the new regulations have caused increased attention and public concern because many of the new laws require public disclosure of security breaches, which increases societal concerns over privacy.
Security breach laws, the laws that mandate public disclosure of data incidents, provide the best example of the increase in regulation - Just a few short years ago California passed the first security breach law. Now, 43 other states, the City of New York, Washington, D.C., and Puerto Rico, have adopted laws and many other countries have either adopted, or are likely to adopt, security breach laws as well. Restrictions on the collection and use of Social Security number laws provide another such example as now more than 35 states have adopted these type of laws.
Whether the increasing public concern over privacy is caused by, or reflected in, the new privacy laws, the phenomenal expansion in the number of privacy laws will have a predictable effect - a geometric increase in the number of privacy laws will result in an equally geometric increase in the number of violations of privacy laws. As violations increase there is an equally predictable consequence - increased incentives for individuals to attempt to enforce these new rights.
One of the first challenges in privacy litigation is to define what "privacy" litigation actually is. While consumer-based privacy litigation gains much of the attention, to focus exclusively on consumer-oriented privacy litigation misses half the picture. The increase in value of information has increased the number of businesses that are bringing litigation to protect their intellectual capital and their networks. Though these claims are not thought of as "privacy" litigation in the traditional sense, these claims are no less about the improper use of information than actions brought by individuals. This litigation is frequently brought under the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, CAN-SPAM, the unfair competition law, including portions of the Lanham Act.
In the privacy realm, the Federal Trade Commission ("FTC") serves as the primary federal privacy enforcer. However, the FTC does not have unlimited resources, privacy is not its only responsibility, and the actual number of enforcement actions is not as high as one might guess. As a result, state attorney generals have an important role to play in privacy enforcement. However, with limited exceptions, state attorney generals have not brought a significant number of privacy matters. As a result, enforcement in many cases falls to private plaintiffs, and they play a role in enforcing privacy laws where violations are alleged to have occurred.
However, the road to plaintiffs' recovery in privacy litigation is littered with a number of issues that can derail a case before it truly starts, not the least of which is that plaintiffs in many cases cannot prove actual damage, and may actually lack standing to bring an action. Moreover, even if the case clears this hurdle, many class actions fail the certification requirements because of issues unique to privacy litigation.
This article examines the common theories of privacy litigation, the issues faced by plaintiffs, and examines class action issues generally, as well as some class issues that are unique to privacy litigation. While privacy cases have had mixed success, the increased importance of information, coupled with increased public attention, and the ever-increasing number of privacy laws guarantees that we will be stepping off of the precipice and into privacy litigation.
Keywords: privacy, litigation, torts, computer law, intellectual property law
JEL Classification: K1, K2, K41, M3, O34
Suggested Citation: Suggested Citation