Cybersecurity, Identify Theft, and Standing Law: A Framework for Data Breaches Using Substantial Risk in a Post-Clapper World

62 Pages Posted: 26 Mar 2017  

James C. Chou

American University, Washington College of Law, Students

Date Written: December 15, 2016

Abstract

Since Clapper v. Amnesty International USA,9 many courts have shut the door on victims alleging a heightened risk of injury, particularly when the injury is identity theft, because Clapper does not permit standing based on a heightened risk of injury alone.10 But recently, the Seventh Circuit disagreed with that view when deciding Remijas v. Neiman Marcus Group,11 a case involving a breach of Neiman Marcus’ systems, holding that Clapper neither altered standing law nor did it foreclose all heightened risk injuries.12 This Article agrees and argues that Clapper did not alter the Article III standing requirements; it merely reemphasized the Court’s demand for a heightened scrutiny for constitutional challenges to government activity. Consequently, the Seventh Circuit correctly applied standing law in Remijas under a “substantial” risk theory. Part I will discuss large scale data breaches and its relationship with identity theft, Clapper, and Article III standing on imminent injuries. Part II argues that the minimum constitutional threshold should allow standing under a heightened-risk-of-identity-theft (HRIT) using a “substantial” or “reasonable” risk threshold. Part III applies Part II to data-breach cases, specifically, and suggests several factors the courts could consider when determining whether a victim faces a sufficiently imminent injury for Article III standing. Part III also demonstrates that the Seventh Circuit used similar factors in Remijas. I then conclude.

Keywords: clapper, cybersecurity, national security, identity theft, data breaches, substantial risk analysis

JEL Classification: K1, K19

Suggested Citation

Chou, James C., Cybersecurity, Identify Theft, and Standing Law: A Framework for Data Breaches Using Substantial Risk in a Post-Clapper World (December 15, 2016). National Security Law Brief, Vol. 7, No. 1, 2016. Available at SSRN: https://ssrn.com/abstract=2938692

James C. Chou (Contact Author)

American University, Washington College of Law, Students

Washington, DC
United States

Paper statistics

Downloads
59
Rank
303,713
Abstract Views
216