Can Data Breach Claims Survive the Economic Loss Rule?

46 Pages Posted: 7 Aug 2017  

Catherine M. Sharkey

New York University School of Law

Date Written: July 1, 2017

Abstract

Data security breach cases are fertile ground to explore the impact of the economic loss rule and to challenge the conceptual underpinnings of this judge-made doctrine. The extent to which the economic loss rule serves as a formidable barrier to credit card data security breach cases depends upon the underlying state law; in particular, whether a state adopts the majority or minority position on the rule, as well as how it defines various exceptions thereto. Upon closer examination, it becomes clear that the rule operates in a fundamentally distinct manner in the “stranger paradigm” as compared to the “contracting parties paradigm.” What makes the credit card data security breach cases so vexing is that they often straddle the stranger/contracting parties paradigms. The credit card data breach cases can be reframed in a coherent way that defers to contractual allocation of risk and responsibility but nonetheless allows tort liability to be deployed when needed to ensure the internalization of third-party costs. Seen from a broader regulatory perspective — especially taking into account state statutory provisions relating to enforcement of private industry standards in the credit card arena — the economic loss rule functions as a boundary-policing doctrine between tort and regulation as alternative mechanisms to regulate private parties. Moreover, as a more robust third-party liability insurance market emerges in response to a greater threat of tort liability, insurers will engage in further risk management, exerting more potent regulatory control.

Keywords: Data security, data breach, economic loss rule

JEL Classification: K13, K23

Suggested Citation

Sharkey, Catherine M., Can Data Breach Claims Survive the Economic Loss Rule? (July 1, 2017). DePaul Law Review, Vol. 66, No. 2, 2017. Available at SSRN: https://ssrn.com/abstract=3013642

Catherine M. Sharkey (Contact Author)

New York University School of Law ( email )

40 Washington Square South
New York, NY 10012-1099
United States
212-998-6729 (Phone)

Paper statistics

Downloads
35
Abstract Views
93