From: National Law Review
Article By Christian M. Auty, Much Shelist, P.C
In November 2015, the Supreme Court heard oral arguments in Spokeo, Inc. v. Robins. The Court’s opinion in this matter may decide the question of when a victim (or suspected victim) of data breach may sue a company for losing data. Health care companies and service providers — given their unique position at the intersection of health and consumer information technology and regulation — will need to pay especially close attention to this ruling. This is particularly true for owners and operators of skilled nursing facilities, whose residents present a particularly attractive target of data hackers.
Even in the typical retail context, determining whether a victim or suspected victim has the right to sue a company for losing data is not as straightforward as it may seem. To sue in any court, a plaintiff must have “standing” — that is, a plaintiff must have suffered an injury-in-fact, there must be a causal connection between the injury and the defendant’s conduct, and there must be a likelihood that the injury will be redressed by a favorable decision (Lujan v. Defenders of Wildlife, 504 U.S. 555, 560 (1992)).
Leave a Reply