The Legal Examiner Affiliate Network The Legal Examiner The Legal Examiner The Legal Examiner search feed instagram google-plus avvo phone envelope checkmark mail-reply spinner error close
Skip to main content
| Paulson & Nace

It seems in today’s age of digital information data breaches are becoming an everyday occurrence. Whether the breaches are involved in political scandals or simply identity theft rackets, the consequences can be devastating. Today, news has surfaced that millions of more Americans might have been unsuspecting victims of a massive data breach from hackers who invaded Equifax.

One of the main concerns with data breaches is the uncertainty of what information was taken, who has it, and what are they going to do with it. Victims of such data breaches are not without recourse.  Internet Privacy Policies are generally entered into between consumers of a product and their manufacturers of such products.  Such Policies place an affirmative duty upon the manufacturer to safeguard personal identifiable information through secured means, such as data encryption.  Additionally, specific to the District of Columbia, the DC Data Breach Notification Statute identifies “personal information” as “An individual’s first name or first initial and last name, or phone number, or address, and any one or more of the following data elements: (ii)  Any other number or code or combination of numbers or codes, such as account number, security code, access code, or password, that allows access to or use of an individual’s financial or credit account.”  D.C. Code § 28-3851(3).

Recently, Paulson & Nace prevailed in the United States Court of Appeals for the District of Columbia in the matter of Attias v. CareFirst, Inc. 865 F.3d 620(2017) in arguing that the sheer theft of one’s personal identifiable information, such as social security numbers, gives rise to a claim to be brought against the institution that was obligated to safeguard such information. The Court specifically stated that “Article III standing does not require that the defendant be the most immediate cause, or even a proximate cause, of the plaintiffs’ injuries; it requires only that those injuries b ‘fairly traceable’ to the defendant…we have little difficulty concluding that their injury in fact is fairly traceable to CareFirst.” This opinion has helped keep the door open to consumers who have fallen victim to such data breaches through no fault of their own, and it should hopefully allow for recourse for those injured by this most recent data breach.

Comments are closed.