U.S. appeals court split over whether victims can claim for ‘fear of damage’ from data breaches
court action

U.S. appeals court split over whether victims can claim for ‘fear of damage’ from data breaches

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Although this story is from the U.S., we keep a close eye on American data protection affairs as our laws can be similar, and cases and challenges can reflect on how we may see the law here.

In this big news story from the States, a recent federal appeals court in the U.S. have said that claimants can sue defendants who breach their data protection obligations for ‘fear of damage’, even if no actual damage has occurred. This can make sense, as the damage could be done at any point in the future; but this decision moves away from one Supreme Court case that said claimants needed to prove a risk of “imminent” and “concrete” injury to bring a claim.

The course of the case

The appeals court in this case heard how an intruder managed to access CareFirst Inc.’s computers and databases that contained customers’ personal information. The District Court – as the court of first instance – dismissed the case with the view that claimants couldn’t prove real injury “nor a high enough likelihood of future injury.”

However, the appeals court reinstated the case, noting that the district court failed to consider the risk of harm through fear.

The panel of three judges also noted the impact breaches involving medical data theft can have on the victim’s health and life through inaccurate data belonging to one being merged with another on the same file. Without accurate records, patients may “receive improper medical care, have their insurance depleted, become ineligible for health or life insurance or become disqualified for some jobs.”

Recognising substantial risks of identity theft

In passing this judgment, the appeals court also recognised that it’s not just stolen social security numbers that can put individuals at risk. Whilst the social security number is often deemed the most important identifying data for an individual, medical and other personal records can prove a “substantial risk of identity fraud”.

Other personal data can be misused and lead to psychological harm, loss of earnings and even direct financial loss.

Verdict is out there…

However, not all courts are unanimous in this viewpoint.

A second U.S. Circuit Court of Appeal in New York dismissed one claim because she could not prove a “cognizable injury” after her credit card information was exposed during a data breach. Similar courts are reportedly of the view that data protection claims must prove that some “real” injury occurred.

Initially, a lower judge followed the first position of dismissing claims for ‘fear of future fraud and identity theft’. The case was later reinstated on the basis that ‘fear of what hackers may do with exposed personal data’ is a legitimate cause for a claim.

Right to be concerned for future harm

Chief Judge Diane Wood believes data victims have a right to be scared of potential harm:

“…why else would hacker[s] break into a store’s database and steal consumer’ private information?”

In the U.K., Data Protection laws are still developing. Individuals whose data protection rights are breached can be eligible to recover compensation from a breaching party, but the position on whether concrete evidence in terms of harm is always required remains uncertain. U.K. laws recognise that individuals can suffer great harm – usually psychologically – when a serious data breach has occurred, but claimants being able to sue for simply having their personal data exposed could mean thousands of claims against companies and organisations whose databases are hacked.

In English law, you normally have to have suffered a loss in order to be able to quantify a claim, but the cases for compensation are yet to yield any solid guidance for more widespread use.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon