In our never ending effort to keep you informed about the latest developments in the world of privacy data breaches and identity theft, comes the very recent news that the U.S. Court of Appeals for the 11th Circuit just ruled on a case that could impact many of us with a need to protect personal information. In the attached article written for “The Privacy Advisor,” Henry Chalmers, attorney with Arnall, Golden, Gregory, LLP in Atlanta, writes:

“A recent U. S. Court of Appeals ruling may make it easier for class-action plaintiffs to survive early motions to dismiss their data breach claims, thereby substantially expanding the costs of litigation and the risk of sizeable judgments against businesses.”

To summarize, up until now U.S. courts have generally ruled that unless the victims of a data breach can definitively show damages from identity theft or other unlawful use of the breached personal data, and that the damages resulted from the direct use of the breached data, there is no basis for a class action lawsuit to proceed. However the 11th Circuit in the Resnick v. Avmed case was much more circumspect, ruling that the plaintiffs argument that they had never experienced identity theft prior to the breach and they had to take “substantial precautions” to protect their personal information, and in fact had some instance of ID theft after the breach gave “sufficient nexus to state a viable claim.” Big difference!

The point here is, if this 11th Circuit Court ruling catches on, the likelihood of class action litigation and the cost to fight that litigation in a data breach circumstance just went up dramatically. So as if you didn’t have enough reason to do everything possible to prevent a breach of Personally Identifiable Information (PII) or Protected Health Information (PHI), you have all the more reason now.

The full article can be read here: Recent Ruling Could Prove Costly for Hacked Businesses