James Westerlind and Andrew Dykens Interviewed on Data Breach Matters
On April 5, New York attorneys James Westerlind and Andrew Dykens were interviewed by Health Law Daily in response to an existing case law focusing on “whether data breach victims who have not suffered from identity theft or similar injuries have standing to bring lawsuits against the entities that maintained their personally identifiable information.”
Messrs. Westerlind and Dykens noted that most courts will say that in a data breach lawsuit, the threat of future harm is not enough to confer standing. According to Messrs. Westerlind and Dykens, “most courts have held that a named plaintiff needs to allege having been the victim of actual identity theft after the data breach.” Although Messrs. Westerlind and Dykens noted that presently, there is an even split among the federal Circuit Courts of Appeals on the issue. When asked whether or not the Supreme Court might review decisions granting or denying standing to data breach victims based on circuit splits, Messrs. Westerlind and Dykens explained that “it is likely that the Supreme Court will grant certiorari because of a widening split between the circuits regarding the extent to which standing may be based on the threat of future harm”.
Messrs. Westerlind and Dykens also addressed the issues that plaintiffs’ counsel should focus on when arguing to establish the threat of harm, and how defendants’ attorneys should respond to data breach lawsuits. “If plaintiffs’ attorneys cannot find actual plaintiffs who have suffered from actual identity theft that may have been caused by the subject of data breach, then they should determine if there is evidence that there was a sophisticated theft of information . . . . Defendant’s counsel should consider a motion to dismiss backed on a lack of Article III standing whenever plaintiffs’ complaint only alleges that the named plaintiffs have suffered the threat of future harm.”