Data loss has been a hot topic lately. When Epsilon lost the email addresses of millions to hackers, everyone was up in arms and awaiting an onslaught of lawsuits. But Epsilon did not provide services to the consumers victimized by this loss and the only basis for a lawsuit may be a claim asserted by consumers against those very prominent companies who entrusted their data to Epsilon.
At Traverse Internet Law we noted a decision handed down last week in Federal Court in California. The case is linked here: Claridge v. Rockyou, Inc. Note the real problem with proving actual damages in these types of cases. How did losing your data really cost you money? Mere allegations of speculative harm that might arise in the future is likely inadequate to sufficiently allege an injury in fact. Here the Court states its reservations about the injury being adequate but defers his judgment on the issue because of the evolving and unsettled nature of the law on this point.
Traverse Internet Law suggests that in any data loss case the best allegation of damages might be elements laying out an actual or imminently anticipated need to purchase fraud and id theft prevention or detection services from a credit bureau. Given the speculation surrounding what damages are really incurred in data loss cases, such a quantifiable cost with a seemingly reasonable motivation (to curtail phishing expeditions) seems to make the most sense for meeting the damages element threshold.
Tell us what you think. And is there any hope of Epsilon being held accountable for the data loss from consumers? Surely retailers of all sorts are going to look to Epsilon for compensation. Can consumers victimized do likewise?