Feeds

Appeals court absolves firm that exposed man's SSN

No harm, no foul

Internet Security Threat Report 2014

A man whose social security number and other personal data were exposed by a company that processed his job application has no legal claims because no actual damage resulted from the privacy breach, a federal appeals court has ruled.

The decision, issued late last week by the Ninth US Circuit Court of Appeals, is likely to make life more difficult for people suing Facebook and other companies in California for not adequately protecting user information. It upheld a lower court ruling that said the mere possibility of damage and the cost of monitoring credit reports didn't count as the harm needed to bring a lawsuit under laws in the state.

The case arose from the theft of one or more laptops from Vangent, a company that processed job applications for clothing retailer The Gap. We're guessing it's the same mega breach The Gap reported in late 2007 warning that sensitive information for more than 800,000 individuals was exposed when laptops with unencrypted contents were stolen.

Applicant Joel Ruiz sued the two companies for a raft of violations, including negligence, breach of contract, unfair competition and invasion of privacy. But the federal judge hearing the case rejected each cause of action on the grounds the plaintiff failed to state actual damages that resulted from the breach.

“No one can doubt that those individuals whose private information was potentially exposed by the theft of the laptop have reason to be aggrieved and concerned,” the three-judge panel for the appeals court wrote in its decision. “However, the sole question for us is whether the district court properly analyzed the legal claims raised by Ruiz. We conclude that it did.”

The ruling largely echoes decisions by other courts, including a case against online prescription drug processor Express Scripts, which leaked highly sensitive subscriber information. Under the statutes invoked in the cases, plaintiffs were required to show actual damage arising from the breaches, rather than the speculation, however well founded, that they are more susceptible to harm, the courts have in essence ruled.

Last week's decision is evidence that appeals courts are inclined to agree with that reasoning. And according to The Technology & Marketing Law Blog that isn't likely to fare well for two separate lawsuits pending against Facebook for sharing users' personal information with advertisers despite assurances such information would never be shared without explicit permission.

“Both of these lawsuits allege that Facebook improperly disclosed the user name and other information of Facebook users who accessed content on the web,” blogger Venkat Balasubramani wrote. “Claims in both lawsuits are premised around Facebook's violation of its privacy policy. As this case makes clear, the plaintiffs in these cases are unlikely to be able to show actual damages, and their breach of contract, negligence, and unfair competition claims are likely dead on arrival.”

The virtual immunity companies have when they lose your data is worth remembering the next time one of them makes solemn promises that your data is safe with them. They may sound assuring, but when push comes to shove, they don't mean very much. Just ask Joel Ruiz. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Lawyers mobilise angry mob against Apple over alleged 2011 Macbook Pro crapness
We suffered 'random bouts of graphical distortion' - fanbois
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
Inside the EYE of the TORnado: From Navy spooks to Silk Road
It's hard enough to peel the onion, are you hard enough to eat the core?
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.