Feeds

Appeals court absolves firm that exposed man's SSN

No harm, no foul

The essential guide to IT transformation

A man whose social security number and other personal data were exposed by a company that processed his job application has no legal claims because no actual damage resulted from the privacy breach, a federal appeals court has ruled.

The decision, issued late last week by the Ninth US Circuit Court of Appeals, is likely to make life more difficult for people suing Facebook and other companies in California for not adequately protecting user information. It upheld a lower court ruling that said the mere possibility of damage and the cost of monitoring credit reports didn't count as the harm needed to bring a lawsuit under laws in the state.

The case arose from the theft of one or more laptops from Vangent, a company that processed job applications for clothing retailer The Gap. We're guessing it's the same mega breach The Gap reported in late 2007 warning that sensitive information for more than 800,000 individuals was exposed when laptops with unencrypted contents were stolen.

Applicant Joel Ruiz sued the two companies for a raft of violations, including negligence, breach of contract, unfair competition and invasion of privacy. But the federal judge hearing the case rejected each cause of action on the grounds the plaintiff failed to state actual damages that resulted from the breach.

“No one can doubt that those individuals whose private information was potentially exposed by the theft of the laptop have reason to be aggrieved and concerned,” the three-judge panel for the appeals court wrote in its decision. “However, the sole question for us is whether the district court properly analyzed the legal claims raised by Ruiz. We conclude that it did.”

The ruling largely echoes decisions by other courts, including a case against online prescription drug processor Express Scripts, which leaked highly sensitive subscriber information. Under the statutes invoked in the cases, plaintiffs were required to show actual damage arising from the breaches, rather than the speculation, however well founded, that they are more susceptible to harm, the courts have in essence ruled.

Last week's decision is evidence that appeals courts are inclined to agree with that reasoning. And according to The Technology & Marketing Law Blog that isn't likely to fare well for two separate lawsuits pending against Facebook for sharing users' personal information with advertisers despite assurances such information would never be shared without explicit permission.

“Both of these lawsuits allege that Facebook improperly disclosed the user name and other information of Facebook users who accessed content on the web,” blogger Venkat Balasubramani wrote. “Claims in both lawsuits are premised around Facebook's violation of its privacy policy. As this case makes clear, the plaintiffs in these cases are unlikely to be able to show actual damages, and their breach of contract, negligence, and unfair competition claims are likely dead on arrival.”

The virtual immunity companies have when they lose your data is worth remembering the next time one of them makes solemn promises that your data is safe with them. They may sound assuring, but when push comes to shove, they don't mean very much. Just ask Joel Ruiz. ®

5 things you didn’t know about cloud backup

More from The Register

next story
True fact: 1 in 4 Brits are now TERRORISTS
YouGov poll reveals terrible truth about the enemy within
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
NBN Co claims 96 mbps download speeds for FTTN trial
Umina trial also delivers 30 mbps uploads, but exact rig used not revealed
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?