Welcome to the blog for the Data Privacy and Breach practice group of Copeland, Stair, Kingma & Lovell! Our experienced attorneys handle data breach responses, coverage issues, and risk management consulting for companies of all sizes.
In our first installment of the blog, we are reporting on legal developments arising out of a massive data breach involving health insurer Anthem. Multiple lawsuits were filed alleging putative class action claims against Anthem. The multi-district litigation was consolidated and transferred to the Northern District of California. On Sunday evening, Judge Lucy Koh entered an order dismissing several claims brought under various state and federal laws, including common-law negligence claims. Notably, Judge Koh ruled that Indiana does not recognize a private right of action for negligence arising in a data breach situation. In addition, Judge Koh conditionally dismissed a claim based on Georgia’s Insurance Information and Privacy Protection Act (O.C.G.A. §33-39-14) with leave to replead the claim.
The order is significant because it continues the trend of rejecting attempts to turn data breaches into damages claims. While data privacy and protection is a heavily regulated part of doing business, most claimants have not been able to develop theories of liability that enable them to collect tort damages in breach cases.