We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

New Class of Data Security Breach Plaintiffs Possible If Maine Supreme Court Rules That Economic Harm Not Required

19 October 2009

“Do time and effort alone, spent in a reasonable effort to avert reasonably foreseeable harm, constitute a cognizable injury under Maine common law?”

That is the question a federal district judge in Maine has put to the Maine Supreme Court in the data security breach litigation involiving Hannaford Brothers.  In a ruling  dated October 5, 2009, Judge D. Brock Hornby, who earlier this year had dismissed almost all of the claims in the consolidated class action for lack of "economic loss", reversed himself and sent to the Maine Supreme Court an issue that has the potential for opening the floodgates of litigation.   Plaintiffs  so far have been unsuccessful in pursing civil actions following data security breaches where they have not suffered real economic damages.

As Judge Hornby himself observed in his decision,

 “if the Maine Law Court’s answer to the certified question on the cognizable harm issue favors the plaintiffs, the plaintiffs will have both a negligence claim and an implied contract claim.”  

Such a development could have a profound impact on the vulnerability of companies experiencing data security breaches to civil claims, something they so far largely have avoided.  Thus, added to the existing costs of a data security breach (notification costs, credit monitoring costs, regulatory investigation costs, damage to reputation costs, etc.), there may soon be "time and effort" compensation costs.  As menioned in an earlier post concerning Maine's law tp protect kids from predatory marketing, which effectively is on hold, when the State of Maine enjoyed a reputation as a bellwether for presidential elections, this expression was in common parlance:

As Maine goes, so goes the nation?

It appears that while the State of Maine no longer has much impact on presidential elections, it could well have an impact on data security breach law.

Cybersecurity in the Health Sector

The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...

02 May 2016
Loading data