拒绝访问:数据泄露诉讼,第三条立场,以及拟议的法定解决方案

IF 0.2 4区 社会学 Q4 LAW Columbia Journal of Law and Social Problems Pub Date : 2017-07-03 DOI:10.2139/SSRN.2996533
Patrick J. Lorio
{"title":"拒绝访问:数据泄露诉讼,第三条立场,以及拟议的法定解决方案","authors":"Patrick J. Lorio","doi":"10.2139/SSRN.2996533","DOIUrl":null,"url":null,"abstract":"I. DATA BREACHES: AN OVERVIEWOn September 22, 2016, technology company Yahoo! announced that a third party had wrongfully gained access to at least 500 million Yahoo! user accounts, the largest data breach1 in history.2 Hackers stole individuals' names, telephone numbers, email addresses, dates of birth, passwords, and security questions and answers.3 Because individuals often use the same email address, password, and security questions for multiple Internet accounts, the third party hacker could potentially gain access to additional private accounts, including financial accounts, of 500 million individuals.4More recently, Equifax - a major credit-reporting firm - announced that hackers accessed the personal information of more than 140 million U.S. customers.5 The obtained information includes individuals' names, addresses, Social Security numbers, and driver's license numbers.6 The hackers could use this extensive information to open new financial accounts in individuals' names, make fraudulent charges on their credit cards, and commit tax fraud.7 Due to the scope of the breach, the affected individuals will have to monitor their credit and personal accounts for the rest of their lives because hackers can use the stolen in formation for many years going forward to commit fraud, including \"creating a new you.\"8The data breaches of Yahoo! and Equifax are two of the largest known data breaches and are part of a trend in recent years in which the size and scope of data breaches of major corporations have steadily increased.9 This trend is expected to continue as hackers become increasingly sophisticated and more personal information is stored digitally.10 Federal courts' interpretations of Article III standing requirements, however, frequently result in unjust outcomes for data breach victims.11 In everyday life, individuals provide businesses and other entities with their personal information. Indeed, it is inconceivable that individuals could successfully function in the modern world without sharing such information. Yet when the information falls into the hands of hackers, individuals may suffer identity theft, fraudulent credit card charges, and other consequences. Individuals whose private information is accessed therefore reasonably expend considerable time, energy, and money protecting their identity and financial accounts by purchasing credit-monitoring services, monitoring their accounts for fraudulent charges, disputing any fraud that occurs, and paying fees associated with credit freezes.In order to recover the costs incurred following a data breach, data breach victims frequently attempt to sue the companies that failed to adequately protect their information from hackers.12 Some federal courts, however, have found that data breach victims cannot satisfy Article III standing requirements. As a result, courts dismiss lawsuits against the organizations that allowed victims' information to be accessed due to insufficient data security safeguards. While this outcome may be justified legally under current Article III jurisprudence, many victims of data breaches cannot recover the costs they incur in response to a data breach.This Note attempts to propose a solution to the immediate dilemma faced by many victims of data breaches - that they cannot even get their day in court. First, I briefly review the constitutional law doctrine of Article III standing, focusing primarily on the injury-in-fact requirement.13 I then turn to a survey of the different approaches to Article III standing in data breach cases as applied in various federal jurisdictions and look at the impact of the recent U.S. Supreme Court decision in Spokeo v. Robbins on data breach litigation going forward.14 I conclude with a proposed solution to the Article III hurdles faced by data breach plaintiffs by arguing that Congress should pass a comprehensive law regulating data breaches that would afford victims statutory standing to pursue their claims against companies that fail to adequately protect their information. …","PeriodicalId":43291,"journal":{"name":"Columbia Journal of Law and Social Problems","volume":"51 1","pages":"79"},"PeriodicalIF":0.2000,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Access Denied: Data Breach Litigation, Article III Standing, and a Proposed Statutory Solution\",\"authors\":\"Patrick J. Lorio\",\"doi\":\"10.2139/SSRN.2996533\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"I. DATA BREACHES: AN OVERVIEWOn September 22, 2016, technology company Yahoo! announced that a third party had wrongfully gained access to at least 500 million Yahoo! user accounts, the largest data breach1 in history.2 Hackers stole individuals' names, telephone numbers, email addresses, dates of birth, passwords, and security questions and answers.3 Because individuals often use the same email address, password, and security questions for multiple Internet accounts, the third party hacker could potentially gain access to additional private accounts, including financial accounts, of 500 million individuals.4More recently, Equifax - a major credit-reporting firm - announced that hackers accessed the personal information of more than 140 million U.S. customers.5 The obtained information includes individuals' names, addresses, Social Security numbers, and driver's license numbers.6 The hackers could use this extensive information to open new financial accounts in individuals' names, make fraudulent charges on their credit cards, and commit tax fraud.7 Due to the scope of the breach, the affected individuals will have to monitor their credit and personal accounts for the rest of their lives because hackers can use the stolen in formation for many years going forward to commit fraud, including \\\"creating a new you.\\\"8The data breaches of Yahoo! and Equifax are two of the largest known data breaches and are part of a trend in recent years in which the size and scope of data breaches of major corporations have steadily increased.9 This trend is expected to continue as hackers become increasingly sophisticated and more personal information is stored digitally.10 Federal courts' interpretations of Article III standing requirements, however, frequently result in unjust outcomes for data breach victims.11 In everyday life, individuals provide businesses and other entities with their personal information. Indeed, it is inconceivable that individuals could successfully function in the modern world without sharing such information. Yet when the information falls into the hands of hackers, individuals may suffer identity theft, fraudulent credit card charges, and other consequences. Individuals whose private information is accessed therefore reasonably expend considerable time, energy, and money protecting their identity and financial accounts by purchasing credit-monitoring services, monitoring their accounts for fraudulent charges, disputing any fraud that occurs, and paying fees associated with credit freezes.In order to recover the costs incurred following a data breach, data breach victims frequently attempt to sue the companies that failed to adequately protect their information from hackers.12 Some federal courts, however, have found that data breach victims cannot satisfy Article III standing requirements. As a result, courts dismiss lawsuits against the organizations that allowed victims' information to be accessed due to insufficient data security safeguards. While this outcome may be justified legally under current Article III jurisprudence, many victims of data breaches cannot recover the costs they incur in response to a data breach.This Note attempts to propose a solution to the immediate dilemma faced by many victims of data breaches - that they cannot even get their day in court. First, I briefly review the constitutional law doctrine of Article III standing, focusing primarily on the injury-in-fact requirement.13 I then turn to a survey of the different approaches to Article III standing in data breach cases as applied in various federal jurisdictions and look at the impact of the recent U.S. Supreme Court decision in Spokeo v. Robbins on data breach litigation going forward.14 I conclude with a proposed solution to the Article III hurdles faced by data breach plaintiffs by arguing that Congress should pass a comprehensive law regulating data breaches that would afford victims statutory standing to pursue their claims against companies that fail to adequately protect their information. …\",\"PeriodicalId\":43291,\"journal\":{\"name\":\"Columbia Journal of Law and Social Problems\",\"volume\":\"51 1\",\"pages\":\"79\"},\"PeriodicalIF\":0.2000,\"publicationDate\":\"2017-07-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Columbia Journal of Law and Social Problems\",\"FirstCategoryId\":\"90\",\"ListUrlMain\":\"https://doi.org/10.2139/SSRN.2996533\",\"RegionNum\":4,\"RegionCategory\":\"社会学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"LAW\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Columbia Journal of Law and Social Problems","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.2139/SSRN.2996533","RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"LAW","Score":null,"Total":0}
引用次数: 4

摘要

一、数据泄露:综述2016年9月22日,科技公司雅虎!宣布第三方错误地获得了至少5亿雅虎的访问权限!用户帐户,这是历史上最大的数据泄露1。2黑客窃取了个人的姓名、电话号码、电子邮件地址、出生日期、密码以及安全问题和答案。3由于个人经常对多个互联网帐户使用相同的电子邮件地址、密码和安全问题,第三方黑客可能会访问更多的私人帐户,4最近,主要的信用报告公司Equifax宣布,黑客访问了超过1.4亿美国客户的个人信息。5获得的信息包括个人的姓名、地址、社会安全号码,和驾驶执照号码。6黑客可以利用这些广泛的信息以个人名义开立新的金融账户,在他们的信用卡上进行欺诈性收费,并实施税务欺诈。7由于漏洞的范围,受影响的个人将不得不在余生中监控他们的信用和个人账户,因为黑客可以在未来多年内使用窃取的信息进行欺诈,包括“创造一个新的你”。8雅虎的数据泄露!和Equifax是已知最大的两个数据泄露事件,也是近年来大公司数据泄露规模和范围稳步增加的趋势的一部分。9随着黑客变得越来越复杂,越来越多的个人信息被数字化存储,这一趋势预计将持续下去。10然而,联邦法院对第三条常务要求的解释,经常给数据泄露受害者带来不公正的结果。11在日常生活中,个人向企业和其他实体提供个人信息。事实上,如果不分享这些信息,个人能够在现代世界成功运作是不可想象的。然而,当信息落入黑客手中时,个人可能会遭受身份盗窃、信用卡欺诈和其他后果。因此,私人信息被访问的个人合理地花费了大量的时间、精力和金钱,通过购买信贷监控服务、监控其账户的欺诈指控、对发生的任何欺诈行为提出质疑以及支付与信贷冻结相关的费用来保护其身份和金融账户。为了收回数据泄露后产生的成本,数据泄露受害者经常试图起诉那些未能充分保护其信息不受黑客攻击的公司。12然而,一些联邦法院发现,数据泄露的受害者无法满足第三条的长期要求。因此,法院驳回了针对那些因数据安全保障措施不足而允许访问受害者信息的组织的诉讼。虽然根据目前的第三条判例,这一结果可能在法律上是合理的,但许多数据泄露的受害者无法收回他们因数据泄露而产生的费用。本说明试图为许多数据泄露受害者面临的直接困境提出一个解决方案,即他们甚至无法出庭。首先,我简要回顾了宪法关于第三条地位的原则,主要关注事实上的损害要求。罗宾斯谈未来的数据泄露诉讼14最后,我提出了一个解决数据泄露原告面临的第三条障碍的建议,认为国会应该通过一项全面的法律来监管数据泄露,让受害者有法定资格向未能充分保护其信息的公司索赔…
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Access Denied: Data Breach Litigation, Article III Standing, and a Proposed Statutory Solution
I. DATA BREACHES: AN OVERVIEWOn September 22, 2016, technology company Yahoo! announced that a third party had wrongfully gained access to at least 500 million Yahoo! user accounts, the largest data breach1 in history.2 Hackers stole individuals' names, telephone numbers, email addresses, dates of birth, passwords, and security questions and answers.3 Because individuals often use the same email address, password, and security questions for multiple Internet accounts, the third party hacker could potentially gain access to additional private accounts, including financial accounts, of 500 million individuals.4More recently, Equifax - a major credit-reporting firm - announced that hackers accessed the personal information of more than 140 million U.S. customers.5 The obtained information includes individuals' names, addresses, Social Security numbers, and driver's license numbers.6 The hackers could use this extensive information to open new financial accounts in individuals' names, make fraudulent charges on their credit cards, and commit tax fraud.7 Due to the scope of the breach, the affected individuals will have to monitor their credit and personal accounts for the rest of their lives because hackers can use the stolen in formation for many years going forward to commit fraud, including "creating a new you."8The data breaches of Yahoo! and Equifax are two of the largest known data breaches and are part of a trend in recent years in which the size and scope of data breaches of major corporations have steadily increased.9 This trend is expected to continue as hackers become increasingly sophisticated and more personal information is stored digitally.10 Federal courts' interpretations of Article III standing requirements, however, frequently result in unjust outcomes for data breach victims.11 In everyday life, individuals provide businesses and other entities with their personal information. Indeed, it is inconceivable that individuals could successfully function in the modern world without sharing such information. Yet when the information falls into the hands of hackers, individuals may suffer identity theft, fraudulent credit card charges, and other consequences. Individuals whose private information is accessed therefore reasonably expend considerable time, energy, and money protecting their identity and financial accounts by purchasing credit-monitoring services, monitoring their accounts for fraudulent charges, disputing any fraud that occurs, and paying fees associated with credit freezes.In order to recover the costs incurred following a data breach, data breach victims frequently attempt to sue the companies that failed to adequately protect their information from hackers.12 Some federal courts, however, have found that data breach victims cannot satisfy Article III standing requirements. As a result, courts dismiss lawsuits against the organizations that allowed victims' information to be accessed due to insufficient data security safeguards. While this outcome may be justified legally under current Article III jurisprudence, many victims of data breaches cannot recover the costs they incur in response to a data breach.This Note attempts to propose a solution to the immediate dilemma faced by many victims of data breaches - that they cannot even get their day in court. First, I briefly review the constitutional law doctrine of Article III standing, focusing primarily on the injury-in-fact requirement.13 I then turn to a survey of the different approaches to Article III standing in data breach cases as applied in various federal jurisdictions and look at the impact of the recent U.S. Supreme Court decision in Spokeo v. Robbins on data breach litigation going forward.14 I conclude with a proposed solution to the Article III hurdles faced by data breach plaintiffs by arguing that Congress should pass a comprehensive law regulating data breaches that would afford victims statutory standing to pursue their claims against companies that fail to adequately protect their information. …
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
0.60
自引率
0.00%
发文量
0
期刊最新文献
Access Denied: Data Breach Litigation, Article III Standing, and a Proposed Statutory Solution When Anti-Discrimination Law Discriminates: A Right to Transgender Dignity in Disability Law Charter School Jurisprudence and the Democratic Ideal Inadequate Access: Reforming Reproductive Health Care Policies for Women Incarcerated in New York State Correctional Facilities The Internet of Things and Potential Remedies in Privacy Tort Law
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1