“Plaintiffs’ attorneys are engineering a staggering expansion of liability in the areas of privacy and data security,” according to a new report from the Institute for Legal Reform. “Class action lawyers are pursuing data privacy cases and amassing fortunes even where no one has been harmed.”

The report, “Engineered Liability: The Plaintiffs' Bar's Campaign to Expand Data Privacy and Security Litigation,” looks at big privacy court cases and settlements, trends in the trial bar’s targets, and the tactics employed by major law firms who manufacture and pursue such suits.

Sometimes the claims are based on privacy policies and statements that have nothing to do with the contracts or terms of use with customers (e.g., Dolmage v. Combined Ins. Co. of Am). Other cases revolve around the breach of “implied contract,” such as in the Sony hack. Employees sued the company for breaching its “implied duty of good faith” that their personal data was only for use for compensation and benefits. While not so successful yet, some plaintiffs have brought suit against companies’ officers and boards of directors for “breached their fiduciary duties” or committing “corporate waste” but failing to protect their organizations’ data security (e.g., Wyndham hotels). /article/ftc-settles-wyndham-data-breach-case

Marketing research and analytics companies need to protect themselves against this growing litigation risk, such as by reviewing some best practices and guidance on privacy and data security, adopting the ISO 27001 Information Security standard, lining up some professional liability insurance, and getting help with customized cybersecurity solutions (programs only available for Insights Association members).

Meanwhile, the Insights Association will continue to lobby for (1) a national data security law to harmonize the myriad of conflicting state laws, /legal-article/state-data-security-breach-notification-laws (2) privacy regulations that provide the best environment for research and analytics, (3) the minimization of restrictions on cross-border digital trade, and (4) legislation to reduce the general threat of class action litigation.