Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Diana Reuter, left, and Brian Kint, right, with Cozen O'Connor. Diana Reuter, left, and Brian Kint, right, with Cozen O’Connor.

Courts have increasingly been called upon to examine whether organizations have a duty under the common law to protect and secure the personal data of their employees, clients and customers. Where courts have recognized that duty, they then have to determine the standard of care required to meet it. While the duty and the attendant standard of care are likely to develop slowly if left to the common law, tort theories of negligence may provide the necessary flexibility that organizations need in the data security context.

Plaintiffs may pursue tort theories of liability because the duty of data security that exits in nontort contexts generally does not provide an effective remedy for the individual whose data is exposed in a data breach. For example, certain statutory and regulatory frameworks, such as the HIPAA Security Rule and the New York Department of Financial Services’ Cybersecurity Regulation, create a duty of data security. Nevertheless, these frameworks are focused on particular industry sectors, do not apply more broadly, and generally do not include a private right of action. Similarly, the FTC and state attorneys general have defined a failure to adequately secure personal data as an unfair trade practice under consumer protection laws, but those laws often do not provide a private cause of action. Data breach notification law may cause companies to implement security measures in an attempt to avoid the costs of a breach notification. With several notable exceptions, however, those laws do not explicitly create a duty of data security. And data breach notification laws, for the most part, do not create private rights of action.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Law Firms Mentioned

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.