By Andrew C. Glass, David D. Christensen and Matthew N. Lowe
With the ever-increasing amount of personal information stored online, it is unsurprising that data breach litigation has become increasingly common. A critical issue in nearly all data breach litigation is whether a plaintiff has standing to pursue claims—especially where there is no evidence of actual fraud or identity theft resulting from the purported data breach. The plaintiffs’ bar has pursued a litany of legal theories in the attempt to clear the standing hurdle, including the recent theory of “overpayment” (a/k/a “benefit of the bargain” theory). Under this theory, the plaintiff alleges that the price for the purchased product or service—whether sneakers, restaurant meals, or health insurance—included some indeterminate amount allocated to data security. Depending on how the theory is framed, the purported “injury” is either that the plaintiff “overpaid” for the product or service, or that the plaintiff did not receive the “benefit of the bargain,” because the defendant did not appropriately use the indeterminate amount to provide adequate data security. Despite plaintiffs’ attempts to establish standing through this novel theory, courts have limited its applicability in a variety of ways discussed in this alert.
To read the full alert, click here.