How to prevail when technology fails - Flipbook - Page 41
Prepare now for a surge in cyber and data breach litigation | 41
Litigation can strike on multiple fronts
Cybersecurity and data privacy litigation
can take many forms. In some jurisdictions,
consumers affected by a data breach may
club together and bring a class or collective
action (where a group of claimants that
have been affected in the same way by an
event bring action as a group) against the
company that suffered the breach. Marriott
International, for instance, is currently
facing collective proceedings in both
the U.S. and the UK in relation to a data
breach that affected 339 million customers
worldwide between 2014 and 20183. In
October 2020, the ICO, the UK’s privacy
regulator, announced it was fining Marriott
International £18.4m for infringements of
the EU’s GDPR rules4.
The growing number of sector-specific
and generally applicable cybersecurity
regulations make this type of litigation
increasingly likely because they set out a
duty of care. This can often be the basis on
which subsequent litigation is brought.
Following a data breach, shareholders of the
affected company may also bring litigation
against the company and its directors.
In 2019, for instance, a shareholder of
commercial banking firm Capital One
Financial Corp filed a lawsuit against the
company after a data breach involving
the personal information of over 100
million customers in North America5. The
shareholder sought to recover losses from
the decline in share price that resulted from
the breach, and claimed that the company
had made misleading statements about its
data privacy protections.
Companies can also face huge fines and
damages even in the absence of a major
cybersecurity breach. For example, the
record $5bn penalty imposed on Facebook
by U.S. consumer rights regulator, the
Federal Trade Commission (FTC), was for
violating users’ privacy – not because of any
cybersecurity breach6.
3. Financial Times, Hotel group Marriott faces London lawsuit over huge data breach, August 2020
4. ICO, ICO fines Marriott International Inc £18.4 million for failing to keep customers’ personal data secure, October 2020
5. Bloomberg Law, Capital One Investor Sues Over Breach as Consumer Suits Unified, October 2019
6. FTC, FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook, July 2019