Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Cybersecurity & Data Breaches

New Class of Data Security Breach Plaintiffs Possible If Maine Supreme Court Rules That Economic Harm Not Required

“Do time and effort alone, spent in a reasonable effort to avert reasonably foreseeable harm, constitute a cognizable injury under Maine common law?”

That is the question a federal district judge in Maine has put to the Maine Supreme Court in the data security breach litigation involiving Hannaford Brothers.  In a ruling  dated October 5, 2009, Judge D. Brock Hornby, who earlier this year had dismissed almost all of the claims in the consolidated class action for lack of "economic loss", reversed himself and sent to the Maine Supreme Court an issue that has the potential for opening the floodgates of litigation.   Plaintiffs  so far have been unsuccessful in pursing civil actions following data security breaches where they have not suffered real economic damages.

As Judge Hornby himself observed in his decision,

 “if the Maine Law Court’s answer to the certified question on the cognizable harm issue favors the plaintiffs, the plaintiffs will have both a negligence claim and an implied contract claim.”  

Such a development could have a profound impact on the vulnerability of companies experiencing data security breaches to civil claims, something they so far largely have avoided.  Thus, added to the existing costs of a data security breach (notification costs, credit monitoring costs, regulatory investigation costs, damage to reputation costs, etc.), there may soon be "time and effort" compensation costs.  As menioned in an earlier post concerning Maine’s law tp protect kids from predatory marketing, which effectively is on hold, when the State of Maine enjoyed a reputation as a bellwether for presidential elections, this expression was in common parlance:

As Maine goes, so goes the nation?

It appears that while the State of Maine no longer has much impact on presidential elections, it could well have an impact on data security breach law.