D.C. Circuit Hears Arguments in Data Breach Case

A federal appeals court in Washington, D.C. heard arguments today in a major data breach suit. The faulty security practices of Carefirst, a health insurer, allowed hackers to obtain the personal information of more than 1,100,000 customers. But a lower court dismissed the case because the judge believed that consumers must suffer actual identity theft before before filing a lawsuit. EPIC's amicus brief explained that the judge misunderstood the law and confused the harm consumers eventually suffer with the failure of companies to uphold obligations to safeguard the data they choose to collect. The appellate judges today voiced similar doubts about the lower court's decision, suggesting that consumers don't have to wait until their identity is stolen to bring a lawsuit. One judge compared the case to a person putting down her driver's license to rent a Segway, only to have it stolen from the rental company. EPIC regularly files briefs defending the privacy rights of consumers.

« EPIC To Senate Intelligence - "Public Has Right to Know About Russia Ties" | Main | Following Congress, EPIC Seeks Public Release of DHS Records on Russian Interference »

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

Universal Guidelines for AI

UGAI image

EPIC is gathering support for the Universal Guidelines for Artificial Intelligence, which aim to inform and improve the design and use of AI.