< Back to Previous Page
Related Practices

E-Commerce Law Week, Issue 577

October 3, 2009

Post-Breach Fear of Identity Theft Satisfies Standing Requirements, but Fails to Support Negligence and Other Claims

A federal court in Connecticut has ruled in McLoughlin v. People's United Bank, Inc., that fear of identity theft following a data breach qualifies as injury-in-fact for Article III standing, but that such fear alone cannot support claims of unfair trade practices, negligence, or breach of fiduciary duty.  Courts have split over whether fear of identity theft alone satisfies standing requirements.  But courts have been fairly consistent in holding that fear of future harm alone is insufficient to establish damages and therefore to state a tort claim or any other sort of claim commonly raised by plaintiffs in data breach cases.

ISPs Ordered to Pay $32 Million to Louis Vuitton for Contributory Trademark and Copyright Infringement

A federal jury in California has found two Internet service providers, Akanoc Solutions, Inc., and Managed Solutions Group, Inc. ("MSGI"), and their owner, Steven Chen, guilty of contributing to trademark and copyright infringement for hosting websites selling counterfeit Louis Vuitton goods, and has awarded Louis Vuitton $32 million in damages.  As we previously reported, Louis Vuitton sued Akanoc, MSGI and Chen for "knowingly allow[ing] and encourag[ing] certain websites to use" their Internet hosting services to infringe Louis Vuitton's "valid trademarks and copyrights."  Louis Vuitton successfully demonstrated that both ISPs knew of the infringing websites but failed to take "simple measures" to shut them down.

Autumn Brings Amendments to Data Breach Notification Laws

Four states have amended their existing data breach notification laws.  Montana and Texas have extended their notification requirement to the public sector.  Maine has limited the amount of time businesses can delay notification after law enforcement gives a green light.  And North Carolina now requires businesses to notify the state attorney general of breaches and to provide free security freezes to data breach victims.  The amendments are all now in effect.  Alabama, Kentucky, Mississippi, New Mexico, and South Dakota remain the only states without any breach notification requirement on the books.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.

CONTACT US | PRIVACY | TERMS OF USE | © 2012 STEPTOE & JOHNSON LLP, ALL RIGHTS RESERVED | ATTORNEY ADVERTISING | SITE BY FIRMSEEK
Beijing | Brussels | Century City | Chicago | London | Los Angeles | New York | Phoenix | Washington