June 29, 2022

Volume XII, Number 180

Advertisement
Advertisement

June 29, 2022

Subscribe to Latest Legal News and Analysis

June 28, 2022

Subscribe to Latest Legal News and Analysis

June 27, 2022

Subscribe to Latest Legal News and Analysis

Ninth Circuit District Court Finds No Standing for Alleged Lost Commercial and Proprietary Data in Privacy Litigation

Recently, a federal court in California held that the loss of stored data, without more, is insufficient to establish Article III standing to withstand a motion to dismiss.  In so doing, the court joined a number of other courts in holding that allegations of speculative harm devoid of allegations that personal information was stolen or hacked is likewise insufficient to establish an injury in fact.

In Riordan v. Western Digit. Corp., Plaintiffs brought a slew of claims against Western Digital arising out of an attack by third-party hackers on Western Digital’s legacy Internet-connected hard drives, My Book Live and My Book Live Duo (“Products”).  2022 U.S. Dist. LEXIS 101685, at *2 (N.D. Cal. June 7, 2022).  The third-party hackers performed a factory reset of Western Digital’s Products, remotely erasing all data stored on the Products.  Id.

Plaintiffs alleged two theories of injuries resulting from the breach.  Plaintiffs generally alleged that due to the attack, they lost years’ worth of sensitive, intimate, and valuable personal, commercial, and/or proprietary information, including important financial information and priceless personal items, such as personal photographs.  Id. at *2-3.  Plaintiffs did not otherwise specify the types of information that were lost.  Plaintiffs further alleged that they faced a risk of future data misuse “if [their personal data] has made its way into the hands of cyber-criminals.”  Id. at *7.

In granting Western Digital’s motion to dismiss, the court held that Plaintiff’s blanket allegation that their data was deleted and could not be recovered from the Products did not allege an injury in fact.  Id.  at *8.  The court reasoned that “[p]laintiffs failed to describe whether their data was permanently lost, and/or whether another copy of the data was stored elsewhere[,]” and “fail[ed] to describe the type of data lost, or explain why it was valuable and why its loss would cause harm.”  Id.

The court likewise held that Plaintiffs’ allegation that their data may have “made its way into the hands of cyber-criminals” was insufficient.  “Plaintiffs’ speculative allegations of harm do not establish an injury in fact.”  Id. at *9.  “Plaintiffs do not allege that through the breach, their specific personal information was stolen or that any harm resulted from the breach (i.e., through hackers).”  Id.

This case is yet another example where courts have dismissed complaints that generally allege harm based on generalized, speculative injury for lack of Article III standing.  With Riordan, federal courts continue to demonstrate their willingness to dismiss inadequately pleaded complaints in data privacy cases for lack of standing.

© Copyright 2022 Squire Patton Boggs (US) LLPNational Law Review, Volume XII, Number 173
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Shing Tse Litigation Attorney Squire Patton Boggs Law Firm
Associate

Shing Tse is an associate in our Litigation Practice, based in the Houston office. Shing has experience representing clients in a variety of complex litigation matters in state and federal courts.

713 546 3336
Kristin L. Bryan Litigation Attorney Squire Patton Boggs Cleveland, OH & New York, NY
Senior Associate

Kristin Bryan is a litigator experienced in the efficient resolution of contract, commercial and complex business disputes, including multidistrict litigation and putative class actions, in courts nationwide.

She has successfully represented Fortune 15 clients in high-stakes cases involving a wide range of subject matters.

As a natural extension of her experience litigating data privacy disputes, Kristin is also experienced in providing business-oriented privacy advice to a wide range of clients, with a particular focus on companies handling customers’ personal data. In this...

216-479-8070
Advertisement
Advertisement
Advertisement