Good news for businesses: NYS courts will dismiss data breach class actions for lack of concrete harm to plaintiff
By and on Posted in Class actions, Cybersecurity, Data Privacy

Data breaches have become a serious issue for businesses, leading to numerous putative class action lawsuits alleging that the defendants failed to prevent the unauthorized disclosure of personally identifiable information or protected health information of their employees or customers.

In New York State, as in other jurisdictions, the claims generally include negligence, based on the defendants’ alleged insufficient cybersecurity measures. However, the U.S. Constitution and most state constitutions require that plaintiffs plead sufficient harm – that is, damages – for which they can seek redress through the courts. Without a showing of damages, the plaintiffs lack “standing” to sue.

A number of cybersecurity class actions have been dismissed because the plaintiffs were unable to articulate the harm that they suffered as a result of the defendants’ alleged negligence.

The U.S. Supreme Court addressed the issue of standing in several decisions, most recently in TransUnion, LLC v. Ramirez. In that 2021 case, the Court ruled that plaintiffs do not have standing if their claimed damages are not concrete and materialized. The mere risk of future harm is not enough for standing.

New York State courts considering standing in the data privacy context have reached decisions consistent with TransUnion by dismissing suits based on the plaintiffs’ failure to sufficiently allege damages. The decisions are here, here, and here.

Significantly, a New York appellate court recently addressed standing in this context and granted the defendants’ motion to dismiss. In Greco v. Syracuse ASC, a plaintiff brought a putative class action against a health care provider based on a data breach that allegedly exposed the plaintiff’s personal information to unauthorized third parties. The plaintiff did not allege any misuse of information in more than one year between the alleged breach and the issuance of the trial court’s decision. In dismissing the lawsuit, the court explained that hypothetical future harm was not enough for standing.

Data breach case law is evolving state by state, and the Constangy cybersecurity litigation team is available to represent businesses defending these class actions.

The Constangy Cyber Team regularly counsels businesses of all sizes and industries on how to comply with the growing number of data privacy laws and regulations. If you would like additional information on how to prepare your organization, please contact us at cyber@constangy.com.

TAGS: Class Actions, Cyber Incident Response, Cyber Insurance Claims, Cyber Team, CyberMonday, Cybersecurity, Data Breach, Data Privacy, Data Security, New York, Personal Data, TransUnion
Facebook Twitter/X Linkedin Email
  • Serious-looking man with short dark hair and beard wearing a light gray suit and dark tie, standing with arms crossed against a transparent background. His formal attire and posture suggest a professional or executive portrait.
    Christopher R. Deubert
    Senior Counsel

    He represents and advises businesses on a broad range of labor and employment matters, including discrimination complaints, wage and hour claims, class actions, employment agreements, restrictive covenants, data privacy ...

    More from Christopher: Full Bio | Contact Author | LinkedIn | Blog Posts
  • Allen Sattler, Constangy Cyber Team Vice Chair, smiling man in a dark navy suit with a white shirt and deep purple tie, posed against a transparent background. He has neatly styled dark hair and a short beard, projecting a professional and approachable de
    Allen Sattler
    Partner
    315.430.4888 |

    Allen leads the Constangy Cyber Team’s cybersecurity litigation services. Allen defends companies that face class action lawsuits resulting from data security incidents, and he defends companies against lawsuits concerning ...

    More from Allen: Full Bio | Contact Author | Blog Posts

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 

Search

Get Updates By Email

Subscribe

Archives

Jump to Page

Constangy, Brooks, Smith & Prophete, LLP Cookie Preference Center

Your Privacy

When using this website, Constangy and certain third parties may collect and use cookies or similar technologies to enhance your experience. These technologies may collect information about your device, activity on our website, and preferences. Some cookies are essential to site functionality, while others help us analyze performance and usage trends to improve our content and features.

Please note that if you return to this website from a different browser or device, you may need to reselect your cookie preferences.

For more information about our privacy practices, including your rights and choices, please see our Privacy Policy. 

Strictly Necessary Cookies

Always Active

Strictly Necessary Cookies are essential for the website to function, and cannot be turned off. We use this type of cookie for purposes such as security, network management, and accessibility. You can set your browser to block or alert you about these cookies, but if you do so, some parts of the site will not work. 

Functionality Cookies

Always Active

Functionality Cookies are used to enhance the functionality and personalization of this website. These cookies support features like embedded content (such as video or audio), keyword search highlighting, and remembering your preferences across pages—for example, your cookie choices or form inputs during submission.

Some of these cookies are managed by third-party service providers whose features are embedded on our site. These cookies do not store personal information and are necessary for certain site features to work properly.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek