The Effects of Data Breach Litigation

"Empirical Analysis of Data Breach Litigation," Sasha Romanosky, David Hoffman, and Alessandro Acquisti:

Abstract: In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits from 2000 to 2010. We use binary outcome regressions to investigate two research questions: Which data breaches are being litigated in federal court? Which data breach lawsuits are settling? Our results suggest that the odds of a firm being sued in federal court are 3.5 times greater when individuals suffer financial harm, but over 6 times lower when the firm provides free credit monitoring following the breach. We also find that defendants settle 30% more often when plaintiffs allege financial loss from a data breach, or when faced with a certified class action suit. While the compromise of financial information appears to lead to more federal litigation, it does not seem to increase a plaintiff's chance of a settlement. Instead, compromise of medical information is more strongly correlated with settlement.

The full paper is available by using the one-click download button.

Posted on March 27, 2012 at 6:46 AM • 2 Comments

Comments

rmdMarch 27, 2012 7:02 AM

"We also find that defendants settle 30% more often when plaintiffs allege financial loss from a data breach, or when faced with a certified class action suit."

Presumably AT&T Mobility v. Concepcion will put an end to that practice.

privanonymousMarch 27, 2012 3:02 PM

rmd,

AT&T Mobility v Concepcion

http://privatopia.blogspot.com/2011/04/supreme-court-arbitration-ruling-courts.html

and the more recent

Compucredit Corp. v Greenwood

http://privatopia.blogspot.com/2012/01/credit-card-arbitration-trumps-lawsuits.html

are both nails in the coffin of the 7th Amendment.

The ironic irony is that those who claim to adhere to the "original meaning" of the Constitution celebrated these rulings which deny a right to a civil trial "where the value in controversy shall exceed twenty dollars."

Their "tort-reform" agenda -- making it harder for individuals to sue corporations, but not the other way around -- trumps their reverence for the Constitution.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..