Privacy litigation is a common issue for companies, and there are a number of companies that face class actions as a result of an alleged data breach.  While certain privacy claims give rise to statutory damages, the vast majority of these cases rely upon the allegation that the plaintiffs were “harmed” by a data breach.  Typically these allegations are difficult for plaintiffs to prove.

The Lares Institute has just concluded a study regarding data breaches and the extent of damages that result, or fail to result, from data breaches.

How Common Are Breaches?

Overall, 70% of those surveyed had received a notice of security breach in the last 12 months.  Of those who had received notice, 94% received between one and five, 2.7% received between six and ten, 2.7 percent received between eleven and thirty, and less than 1% responded that they received more than fifty.  According to Executive Director Andrew Serwin, “This data shows that security breaches are common, and do occur with some regularity.”

What Form of Damages Result from the Breaches?

The key finding of this study is that despite the number of people who received notice of a security breach, 97% said they had not suffered any unreimbursed losses traceable to a security breach, 2% believed they suffered losses that were not traceable to a specific security breach, and 1% believed they suffered losses that were traceable to a specific security breach.  When respondents were asked to explain how they were able to trace the losses to a specific security breach, most were unable to provide a factual basis for their conclusion, as the information related misuse of data, and not to a specific data breach.

According to Serwin, “This data demonstrates that while there can be unreimbursed harms in specific cases, courts are accurately assessing the risks to consumers, particularly in the class action context, when they conclude that in the vast majority of cases plaintiffs cannot sufficiently allege damage to state a claim.”

This study was based upon random sample of 474 individuals in the United States who received an online survey.  The Lares Institute received 420 responses at a 88.6 percent response rate.  The margin of error of this survey is 5%.  The error for subgroups is higher.

A link to the whitepaper can be found here.