[FDE] Privacy Act's "actual damages" clause DOES NOT require actual monetary damages
In the recent American Federation Of Government Employees (plaintiff) v.s. Kip Hawley, in his official capacity as Administrator for TSA, the plaintiffs alleged that defendants violated the Aviation and Transportation Security Act ("ATSA") and the Privacy Act by failing to establish appropriate safeguards to insure the security and confidentiality of personnel records which resulted in unintended disclosure of Personally Identifiable Information (PII) of 100,000 TSA employees. The defendants argued that "that the individual plaintiffs should be dismissed for lack of standing for failing to demonstrate an injury-in-fact. Mot. Dismiss at 13.11 According to defendants, plaintiffs' concerns about future harm are speculative and dependent upon the criminal actions of third parties. Mot. Dismiss at 13–15" The court, however, disagrees: "Plaintiffs allege that because TSA violated § 552a(e)(10) by failing to establish safeguards to secure the missing hard drive, they have suffered an injury in the form of embarrassment, inconvenience, mental distress, concern for identity theft, concern for damage to credit report, concern for damage to financial suitability requirements in employment, and future substantial financial harm, [and] mental distress due to the possibility of security breach at airports." Compl. 41–42. As such, plaintiffs' alleged injury is not speculative nor dependent on any future event, such as a third party's misuse of the data.12 The court finds that plaintiffs have standing to bring their Privacy Act claim." For details see: https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2007cv0855-6 http://cyberlaw.stanford.edu/node/5734 The outcome of this could have far-reaching implications for the future data leaks.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.