A recent 11th Circuit case may – if followed elsewhere and not reversed by the US Supreme Court – reduce a company’s potential exposure under conventional contract language requiring sensitive materials to be held in confidence. Many companies have been concerned that such language would make them liable if they were the victim of a third-party data breach as opposed to an intentional disclosure by one of their employees or contractors.
In Silverpop v. Leading Market Technologies, 2016 U.S. App. LEXIS 196, the US Court of Appeals for the Eleventh Circuit held that losses associated with a data breach “are best characterized as consequential” and recovery on a contract claim should be barred when the contract contains a prohibition the award of consequential damages. The Court further found that negligence claims for such data breaches would be barred due to the lack of an applicable standard of care, as well as by the economic loss rule. Thus, absent proof of negligence or specific contractual language that is on-point, a data breach of itself does not constitute a breach of the obligation to take reasonable measures to safeguard confidential material under a confidentiality provision.
Earlier this month, an Ontario court escalated the privacy rights of subscribers in a high-profile case involving Rogers and Telus, who were asked by police to provide “tower dump” records that would have revealed information on thousands of cellphone users. The two telecom companies rejected the request, noting that the disclosure would affect tens of thousands of people who were merely located in the vicinity of a cellphone tower during the specified period.
Given the detailed information that would have been available (including billing and credit card information), the lack of safeguards over the information and the over-breadth of the request, the companies argued that an order to produce the information would breach the reasonable expectation of privacy of the affected cellphone users.
Use these apps to expose cell phone surveillance:
The encryption debate raging inside the U.S. government peeked out into the open at an Internet policy conference on Monday, as a high-ranking Justice Department official and an FTC commissioner offered dueling views of the proper balance between liberty and security.
The back-to-back comments by Assistant Attorney General Leslie Caldwell and FTC Commissioner Terrell McSweeny at the State of the Net conference offered a distilled version of the battle over government access to encrypted products.