http://cyberlaw.stanford.edu/node/5734
>From the original title of this post the uneducated would take it to mean that a PII disclosure does not necessarily result in a fine for the guilty party, where in fact the report I believe indicates that a financial penalty may be enforced on the guilty even if no actual financial loss was incurred as a result of the PII. S. On Apr 10, 10:40 am, "Ali, Saqib" <[EMAIL PROTECTED]> wrote: > Special thanks to Lauren Gelman of Stanford for highlighting this in > her blog <http://cyberlaw.stanford.edu/blog/lauren-gelman>. > > In the recent American Federation Of Government Employees (plaintiff) > v.s. Kip Hawley, in his official capacity as Administrator for TSA, > the plaintiffs alleged that defendants violated the Aviation and > Transportation Security Act ("ATSA") and the Privacy Act by failing to > establish appropriate safeguards to insure the security and > confidentiality of personnel records which resulted in unintended > disclosure of Personally Identifiable Information (PII) of 100,000 TSA > employees. > > The defendants argued that "that the individual plaintiffs should be > dismissed for lack of standing for failing to demonstrate an > injury-in-fact. Mot. Dismiss at 13.11 According to defendants, > plaintiffs' concerns about future harm are speculative and dependent > upon the criminal actions of third parties. Mot. Dismiss at 13-15" > > The court, however, disagrees: > "Plaintiffs allege that because TSA violated ยง 552a(e)(10) by failing > to establish safeguards to secure the missing hard drive, they have > suffered an injury in the form of embarrassment, inconvenience, mental > distress, concern for identity theft, concern for damage to credit > report, concern for damage to financial suitability requirements in > employment, and future substantial financial harm, [and] mental > distress due to the possibility of security breach at airports." > Compl. 41-42. As such, plaintiffs' alleged injury is not speculative > nor dependent on any future event, such as a third party's misuse of > the data.12 The court finds that plaintiffs have standing to bring > their Privacy Act claim." > > For details > see:https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2007cv0855-6http://cyberlaw.stanford.edu/node/5734 > > The outcome of this could have far-reaching implications for the > future data leaks involving PII. > > _______________________________________________ > FDE mailing list > [EMAIL PROTECTED]://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
