This Note discusses Pisciotta v. Old National Bancorp, a case decided by the Seventh Circuit, which dealt with the following issue for the first time: whether the costs of credit monitoring spent by consumers whose personal information was wrongfully accessed through a database security breach but who were not victims of identity theft or fraud are compensable damages and thus recoverable under a negligence or breach of contract action against the database owner. The Seventh Circuit was rather definitive in its ruling that the plaintiffs had not suffered the requisite harm to place liability on the database owner, thus causing concern for consumers wishing to bring similar cases. This Note looks at whether
Pisciotta could have come out differently, for example, by analogizing the exposure of the plaintiffs’ personal information to toxic exposure in toxic tort cases, and also by questioning the role of the economic loss doctrine in database security breach cases. This Note also assesses what should be done to protect consumers’ privacy interests in light of the difficulties consumers face under current common law, as illustrated in Pisciotta. Specifically, this Note proposes that legislation be enacted to provide for the recovery of credit-monitoring costs by affected consumers of a database security breach.
Elena N. Vranas-Liveris,
Lost in Cyberspace: A Call for New Legislation to Fill the Black Hole in Information Privacy Law Following Pisciotta v. Old National Bancorp,
Seventh Circuit Rev.
Available at: https://scholarship.kentlaw.iit.edu/seventhcircuitreview/vol3/iss2/8