BreachExchange mailing list archives
Ashley Madison Data Breach Lawsuits Pose Privacy Test
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 15 Dec 2015 20:14:42 -0700
http://blogs.wsj.com/law/2015/12/15/ashley-madison-data-breach-lawsuits-pose-privacy-test/ The class-action litigation over the Ashley Madison data breach is testing how much privacy courts are willing to grant plaintiffs who sue companies for failing to protect their personal information. In August hackers released nearly 10 gigabytes of data stolen from Avid Life Inc., the parent company of Ashley Madison, a dating website for those looking for extramarital affairs. The data included sensitive information, including customers’ names, email addresses and credit-card details, and exposed millions of accounts. More than a dozen civil lawsuits have been filed in federal courts against Avid Life, which is accused of failing to safeguard customer information. Most of the plaintiffs have shielded their names, suing as John and Jane Does. The company, which seeks to arbitrate the breach claims, has asked judges in at least two courts to order the plaintiffs to use their real names. And at least one judge has agreed that plaintiffs shouldn’t be allowed to use pseudonyms. This week a federal judge in Arkansas ordered a “John Doe” plaintiff suing Avid Life to refile his complaint with his actual name. A constitutional right to open courts normally requires plaintiffs to publicly identity themselves in court. Judges have some discretion to grant anonymity, and they sometimes do to protect privacy among other reasons. U.S. District Judge James M. Moody Jr., in a decision Monday, said the privacy interests of the plaintiff weren’t significant enough to warrant confidentiality. Wrote the judge: "Requiring Plaintiff to proceed without anonymity does not, as Plaintiff claims, expose his “sexual habits [to] public scrutiny.” Rather, it simply reveals that at one time he was a member of a website that catered to individuals who wanted to have “discreet relationships.” The details of whether Plaintiff did anything beyond signing up are not relevant to the claims in the complaint, which means there would be no revelation of Plaintiff’s sexual proclivities. Plaintiff’s privacy concerns do not outweigh the “strong presumption” in favor of requiring a party to proceed under his own name." Lawyers for “John Doe” had argued in a brief that forcing their client “would allow others to scrutinize his extremely sensitive personal and financial information.” They accused Avid Life of “attempting to leverage the threat of potentially catastrophic personal consequences to discourage Plaintiff and others from seeking redress in the courts.” Avid Life Media had argued there was no “exceptional circumstance necessary to justify pseudonymous pleading.” Lawyers for the company wrote that they can’t seek “to compel arbitration at this time because Avid does not know Plaintiff’s true identity.” Law Blog has sought comment from an attorney representing Avid Life. The judge’s decision applied to just one of the Ashley Madison breach cases. Avid Life has sought to unmask plaintiffs in litigation filed in federal court in St. Louis, where all the cases across the nation are likely to be consolidated. The judge in Missouri has yet to rule on the request.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Ashley Madison Data Breach Lawsuits Pose Privacy Test Audrey McNeil (Dec 16)