Ashley Madison Data Breach Lawsuits Pose Privacy Test

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://blogs.wsj.com/law/2015/12/15/ashley-madison-data-breach-lawsuits-pose-privacy-test/

The class-action litigation over the Ashley Madison data breach is testing
how much privacy courts are willing to grant plaintiffs who sue companies
for failing to protect their personal information.

In August hackers released nearly 10 gigabytes of data stolen from Avid
Life Inc., the parent company of Ashley Madison, a dating website for those
looking for extramarital affairs. The data included sensitive information,
including customers’ names, email addresses and credit-card details, and
exposed millions of accounts.

More than a dozen civil lawsuits have been filed in federal courts against
Avid Life, which is accused of failing to safeguard customer information.
Most of the plaintiffs have shielded their names, suing as John and Jane
Does.

The company, which seeks to arbitrate the breach claims, has asked judges
in at least two courts to order the plaintiffs to use their real names. And
at least one judge has agreed that plaintiffs shouldn’t be allowed to use
pseudonyms.

This week a federal judge in Arkansas ordered a “John Doe” plaintiff suing
Avid Life to refile his complaint with his actual name.

A constitutional right to open courts normally requires plaintiffs to
publicly identity themselves in court. Judges have some discretion to grant
anonymity, and they sometimes do to protect privacy among other reasons.

U.S. District Judge James M. Moody Jr., in a decision Monday, said the
privacy interests of the plaintiff weren’t significant enough to warrant
confidentiality. Wrote the judge:

"Requiring Plaintiff to proceed without anonymity does not, as Plaintiff
claims, expose his “sexual habits [to] public scrutiny.” Rather, it simply
reveals that at one time he was a member of a website that catered to
individuals who wanted to have “discreet relationships.” The details of
whether Plaintiff did anything beyond signing up are not relevant to the
claims in the complaint, which means there would be no revelation of
Plaintiff’s sexual proclivities. Plaintiff’s privacy concerns do not
outweigh the “strong presumption” in favor of requiring a party to proceed
under his own name."

Lawyers for “John Doe” had argued in a brief that forcing their client
“would allow others to scrutinize his extremely sensitive personal and
financial information.” They accused Avid Life of “attempting to leverage
the threat of potentially catastrophic personal consequences to discourage
Plaintiff and others from seeking redress in the courts.”

Avid Life Media had argued there was no “exceptional circumstance necessary
to justify pseudonymous pleading.” Lawyers for the company wrote that they
can’t seek “to compel arbitration at this time because Avid does not know
Plaintiff’s true identity.”

Law Blog has sought comment from an attorney representing Avid Life.

The judge’s decision applied to just one of the Ashley Madison breach
cases. Avid Life has sought to unmask plaintiffs in litigation filed in
federal court in St. Louis, where all the cases across the nation are
likely to be consolidated. The judge in Missouri has yet to rule on the
request.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!