Protecting Company Data is More Important Than Ever

When you hear the phrase “trade secret,” it often brings to mind an image of the secrets that companies want to keep safe from their competitors.  But companies need to protect the personal information of their customers as well, whether on a laptop, Blackberry, iPhone, point of sale device, or when sent over a wireless or wired network.  Companies are not safe from lawsuits for the loss of this personal information, and they can be at increased risk if they store unencrypted customer data on laptops.  The Ninth Circuit has recently said that companies can be held liable for simply creating a risk that customer data will be stolen.

In Ruiz v. Gap, Inc., The Gap was sued for negligence for failing to adequately secure its customer data.  See Ruiz v. Gap, Inc., 540 F.Supp.2d 1121 (N.D. Cal. 2008).  A job applicant from Texas, Ruiz, applied for a position with the company over its website.  The employment application required Ruiz to input several items of personal information, including his social security number.  The Gap outsourced its job recruiting to another vendor and, soon after Ruiz had filed his application, The Gap realized that two laptop computers containing Ruiz's personal information had been stolen.  The two laptops contained the social security numbers of over 800,000 applicants.

The Gap notified the at-risk applicants and offered them a year of credit monitoring and $50,000 in identity theft insurance.  Ruiz soon brought suit under his negligence theory, and The Gap asked the court for a judgement on the pleadings.  The court denied The Gap's request, but then an question arose over whether Ruiz had standing to bring his claim.  Ruiz claimed that he was at an “increased risk” of becoming a victim of identity theft because of The Gap's negligent actions.  The Gap argued that an “increased risk” was insufficient for standing under the US Supreme Court's Lujan v. Defenders of Wildlife standard because it was not an “injury in fact.”

The Ninth Circuit ultimately found that Ruiz had suffered an “injury in fact” to sustain his standing under Lujan, but warned that it would be quick to revoke that standing if it appeared in later proceedings that Ruiz's injury was conjecture:

The injury that underlies all of Plaintiff's claims-the fact that Plaintiff faces an increased risk that his identity may be stolen at some time in the future-seems, at first blush, conjectural or hypothetical, rather than actual or imminent. Nonetheless, the Court must presume “that general allegations embrace those specific facts that are necessary to support the claim.” Lujan, 504 U.S. at 561, 112 S.Ct. 2130 (internal quotation marks omitted). Although Ruiz has asserted that the risk of identity theft he and other putative class members face is now “increased,” there is nothing else from which the Court can determine whether this risk is actual, imminent, credible, or any of the other adjectives courts have used in defining what types of risk of future harm may confer standing.

At this stage of the proceedings, the Court cannot conclude that Ruiz lacks standing. Nonetheless, Ruiz must be mindful that the elements of standing “are not mere pleading requirements but rather an indispensable part of the plaintiff's case....” Lujan, 504 U.S. at 561, 112 S.Ct. 2130. Should it become apparent that Ruiz's alleged injury is in fact too speculative or hypothetical, the Court will conclude, as it must, that Ruiz lacks standing.

This case underscores the great importance of protecting your customer data.  With the increase in identity theft over the last ten years, courts have become more willing to find companies liable for these types of mistakes.  It is important to take adequate steps to not only protect your companies trade secrets, but the secrets of your customers as well.


Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.

If you have a TypeKey or TypePad account, please Sign In.


TrackBack URL for this entry:

Listed below are links to weblogs that reference Protecting Company Data is More Important Than Ever:

Official Trademark Clearinghouse Agent

Trade Secret Law & Non-Compete Law Blog Homepage: Trade Secret Attorney, Non-Compete Agreement Attorney


Domain attorney recommended by Domaining.com
© 2011 Traverse Legal, PLC. All Rights Reserved.
Traverse Legal on LinkedInTraverse Legal on FacebookTraverse Legal on Twitter
Events & Conferences:
  • International Trademark Association 2011, San Francisco, California
  • Cyber Law Summit 2011, Las Vegas, Nevada
  • Game Developers Conference 2011, San Francisco, California
  • DOMAINfest 2011, Santa Monica, California
Recent Attorney Speaking Engagements:
  • South By Southwest 2010 SXSW Interactive Conference, Austin, Texas
  • West LegalEdcenter Midwestern Law Firm Management, Chicago, Illinois
  • Internet Advertising under Part 255, Altitude Design Summit, Salt Lake City, Utah
  • Online Defamation and Reputation Management, News Talk 650 AM, The Cory Kolt Show, Canada Public Radio Saskatewan Canada
  • Alternative Fee Structures, Center for Competitive Management, Jersey City, New Jersey
  • FTC Part 255 Advertising Requirements, Mom 2.0 Conference, Houston, Texas
  • Webmaster Radio, Cybersquatting & Domain Monetization, Fort Lauderdale, Florida
Notable Complex Litigation Cases Handled By Our Lawyers:
  • Trademark Infringement, Milwaukee, Wisconsin
  • Cybersquatting Law, Trademark Law and Dilution Detroit, Michigan
  • Internet Defamation & Online Libel Indianapolis, Indiana
  • Trade Secret Theft, Chicago, Illinois
  • Cybersquatting Law, Anticybersquatting Consumer Protection Act Miami, Florida
  • Cybersquatting Law, Anticybersquatting Consumer Protection Act Eastern Dist. of Virginia, Alexandria
  • Stolen Domain Name, Orlando, Florida
  • Commercial Litigation, Tampa, Florida
  • Copyright Infringement and Cybersquatting Law, Grand Rapids, Michigan
  • Mass Tort Litigation, Los Angeles, California
  • Stolen Domain Name, Detroit, Michigan
  • Adwords Keyword Trademark Infringement, Los Angeles, California
  • Trademark Infringement & Unfair Competition, Boston, Massachusetts
  • Non-Compete Agreement and Trade Secret Theft, Detroit, Michigan
  • Mass Tort, Philadelphia, Pennsylvania
  • Mass Tort, Tyler, Texas
  • Insurance Indemnity, New York
  • Copyright Infringement, Detroit, Michigan