Upon returning to Minnesota, I learned that Target is offering to settle a class action lawsuit related to their 2013 data beach with a $10 million pot of money set aside for Target customers harmed by the breach.
So what do Edward Snowden and the Target breach have in common? They both cause me to think about how much we as individuals value our privacy and what value society places on our right to be left alone.
If your telephone and email records were accessed and collected by the government without your knowledge, what harm or damage was caused? Creepy, yes. But did you suffer any monetary loss or other injury? Can you demonstrate any damage to your name or reputation? What loss have you suffered as a result of such an alleged invasion of privacy?
If you were one of over 110 million customers who shopped at Target between Nov. 27 and Dec. 15, 2013, you may now be able to submit a claim with a potential $10,000 payout, but it may be difficult for anyone to get much money from this settlement offer. As with other privacy litigation and related settlements, it is difficult to prove actual damages.
In Boring v Google, a Pennsylvania couple sued Google for posting pictures of their home on Google’s street view claiming an invasion of privacy. The court dismissed the case, finding no facts to support the torts of intrusion upon seclusion and publicity given to private life. The court found nothing to support any shame, humiliation, or offense to a reasonable person. This case is just one example of how difficult it is to prove actual damages in a privacy claim.
In the case of Target, an individual seeking payment under this settlement program may have to demonstrate actual harm in the form of unauthorized and unreimbursed charges or other actual loss or damages. In most cases, fraudulent charges are caught before they are charged to the consumer and, if the credit card company is notified in time, the charges are reversed. Emotional duress or angst suffered as a result of a data breach and potential identity theft is not generally considered sufficient harm and is very difficult to quantify in monetary terms. No money has been set aside in the Target settlement pot to cover such anguish suffered by a consumer as a result of the data breach.
So what is the real value of individual privacy, and at what cost should we allow our privacy to be compromised? Can we assign a monetary value to such rights?
I do not know the answer to this philosophical question and am not sure the courts are equipped to resolve this issue. This is not a new issue; it was first articulated by Louis Brandeis is 1890, over 125 years ago. And now Snowden has elevated the individual’s right to privacy and the right to be let alone to a global discussion taking place both within government agencies and corporate boardrooms.