In a recent blog post, Kevin McGinty of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo speaks to the “new” age-old question: “If data is stolen, but no one does anything with it, has there been an injury?” His answer draws on a recent decision, Maglio v. Advocate Health & Hospitals, from an Illinois state court.
In the case, the plaintiffs were a class of people who’d had their medical information compromised when laptops on which it was stored unencrypted were stolen. It’s important to note they didn’t allege the information had been accessed or used, nor had they suffered any type of identity theft. Instead, they based their case on the risk of harm, to which the court said, no-go. “The court ruled that plaintiffs had not alleged actionable injury, and dismissed their case,” explains McGinty.
