AXA XL uses two forms of cookies on this site:

  1. to enable the site to operate and retain any preferences you set
  2. for analytics to make the site more relevant and easy to use

These cookies do not collect personal information. For more information about our cookie usage, please click here. To comply with EU privacy laws you must consent to our use of cookies.

By using this site, you agree that we can place these types of cookies on your device. If you choose to change your cookie settings you will be presented with this message the next time you visit.

Fast Fast Forward

Understanding the Swinging Pendulum That is Data Breach Law

Data Breach Laws


In today’s technology-driven economy, organizations of all sizes are exposed to increasingly complex computer security risks. The evolving sophistication of the hacking community only increases the likelihood of a targeted cyber-attack and forces companies to recognize the importance of protecting this valuable data. Additionally, human error accounts for a large percentage of compromised data due to lost laptops, smartphones and/or inadvertent disclosure of sensitive personal and/or corporate confidential information. Companies in all industries face a heightened scrutiny in the regulatory realm due to enhanced enforcement by governmental entities. In addition, nearly every state in the country maintains data breach laws requiring timely notification of individuals whose information may have been compromised as well as adherence to the standards imposed by the Payment Card Industry (PCI) for those companies accepting credit cards. Just one security failure or privacy security could lead to intense regulatory scrutiny and costly civil litigation.

We read about data breaches affecting millions of individuals on almost a weekly basis. What is the future of ligation regarding these breaches?

The main hurdles Plaintiffs must overcome are standing and damages. Generally, for a case to survive a motion to dismiss there must be evidence that information was actually exploited or compromised. One example is posting the information of the victims in a public forum. Some Plaintiffs’ attorneys try to argue that when customers pay for services, there is an implied promise that the defendant would use some of that money to implement cybersecurity precautions and as such, plaintiffs should get a portion of that money back. The Courts have been somewhat split on the standing/damages issue but have usually taken a pro-defendant stance. However, it is very fluid.

Read the full article here, on

© 2018 AXA SA or its affiliates
AXA XL is the P&C and specialty risk division of AXA.