Defendant Prevails in Privacy Case Where Data Theft Results in No Injury to Plaintiffs

The recent “data breach” case of Randolph v. ING Life Insurance and Annuity Company limits prospective liability where a loss or theft of personal data presents no more than a speculative threat of invasion of privacy, identify theft, or fraud. The case, which was resolved on motion to dismiss, reflects the trend in U.S. case law that data controllers will not necessarily face liability for losing control of personal information if the loss did not cause concrete harm to the affected individuals.