Privacy Injuries and Article III Concreteness

The Supreme Court\u27s 2016 decision in Spokeo, Inc. v. Robins requires federal courts to investigate the concreteness of a plaintiff\u27s injury, even after Congress has recognized the injury by statute. Spokeo\u27s concreteness discussion is a confusing mixture of several distinct considerations, and there is little rhyme or reason to how the lower courts have interpreted and applied Spokeo to other statutorily authorized injuries. This Article identifies four distinct informational injuries in the Court\u27s past cases: injuries arising from the withholding, acquiring, using, and disseminating of information. To avoid Spokeo\u27s mistakes, federal courts should give binding deference to Congress\u27s decision to make an injury privately enforceable when three conditions are met: when the plaintiff alleges one of these informational injuries; when the defendant is a non-governmental actor; and when Congress has effectively personalized the injury and the plaintiff is among the injured. The Court\u27s approach-an unmoored judicial investigation into an informational injury\u27s amorphous concreteness -erodes Congress\u27s ability to provide avenues of redress for new and novel harms, and this erosion is already undermining privacy protections. Since Spokeo, lower courts have refused to enforce provisions of the Fair Credit Reporting Act, the Fair and Accurate Credit Transactions Act, and the Cable Communications Policy Act, among other statutes. The informational- injury lens shows that courts lack a principled way to stop Spokeo from also undermining provisions of the Wiretap Act, the Stored Communications Act, Illinois\u27s Biometric Privacy Act, and nascent privacy reform proposals that have private rights of action-including European- and California-style data processing restrictions and an information fiduciary regime. The Court\u27s Spokeo decision is in tension with historical practice, is having deleterious effects on privacy interests in the lower courts, and threatens to gut putative privacy law reform. This Article provides a mechanism for understanding how the Court\u27s standing jurisprudence goes awry, and it posits a simpler and superior alternative approach

A Private Enforcement Remedy for Information Misuse

Misuse of users’ personally identifiable information is persistent and pervasive. This Article addresses two questions: why is information misuse so common and so severe and how could domestic law change to make it less so? I use a simple model to illustrate that companies externalize information misuse costs onto users, which has two related but distinct effects: chronic underinvestment in information security and excessive retention of user data. I then seize on this observation to propose a specific legal vehicle at the heart of this Article—a private enforcement remedy. This private enforcement remedy has four essential features. First, the remedy must be created under state law. State law provides a viable alternative when federal courts have used the constitutional standing doctrine to express overt hostility to privacy harms. Second, the law should impose a fiduciary duty on entities that collect or retain users’ information. Structuring the remedy this way insulates it from attack by a weaponized First Amendment. Third, breach of an information fiduciary’s duty should be a strict liability tort. The arguments for strict liability in products liability cases apply with even greater force to informational harms. Fourth, the statute that creates this private enforcement remedy should prescribe a schedule that begins with nominal damages and attorney’s fees for strict liability, and it should increase monetary penalties with a defendant’s culpability. The remedy’s central purpose is to reshape incentives, so the damages schedule should not be unduly punitive or effect a windfall for plaintiffs’ attorneys

Corporate Directors\u27 and Officers\u27 Cybersecurity Standard of Care: The Yahoo Data Breach

On September 22, 2016, Yahoo! Inc. ( Yahoo ) announced that a data breach and theft of information from over 500 million user accounts had taken place during 2014, marking the largest data breach ever at the time. The information stolen likely included names, birthdays, telephone numbers, email addresses, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers. Yahoo further disclosed its belief that the stolen data did not include unprotected passwords, payment card data, or bank account information. Just two months before Yahoo disclosed its 2014 data breach, it announced a proposed sale of the company\u27s core business to Verizon Communications. Then, during mid-December 2016, Yahoo announced that another 1 billion customer accounts had been compromised during 2013, a new record for largest data breach. Social media and electronic commerce websites face significant risk factors, and an acquirer may inherit cyber liability and vulnerabilities. The fact pattern in this announced acquisition raises a number of important corporate governance issues: whether Yahoo\u27s conduct leading up to the data breaches and its subsequent conduct constituted a breach of the duty to shareholders to provide security, the duty to monitor, the duty to disclose, or some combination thereof the impact on Verizon shareholders of the acquisition price renegotiation and Verizon\u27s assumption of post-closing cyber liabilities; and whether more drastic compensation clawbacks for key Yahoo executives would be appropriate. Cybersecurity remains a threat to all enterprises, and this Article contributes to the corporate governance literature, particularly as it applies to mergers and acquisitions and the management of cyber liability risk

The complementary roles of knowledge and strategy in insight problem-solving

Two main classes of theory have been proposed to account forinsight problem-solving performance; those that invoke theovercoming of constraints arising from prior knowledge as thesource of insight, and those that propose strategic search formoves that make progress towards a hypothesized goal state.An experiment using matchstick algebra problems assessed thecontributions of each source. Results indicate that, while priorknowledge creates the conditions under which matchstickalgebra problems are more or less difficult to solve, search formoves that make the most apparent progress towards ahypothesized goal provides the key to eventual solution

Drawing the answers: sketching to support free and probed recall by child witnesses and victims with Autism Spectrum Disorder

The success of witness interviews in the criminal justice system depends on the accuracy of information obtained, which is a function of both amount and quality of information. Attempts to enhance witness retrieval such as mental reinstatement of context have been designed with typically developed adults in mind. In this paper, the relative benefits of mental and sketch reinstatement mnemonics are explored with both typically developing children and children with autism. Children watched a crime event video, and their retrieval of event information was examined in free and probed recall phases of a cognitive interview. As expected, typically developing children recalled more correct information of all types than children with autism during free and probed recall phases. Sketching during free recall was more beneficial for both groups in both phases in reducing the amount of incorrect items, but the relative effect of sketching on enhancing retrieval accuracy was greater for children with autism. The results indicate the benefits of choosing retrieval mnemonics that are sensitive to the specific impairments of autistic individuals, and suggest that retrieval accuracy during interviews can be enhanced, in some cases to the same level as that of typically developing individuals

An observational prospective study of topical acidified nitrite for killing methicillin-resistant Staphylococcus aureus (MRSA) in contaminated wounds

Background Endogenous nitric oxide (NO) kills bacteria and other organisms as part of the innate immune response. When nitrite is exposed to low pH, NO is generated and has been used as an NO delivery system to treat skin infections. We demonstrated eradication of MRSA carriage from wounds using a topical formulation of citric acid (4.5%) and sodium nitrite (3%) creams co-applied for 5 days to 15 wounds in an observational prospective pilot study of 8 patients. Findings Following treatment with topical citric acid and sodium nitrite, 9 of 15 wounds (60%) and 3 of 8 patients (37%) were cleared of infection. MRSA isolates from these patients were all sensitive to acidified nitrite in vitro compared to methicillin-sensitive S. aureus and a reference strain of MRSA. Conclusions Nitric oxide and acidified nitrite offer a novel therapy for control of MRSA in wounds. Wounds that were not cleared of infection may have been re-contaminated or the bioavailability of acidified nitrite impaired by local factors in the tissue