Ruiz v. Gap: Increased Risk of ID Theft Not Damages

In a previous post this blog noted that a California Federal District Court denied a motion to dismiss a data breach negligence claim based on a lack of "damages."  Despite the partial "victory," the Court had also suggested that the damages issue might not survive a motion for summary judgment.  Well, the Court made its own prediction come true in a recent ruling.On April 4, 2009, the court issued a decision indicating that an increased risk of identity theft did not rise to the level of harm necessary to maintain a negligence claim.  This was true despite evidence from experts indicating an increase risk that the plaintiff's personal information was exposed.  Without evidence of actual significant exposure of the plaintiff's personal information, the Court indicated that analogies to "medical monitoring" damages were not supported. This case is another in a line of case establishing that, absent identity theft, it is uncertain whether a consumer plaintiff of a data breach can win in court.