On February 4, 2021, in Tsao v. Captiva MVP Restaurant Partners, LLC, the United States Court of Appeals for the Eleventh Circuit held that the mere existence of a data breach is insufficient to grant plaintiffs standing to sue the company that exposed their personal information. By doing so, the Eleventh Circuit aligned itself with the Second, Third, Fourth, and Eighth Circuits. In contrast, the Sixth, Seventh, Ninth, and D.C. Circuits have granted standing in such cases. This Comment argues that the Eleventh Circuit properly applied Supreme Court jurisprudence at the time it decided Tsao and, in light of more recent Supreme Court decisions, came to the correct conclusion.
John Landzert, A Hacker “May” Have Accessed Your Data: Can Victims of Data Breaches Sue Before Alleging Misuse?, 63 B.C. L. Rev. E.Supp. II.-95 (2022), https://lawdigitalcommons.bc.edu/bclr/vol63/iss9/11