Search
  • Phil Griffis

Potential Lawsuit Over Alleged NASA Data Breach

A stolen NASA laptop, allegedly containing personal information on 10,000 NASA employees, has prompted a potential civil lawsuit. As reported in the Pasadena Star News, the unencrypted computer was taken from a Washington, D.C. parking lot.

Read the article here


According to the article, NASA has taken several corrective measures, including the issuance of an apology, the hiring of a security firm and the institution of a policy of data encryption. At least four of the employees have retained a California attorney who is threatening a class action suit.The article raises the question of exactly what the lawsuit would claim. Certainly the accidental dissemination of personal data is a breach of trust, and a huge potential source of inconvenience and embarrassment. But could it lead to a valid claim for monetary damages?


Perhaps the biggest potential roadblock for the employees will be proving damages. In other words, were the employees actually harmed by the theft? For instance, if the computer was immediately destroyed, or thrown into the ocean, then the employees personal information was not actually disseminated to third parties. In that case, it is difficult to see how the employees could prove a right to monetary damages. But if the data was retrieved, and disseminated to third parties, then it would be a whole different ball game. So I think question one is going to be “what happened to the computer, and the data it contained”?


Another question will be what theory of liability the employees would allege. My guess is that it will be a claim based on negligence and/or invasion of privacy. In a negligence suit, the employees would likely argue (1) that NASA had a duty to preserve and secure their confidential information (2) it breached that duty by allegedly failing to encrypt the data and secure the laptop and (3) they were damaged monetarily as a result. Pertinent inquiries would be whether NASA’s policies met applicable industry standards for data encryption and security of computers containing confidential data.


In order to win a suit for invasion of privacy in Texas, the person bringing the suit typically has to prove:

1.  The defendant publicized information about the plaintiff’s private life;

2.  The publicity would be highly offensive to a reasonable person;

3.  The matter publicized is not of legitimate public concern; and

4.  The plaintiff suffered an injury as a result of the defendant’s disclosure.


Whether the employees could win such a suit would turn on whether private information about them was actually publicized, and whether they were actually damaged as a result. Based on the limited information available about the event, it’s impossible to predict whether they will be able to do so.


WRITTEN BY

THE LAW OFFICE OF PHIL GRIFFIS



Phil Griffis obtained his first jury verdict in 1990, when he convinced a jury that a customer’s fall at his client’s store did not cause the customer’s aspiration pneumonia and stroke. In the years since he has continued to win in courtrooms across the State of Texas.

2 views

Recent Posts

See All

Beware of the Reopening

The President has just announced guidelines for "reopening" the country, and it seems certain that Texas state government will fall in line with them.  As your business gears up for "normal" activity,

© 2018 by The Law Office of Phil Griffis.  All Rights Reserved.

  • Black Instagram Icon
  • Black Facebook Icon
  • Black Twitter Icon
  • Black LinkedIn Icon
  • Black YouTube Icon
We are not your attorney. Nothing on this website or blog should be interpreted as legal advice or the creation of an attorney-client relationship. You should not act or rely on the basis of information on this site without seeking the advice of an attorney. 
1322 Space Park Drive, Suite A248 Houston, Texas 77058

info@griffislawfirm.com

(832) 284-4013