Chipotle Joins Growing List Of Merchants Who Claim They Are Not Responsible For Their Actions

March 13, 2018 at 8:57 am 1 comment

Image result for chipotle data breachAnother day, another data breach, another lawsuit and another motion to dismiss it by merchants who argue that they have no legal obligation to protect the information of consumers who frequent their establishment or to pay for the foreseeable damages their negligence causes to credit unions and banks.

The latest example of this never-ending cycle comes in the form of a well drafted response by Bellwether Community Credit Union and Alcoa Community Credit Union in opposition to Chipotle Mexican Grill’s motion to dismiss a data breach lawsuit brought by the credit unions. This lawsuit stems from a March 17th hack of Chipotle’s point of sale systems that the credit unions allege affected more than 2,200 of the restaurants nationwide.

What makes this lawsuit intriguing to yours truly is that in addition to the standard arguments, the credit unions are arguing that the restaurant’s conduct violated the Defend Trade Secrets Act of 2016 (15 USC 1831). This Act makes it illegal for a company to intentionally “convert a trade secret, that is related to a product or service used in or intended for use in interstate or foreign commerce, to the economic benefit of anyone other than the owner thereof, and intending or knowing that the offense will, injure any owner of that trade secret.”

This argument may have been used before but this is the first time I have seen this argument in credit union land and it made me Google the Federal statute. In order for the credit unions to go forward on this claim, they are going to have to convince the judge that credit and debit card information is a “protectable trade secret” and that Chipotle’s negligence amounted to a disclosure of this information to the hackers.

I know I sound like a broken record and I know I’m preaching to the converted, but the fact that we are still arguing about what duties merchants owe to whom and under what circumstances is tantamount to debating whether automobile companies should be liable for car defects that manifest themselves in Alaska or Hawaii. Merchants such as Chipotle and Target are national economic actors and common sense tells you that they should be responsible for the harm they cause no matter where it manifests itself.

Now that the House Republicans have assured us that Donald Trump did not collude with Russia in the 2016 Presidential campaign, perhaps reasonable minds can come to a consensus on national data breach standards. When I went to Washington a couple of weeks ago, I was surprised at how many members of both parties seem to agree that now is the time to take a serious look at the idea.

Better late than never.

Entry filed under: Legal Watch. Tags: , , .

Things To Consider When Considering Interns Commonsense Reform Bill Passes Senate

1 Comment Add your own

  • 1. cugeek  |  March 14, 2018 at 1:12 pm

    I’m in total agreement. If the credit unions lost your financial information, they’d be responsible. If Chipotle lost your burrito, they’d be responsible. Yet somehow if they lose your financial information, the credit union is responsible? I’ve written about this numerous times and it is so obviously in need of fixing.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 503 other followers

Archives