Privacy & Data Security

The collection, storage, use, and disclosure of consumer data are hot topics in the legal, regulatory, and legislative communities. In addition to the types of data that may be particularly sensitive and/or targeted by hackers (e.g., credit card information, health data), many organizations collect consumer data to better understand and connect with customers (e.g., demographic information, consumer preferences). However, the ever-changing ways in which data are collected and used present significant challenges with respect to how organizations develop and adhere to their respective privacy policies, and the limitations of customer consent. Moreover, the collection and use of data sets the stage for unauthorized individuals to access information through cyberattacks and misuse that data to harm both the entities that legitimately collect data as well as their customers. 



State and federal laws in the US (and other authorities overseas) govern the maintenance and use of data by the companies that collect them to protect the privacy interests of individuals. The use and potential misuse of data by both authorized parties and outside actors may lead to investigations and claims of statutory violations, negligence, invasion of privacy, misappropriation of personal information, and infliction of emotional distress. 

How Analysis Group can help

When such disputes arise, it is often difficult for courts to assess liability and damages related to misuse of consumer data, publicity/privacy rights, and data breaches. In such matters, the ability to analyze and interpret a wide variety of complex data is often critical. Analysis Group has both the quantitative and technological expertise to analyze complex datasets, source code, and data systems and architectures. Our experts can assist with addressing such challenging questions as:

  • Did the organization’s use of consumer data constitute a “misuse,” and were all consumers’ data similarly misused?
  • Did the organization apply reasonable safeguards to protect consumer data?
  • Is there a causal relationship between the misuse, disclosure, or theft of consumer data and any potential subsequent harm to individuals?
  • How do consumers value the data that were alleged to have been misused, disclosed, or breached?

We assist clients in finding answers to these questions through a number of analyses, including:

  • Quantifying the costs of a breach (or potential breach) to an organization
  • Determining the number of alleged violations that meet the requirements for statutory damages
  • Defining and measuring consumer harm in a litigation context
  • Evaluating the appropriateness of class certification regarding the alleged misuse or misappropriation of personal information
  • Assessing the economic impact of liability and damages arguments
  • Quantifying the value of personal data
  • Determining the reasonable level of investment in data security resources and infrastructure