Douglas Meal, adjunct professor of law at CSU|LAW, has published an article titled “Rethinking Negligence Claims in Cyberattack Class Actions: Teachings of the Third Torts Restatement Regarding Actionable Injury.” The article was published in August 2025 in Volume 26 of the Sedona Conference Journal. The Sedona Conference is a nonprofit, nonpartisan think tank that convenes leading experts from the bench, bar, academia, and industry to discuss complex and emerging legal issues, including a Working Group on Data Security and Privacy Liability.

In the article, Professor Meal argues that US courts have to date failed to provide a coherent answer as to whether cyberattack class action members have suffered an “actionable injury.” Courts “have employed differing analytical frameworks, and arrived at disparate conclusions, regarding what sorts of cyberattack-caused injuries are actionable in negligence.” Drawing on the principles in the Third Restatement of Torts, he argues that “the injuries typically alleged in a cyberattack class action . . . [are] non-actionable in common-law negligence.” Accordingly, Professor Meal concludes that insofar as courts follow the Third Restatement of Torts, “in particular the series’ principles regarding actionable injury in common-law negligence, claims based on common-law negligence should, and will, cease to be viable in cyberattack class actions.”

As part of the CSU|LAW Center for Cybersecurity and Privacy Protection, three CSU law students — Kyndal N. Hutchison, Taneisha M. Fair, and Amanda Borngen — provided research assistance to Professor Meal for the article. Professor Meal teaches a course in Cybersecurity Litigation at CSU|LAW.