Indiana Law Journal

Document Type


Publication Date


Publication Citation

91 Indiana Law Journal 143 (2015)


The breach of payment card systems at the Home Depot in 2014 resulted in the theft of a wealth of information. This Note will examine the facts and legal consequences of the Home Depot breach under three separate frameworks. First, this Note will examine the Home Depot’s responsibilities arising under existing data breach notification statutes. Second, this Note examines the Home Depot’s potential liability if the recent bill introduced by Senator Leahy of Vermont proposing a federal data breach notification framework becomes law; ultimately, however, this Note finds that state notification statutes fail to adequately protect consumers, and Senator Leahy’s bill, while better suited than existing state notification statutes, is unlikely to be effective. Lastly, this Note examines the Home Depot’s potential liability if the Federal Trade Commission (FTC) were to adopt a penalty structure similar to those in the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) and concludes that a data protection model that imposes similar kinds of penalties for companies that suffer breaches of sensitive consumer data would better serve the public interest.


Note: This Early Winter issue replaces the normal Fall issue of the Indiana Law Journal.