Thomson Reuters Hit With Privacy Class Action in Michigan Over Display of Social Security Data on Research Platforms

The filing against Thomson Reuters arrives at a time when data‑privacy regulations are tightening across the United States. Michigan’s Personal Information Protection Act (PIPA) requires companies to safeguard any personal identifier that could be used for fraud, including partial Social Security numbers. By allegedly displaying five sequential digits on its CLEAR and Westlaw PeopleMap platforms, Thomson Reuters may have breached PIPA’s prohibition on public disclosure, exposing the firm to statutory damages, attorney fees, and injunctive relief. Legal‑tech providers, which aggregate vast amounts of client and public data, must now reassess how they redact and present identifiers to avoid similar exposure.

For the legal‑tech industry, the case serves as a cautionary tale about the balance between data accessibility and privacy compliance. Platforms like Westlaw PeopleMap are prized for their comprehensive profiles, yet the convenience of searchable identifiers can become a liability if not properly masked. Should the court grant class‑action certification, the resulting settlement could run into the millions, prompting firms to invest in more robust data‑masking algorithms, regular privacy audits, and staff training on state‑specific statutes. Moreover, the litigation may inspire other states to pursue similar actions, amplifying the risk for providers operating nationwide.

Beyond the immediate legal ramifications, the lawsuit may accelerate a shift toward privacy‑by‑design principles in the broader information‑services market. Companies are likely to adopt stricter controls, such as limiting SSN fragments to two digits or employing tokenization, to mitigate exposure. Investors and clients are increasingly demanding transparent privacy governance, making compliance a competitive differentiator. As regulators continue to scrutinize data‑handling practices, firms that proactively enhance their privacy frameworks will not only reduce litigation risk but also strengthen trust with users and partners.