• by Wendy Davis  @wendyndavis, April 18, 2014

A federal judge has refused to dismiss a lawsuit accusing LinkedIn of failing to use encryption techniques to secure users' personally identifiable information.

The ruling, quietly issued late last month by U.S. District Court Judge Edward Davila in San Jose, Calif., means that Virginia resident Khalilah Wright can proceed with her potential class-action against the social networking service.

Wright's lawsuit stems from an incident in 2012, when hackers obtained access to the company's servers and then posted 6.4 million users' passwords online. Wright, who purchased a premium LinkedIn membership, alleges that she wouldn't have paid for the service if she had known the company used “obsolete” security measures.

Wright alleged that the company violated a California consumer protection law, on the grounds that its privacy policy gave users the impression that its security techniques would be more effective.

LinkedIn argued that the case should be dismissed on the grounds that Wright didn't experience a tangible injury as a result of the data breach.

But Davila ruled that Wright's allegations were sufficient to allow her to proceed. “She alleges that she purchased her premium subscription on the basis of LinkedIn’s statement that its users’ data will be secured with industry standards and technology, she alleges that the statement was false when she read and relied on it, and she alleges that she would not have made the purchase (or that she would have negotiated for a lower price) but for the misrepresentation,” Davila wrote. “Her injury ... is fairly traceable to LinkedIn’s conduct because LinkedIn made the misrepresentation.”

Even though the ruling paves the way for Wright to litigate the matter, she and LinkedIn appear to be taking steps to resolve the matter. This week, Davila signed an order sending the case to mediation, and gave Wright and LinkedIn up to 90 days to reach a settlement.