This is the digital age. As “the ratings machine, DJT [Donald J. Trump],” says, “all I know is what’s on the internet,” or “the cyber,” as he calls it. People’s use of and dependency on the Internet has made data breaches a serious and widespread threat to people’s privacy and security. In 2016, there were 1,093 data breaches, up from 780 in 2015. 75.6% of companies suffered at least one successful attack. Essentially “there are only two types of companies left in the United States, according to data security experts: ‘those that have been hacked and those that don’t know they’ve been hacked.’”

Major companies such as LinkedIn, Target, Ebay, Yahoo, Anthem, and Ashley Madison have been subject to data breaches, and subsequently to lawsuits. Not only can data breaches threaten people’s financial security, but breaches like Ashley Madison’s—a dating site whose slogan up until July 2016 was “Life is Short. Have an Affair”—can threaten people’s home lives and shatter careers. The government is not immune to dangerous cyber attacks either. Both the U.S. Office of Personnel Management and the Democratic National Committee (“DNC”) have suffered breaches. Presidential candidate Hillary Clinton’s e-mails were leaked as part of the DNC breach, which became a source of controversy throughout her campaign. Further, the U.S. intelligence community has concluded that the hack was tied to and possibly directed by the Russian government, which sets a troubling precedent for future hacks by hostile foreign governments.

Plaintiffs whose information has been exposed due to a company data breach have attempted to sue the hacked companies storing their information based on causes of action such as negligence, breach of contract, unjust enrichment, breach of fiduciary duty, unfair and deceptive business practices, invasion of privacy, violation of the federal Fair Credit Reporting Act (“FCRA”), and violations of various state consumer protection and data breach notification laws.

This Article provides that correction. First, it develops an original typology of legislative injury, detailing all the varieties of “injury” that might afflict legislators, legislatures, and other legislative litigants, and illustrating each with examples from past legislative standing cases. Second, it articulates a method for determining which legislative injuries may be asserted by individual legislators, and which require the participation of a full chamber, or both chambers acting bicamerally. Finally, it illustrates this model by applying it to the Court’s recent forays into legislative standing and the pending ACA litigation.