Privacy has so far meant big business to law firms, with the Internet of Things (IoT) representing yet another potential driver for lawsuits, regulatory skirmishes and unfortunately, breach response work. But this may not extend to home security cameras.

While data leaks and other problems related to "smart home" security cameras have already made more than a few headlines, the struggles that would-be clients face in successfully proving damages in court might prohibit law firms or attorneys from seeing a significant boost in related work.

Earlier this month, Amazon's Ring security system was hit with a class action complaint by a Mississippi couple whose device was breached by a hacker and used to call their 8-year-old daughter racial slurs. Also attached to the suit was a Texas couple whose Ring-related hack allegedly involved the threat of "termination" unless they paid a 50 bitcoin ransom.

How successful those suits will be remains to be seen, but privacy-related actions against smart cameras in general could be a potentially dead-end road for plaintiffs that discourages future would-be law firm clients from initiating similar proceedings.

Per Christopher Ballod, a partner with Lewis Brisbois, the problem with suits directed at smart cameras or other IoT devices isn't the breach or causation piece of the puzzle, but rather successfully proving actual damages.

"What are the actual damages in an invasion of privacy case where somebody gets a hold of your Ring device and might say some terrible things so you take the battery out? What are your damages? That's hard to figure out what they are," Ballod said.

Elizabeth Harding, a shareholder at Polsinelli, echoed Ballod's sentiments regarding the difficulty of proving damages. However, even if civil or class actions are a long shot, commercial businesses still have to contend with the existence of smart cameras and other IoT technologies as they look to keep their enterprises up to date.

Harding gave the example of a smart apartment complex interested in leveraging IoT cameras on the premises. Much like in the case of the California Consumer Privacy Act, General Data Protection Regulation or other privacy laws, attorneys may be called upon to help plan for the worst.

"If there's a vulnerability in the security cameras, who is responsible for that? Is it [the apartment complex]? Is it the vendor? And how do they pass that liability down to the vendor?," Harding asked.

Also of some concern to organizations looking to deploy smart cameras or other IoT devices is the type of data being collected—or more specifically the inferences, that can be drawn from that data. In December, CyberScoop wrote about a Ring vulnerability that transmitted wi-fi usernames and passwords using an unencrypted HTTP format.

What that wide range of potential privacy implications necessitates for apartment complexes or other businesses looking to implement smart cameras is a sharper focus on transparency, and possibly some qualified legal help with the fine print.

"If I have a client like that, I'm going to be looking at their contract. I'm also going to be talking to them about, 'OK, what do you say in your privacy notices? How do you make sure that homeowners or tenants are aware of the type of information that's being collected?'" Harding said.