Everyone has been talking about the California Consumer Privacy Act (CCPA) lately, namely because the 2018 law became enforceable as of July 1, 2020. This law provides California consumers with a number of privacy-related...more
With the Illinois Supreme Court’s recent decision in Rosenbach v. Six Flags Entertainment Corp., the floodgates have opened for class actions in Illinois against businesses that collect biometric information from employees or...more
In the summer of 2017, a supermarket chain owned by Kroger was hit with a putative class-action lawsuit for allegedly violating a law protecting individuals’ biometric data and information. Originally published in Industry...more
Two significant decisions on the issue of standing to sue were handed down by the Illinois courts on January 25, 2019. Both of them offer significant assistance to the plaintiff’s class action bar by easing the requirements...more
The extent to which individuals may seek relief due to the unauthorized use of their personal information is an important issue in the privacy community. The Supreme Court of Illinois recently added its voice to this debate...more
Attention all who collect fingerprints and other biometric information of Illinois residents: a private right of action is now available for a mere technical violation of the Illinois Biometric Information Privacy Act...more
On January 25, 2019, the Illinois Supreme Court issued its long awaited opinion in Rosenbach v. Six Flags Entertainment Corp, ruling that the Illinois Biometric Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) does not require an...more
On January 25, 2019, the Illinois State Supreme Court ruled that the state’s Biometric Information Privacy Act (BIPA) only requires individuals to show violation of the law to bring suit. Businesses with a presence in...more
In a much-anticipated ruling, the Illinois Supreme Court recently held that allegations of actual injury are not required to seek damages under Illinois’ Biometric Information Privacy Act (BIPA or the Act). The case is...more
On Friday, January 25, 2019, the Illinois Supreme Court sharpened the teeth of the Biometric Information Privacy Act (the “Act”). The Court ruled in favor of protecting the privacy of an individual’s biometric identifiers,...more
The Illinois Supreme Court issued its long-awaited ruling in Rosenbach and reversed the appellate court’s decision that technical violations of the Illinois Biometric Information Privacy Act (“BIPA” or “Act”) without “some...more
On January 25, 2019, the Illinois Supreme Court released a unanimous decision holding that individuals do not need to plead or prove actual damages or harm to maintain a private right of action under the Illinois Biometric...more
In a highly anticipated ruling, the Illinois Supreme Court on January 25, 2019, held that plaintiffs who violated the Illinois Biometric Information Privacy Act — which regulates the collection of biometric information such...more
There are three states with biometric privacy laws. Texas, which passed its law in 2009, and Washington, which passed its law in 2017, followed Illinois’ passage of its 2008 law, the Biometric Information Privacy Act (BIPA)...more
Many businesses collect and store biometric information for a myriad of reasons, including, for example, verifying the accuracy of time cards for employees of manufacturers and restaurants to ensure accurate payment of wages,...more
On January 25, 2019, in Rosenbach v. Six Flags Entm’t Corp., the Illinois Supreme Court held that an individual is an “aggrieved” party under the Illinois Biometric Information Privacy Act (“BIPA”) and may seek damages absent...more
On Friday, January 25, 2019, the Illinois Supreme Court issued its highly anticipated decision in Rosenbach v. Six Flags Entertainment Corp, et al., 2019 IL 123186 (Ill. Jan. 25, 2019). The Court concluded that a private...more
• On January 25, 2019, the Illinois Supreme Court issued a decision interpreting the Biometric Information Privacy Act (BIPA) in the Rosenbach v. Six Flags Entertainment Corp. appeal. The court ruled that a plaintiff does not...more
In this edition of our Privacy and Cybersecurity Update, we take a look at the Trump administration's executive order outlining its cybersecurity plans, Acting FTC Chairwoman Maureen Ohlhausen's comments on the possible...more
When data thieves steal payment card data, consumers suffer no legally cognizable injuries. Card issuers absorb the fraudulent charges and replace the affected cards. Because fraudulent charges are not billed to consumers,...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
The U.S. Court of Appeals for the Fourth Circuit has made it more difficult to establish Article III standing in data breach cases both at the pleading stage and at summary judgment by requiring plaintiffs to allege and show...more
In this edition of our Privacy & Cybersecurity Update, we discuss the revised Privacy Shield and what companies should be doing to prepare for the new program, the FTC's reinstatement of its LabMD case, the European...more
On November 18, 2015, the U.S. Court of Appeals for the 7th Circuit held that consumers who authorized defendants to share their personally-identifiable information (PII) with third parties were not injured when defendants...more
Dismissing a class action based on a data breach, the Southern District of Texas added to the growing number of decisions that find an alleged risk of future identity theft due to a data breach is not an injury that creates...more