One of the main risks that a company faces after a data breach is a potential lawsuit. Plaintiffs often will allege creative statutory and common law theories of harm after they learn that their personal information has been...more
In the complex and rapidly evolving landscape of data breach litigation, the First Circuit’s recent case of Webb v. Injured Workers Pharmacy, LLC stands as a significant milestone, and it offers a wealth of insights for...more
The United States Court of Appeals for the Third Circuit recently held that a plaintiff had standing to sue her former employer for a data breach that exposed her personal information to the “Dark Web” because she...more
The Office of the Privacy Commissioner for Bermuda has issued a helpful guide on the various types of harm that could be caused by a data breach...more
In McMorris v. Carlos Lopez & Associates, LLC, a data breach case, the Second Circuit held that plaintiffs may demonstrate standing based on a theory of “increased risk” of future identity theft or fraud following an...more
The 11th Circuit recently weighed in on the hottest issue is data breach litigation, whether a demonstration of actual harm is required to have standing to sue. Joining several other circuit courts, the 11th Circuit in Tsao...more
Report on Patient Privacy 20, no. 2 (February 2020) - A ruling from Georgia’s highest state court could set a precedent that determines recourse for victims of cyberattacks. The Georgia Supreme Court ruled in late December...more
On June 21, 2019, the D.C. Circuit split with several other circuits in holding that alleging a heightened risk of identity theft following a data breach is enough to establish standing at the pleadings stage....more
The D.C. Circuit Court of Appeals recently reaffirmed its position that a plaintiff can establish Article III standing (federal court subject matter jurisdiction) based solely on the risk of potential future harm following a...more
Pursuing negligence claims in the Eighth Circuit following a data breach just got harder. On May 31, 2019, the U.S. Court of Appeals for the Eighth Circuit again dismissed the data breach claims in In re SuperValu, Inc....more
Following the Supreme Court’s ruling in Spokeo v. Robins, which held that federal plaintiffs alleging a statutory violation must have suffered a real, concrete injury in order to have Article III standing, many defendants...more
We previously reported on the developing circuit split over Article III standing in data breach class action cases. In August, the D.C. Circuit Court joined the Sixth, Seventh, and Ninth Circuits in finding that the...more
In this edition of our Privacy and Cybersecurity Update, we take a look at the Trump administration's executive order outlining its cybersecurity plans, Acting FTC Chairwoman Maureen Ohlhausen's comments on the possible...more
The U.S. Court of Appeals for the Fourth Circuit has made it more difficult to establish Article III standing in data breach cases both at the pleading stage and at summary judgment by requiring plaintiffs to allege and show...more
In this edition of our Privacy & Cybersecurity Update, we examine changes to EU privacy and data protection laws, new state laws addressing data breach notifications, Congress' review of cyber insurance, and recent court...more
The arts and crafts retail chain Michael Stores Inc. (“Michaels”) received a late holiday gift in the form of a dismissal of a data breach class action lawsuit. On December 28, 2015, the U.S. District Court for the Eastern...more
In the wake of numerous data breach cases dismissed for lack of Article III standing based on the Supreme Court’s decision in Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138, 1147 (2013), the Seventh Circuit Court of Appeals...more