Since its adoption in 2008, the Illinois Biometric Information Privacy Act, (“BIPA”), 740 ILCS 14/1, et seq., has imposed severe penalties—$1,000 per negligent violation and $5,000 per intentional or reckless violation—for...more
In the latest decision concerning standing in data breach cases, the Fourth Circuit has vacated a district court’s dismissal and reinstated putative class action data breach litigation against the National Board of Examiners...more
A circuit split on whether actual misuse of personal data is required to have standing to assert data breach claims remains unresolved. Last week the Supreme Court rejected a petition to review that issue in CareFirst v....more
3/1/2018
/ Article III ,
Cybersecurity ,
Data Breach ,
Hackers ,
Identity Theft ,
Injury-in-Fact ,
Jurisdiction ,
Personal Data ,
Personally Identifiable Information ,
Spokeo v Robins ,
Standing
This week’s disclosure that a 2013 data breach may have affected all 3 billion Yahoo accounts then in existence could alter the scope of the consolidated data breach cases currently pending against Yahoo in the federal court...more
When data thieves steal payment card data, consumers suffer no legally cognizable injuries. Card issuers absorb the fraudulent charges and replace the affected cards. Because fraudulent charges are not billed to consumers,...more
4/24/2017
/ Actual Injuries ,
Corporate Counsel ,
Corporate Liability ,
Data Breach ,
Debit and Credit Card Transactions ,
Fraudulent Charges ,
Hotels ,
Identity Protection Services ,
Personally Identifiable Information ,
Popular ,
Standing
Dismissal Of Home Depot Derivative Action Extends Shareholder Losing Streak
An attempt to impose liability on corporate officers and directors for data breach-related losses has once again failed. On November 30,...more
In its recent decision in Galaria v. Nationwide Mut. Ins. Co., no. 15-3386 (6th Cir. Sept. 12, 2016). Co., No. 15-3386 (6th Cir. Sept. 12, 2016), a divided Sixth Circuit panel held that plaintiffs had standing to assert...more
9/16/2016
/ Appeals ,
Article III ,
Clapper v. Amnesty International ,
Corporate Counsel ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
Hackers ,
Personal Data ,
Personally Identifiable Information ,
Spokeo v Robins ,
Standing
Everyone loves a good courtroom drama. So just imagine this pitch: henchmen of an evil dictator hack their way into a movie studio computer system. Once inside, they steal the most sensitive personal information of the...more
This Is The End? -
Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach...more
9/8/2015
/ Class Action ,
Class Certification ,
Credit Monitoring ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Privacy Rights ,
Free Identity Theft Protection ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Settlement ,
Sony ,
Stipulations
Card-issuing banks are forging ahead with their lawsuit against Target arising from the 2013 holiday shopping season data breach. Their July 1 motion for class certification has just been unsealed, allowing a glimpse at...more
8/26/2015
/ Class Action ,
Class Certification ,
Credit Cards ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
MasterCard ,
Personally Identifiable Information ,
Settlement Agreements ,
Target ,
Visa Inc
By now (unless you have been under a snow drift), you have likely heard about the apparent intrusion into a database at the nation’s largest health insurer, Anthem, Inc. Rather than reiterate the facts as currently known...more
2/11/2015
/ Anthem Blue Cross ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Health Insurance ,
Insurance Industry ,
Personally Identifiable Information ,
Popular ,
Risk Mitigation
A recent ruling by Federal District Judge Paul Magnuson will permit most of the consumer claims in the Target data breach litigation to survive Target’s motion to dismiss. This most recent ruling follows on the heels of the...more
In the latest chapter in the Sony PlayStation Network (“PSN”) data breach saga, a decision that issued on January 21, 2014 permanently dismissed all but a handful of the class action claims advanced in a 51 count complaint. ...more
We’ve sounded warnings about the lowly copy machine before. The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops. Seemingly old fashioned equipment,...more