As previously noted in this blog, the Neiman Marcus payment card data theft class action reflects a lenient approach to the issue of standing in data breach cases. In that case, the Seventh Circuit rejected arguments that...more
In the latest decision concerning standing in data breach cases, the Fourth Circuit has vacated a district court’s dismissal and reinstated putative class action data breach litigation against the National Board of Examiners...more
A circuit split on whether actual misuse of personal data is required to have standing to assert data breach claims remains unresolved. Last week the Supreme Court rejected a petition to review that issue in CareFirst v....more
3/1/2018
/ Article III ,
Cybersecurity ,
Data Breach ,
Hackers ,
Identity Theft ,
Injury-in-Fact ,
Jurisdiction ,
Personal Data ,
Personally Identifiable Information ,
Spokeo v Robins ,
Standing
Despite some courts’ evident confusion about the impact of payment card theft on consumer cardholders, other courts are getting it right. Just this week, a judge in the Northern District of Illinois issued an order dismissing...more
6/16/2017
/ Actual Injuries ,
Amended Complaints ,
Banks ,
Barnes and Noble ,
Credit Cards ,
Credit Monitoring ,
Data Breach ,
Debit Cards ,
Dismissals ,
Fraudulent Charges ,
Standing ,
Theft
When data thieves steal payment card data, consumers suffer no legally cognizable injuries. Card issuers absorb the fraudulent charges and replace the affected cards. Because fraudulent charges are not billed to consumers,...more
4/24/2017
/ Actual Injuries ,
Corporate Counsel ,
Corporate Liability ,
Data Breach ,
Debit and Credit Card Transactions ,
Fraudulent Charges ,
Hotels ,
Identity Protection Services ,
Personally Identifiable Information ,
Popular ,
Standing
When hackers steal consumer data, injury to consumers is not a foregone conclusion. This is particularly so where credit and debit card numbers are stolen. Banks, not consumers, bear the cost of fraudulent charges. ...more
In the wake of the Supreme Court’s decision in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), lower courts have begun to address whether alleged violations of statutes intended to protect privacy suffice, in the absence of...more
10/3/2016
/ Article III ,
CIPA ,
Corporate Counsel ,
Electronic Communications ,
Email ,
Google ,
Invasion of Privacy ,
Screening Procedures ,
Spokeo ,
Spokeo v Robins ,
Standing ,
Wiretap Act
In its recent decision in Galaria v. Nationwide Mut. Ins. Co., no. 15-3386 (6th Cir. Sept. 12, 2016). Co., No. 15-3386 (6th Cir. Sept. 12, 2016), a divided Sixth Circuit panel held that plaintiffs had standing to assert...more
9/16/2016
/ Appeals ,
Article III ,
Clapper v. Amnesty International ,
Corporate Counsel ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
Hackers ,
Personal Data ,
Personally Identifiable Information ,
Spokeo v Robins ,
Standing
In an important victory for employers, the Supreme Court in Spokeo, Inc. v. Robins held that a plaintiff does not have Article III standing to sue in federal court under the Fair Credit Reporting Act (FCRA) and other federal...more
6/3/2016
/ Article III ,
Background Checks ,
Class Action ,
Fair Credit Reporting Act (FCRA) ,
Hiring & Firing ,
Injury-in-Fact ,
Job Applicants ,
SCOTUS ,
Spokeo ,
Spokeo v Robins ,
Standing ,
Statutory Damages
Court holds that plaintiff must allege a concrete injury to have standing to sue for a statutory violation; remands for further proceedings -
In its just-issued decision in Spokeo, Inc. v. Robins, No. 13-1339, slip op....more
Last week, a federal court in Atlanta issued an order preliminarily approving a proposed settlement – valued up to $19.5 million – of the consumer claims arising from the 2014 theft of payment card data from Home Depot. The...more
A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach. The court concluded that the plaintiff...more
In a decision almost a year in the making, the Third Circuit’s recent opinion in In re Google Inc. Cookie Placement Privacy Litig. (3d Cir. Nov. 10, 2015), (“Google”), reversed a trial court order dismissing a lawsuit...more
Neiman Marcus Petition Claims that Seventh Circuit Decision Invents Harm to Find Standing to Bring Data Breach Claims -
Retailer Neiman Marcus has filed a petition seeking en banc review by the entire Seventh Circuit of...more
Seventh Circuit Rules Consumers Have Standing to Sue in Neiman Marcus Payment Card Data Breach Case -
In Remijas v. Neiman Marcus Group, LLC, the Seventh Circuit reversed a district court decision dismissing consumer...more
7/22/2015
/ Appeals ,
Article III ,
Clapper v. Amnesty International ,
Class Action ,
Data Breach ,
Debit and Credit Card Transactions ,
Imminent Harm ,
Neiman Marcus ,
Retailers ,
Spokeo v Robins ,
Standing
In its recently-filed motion to dismiss claims of card-issuing banks arising from the September 2014 theft of payment card data from Home Depot point of sale terminals, Home Depot employs an approach typically used to respond...more
Home Depot has staked its defense of consumer claims arising from the 2014 theft of payment card data from the home improvement retailer on the asserted absence of injuries sufficient to confer standing to sue. Because...more
6/4/2015
/ Article III ,
Class Action ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Home Depot ,
Jurisdiction ,
Popular ,
Standing ,
Target
A recent ruling by Federal District Judge Paul Magnuson will permit most of the consumer claims in the Target data breach litigation to survive Target’s motion to dismiss. This most recent ruling follows on the heels of the...more
In the latest chapter in the Sony PlayStation Network (“PSN”) data breach saga, a decision that issued on January 21, 2014 permanently dismissed all but a handful of the class action claims advanced in a 51 count complaint. ...more