Over the years, there have been very few class certification rulings in actions arising from data breach incidents. Of those that have been published, most have favored the defense....more
In this month's edition, we examine cybersecurity-related state Supreme Court rulings in Pennsylvania, Vermont and Illinois; the Department of Health and Human Services' cybersecurity guidelines for the health care industry;...more
• On January 25, 2019, the Illinois Supreme Court issued a decision interpreting the Biometric Information Privacy Act (BIPA) in the Rosenbach v. Six Flags Entertainment Corp. appeal. The court ruled that a plaintiff does not...more
It is the case that could define the scope of the U.S. Federal Trade Commission’s authority in data security. The U.S. Court of Appeals for the Eleventh Circuit heard argument six months ago in LabMD, Inc. v. Federal Trade...more
Recently, the United States Court of Appeals for the Eleventh Circuit, sitting in Miami, heard oral argument in the case of LabMD, Inc. v. Federal Trade Commission, No. 16-16270. ...more
Despite some courts’ evident confusion about the impact of payment card theft on consumer cardholders, other courts are getting it right. Just this week, a judge in the Northern District of Illinois issued an order dismissing...more
In this edition of our Privacy and Cybersecurity Update, we take a look at the Trump administration's executive order outlining its cybersecurity plans, Acting FTC Chairwoman Maureen Ohlhausen's comments on the possible...more
This same time last year, many in the business community were eagerly anticipating the U.S. Supreme Court’s ruling in Spokeo, Inc. v. Robins, which was to decide the standard that should be applied to determine whether...more
In January of this year, the Federal Trade Commission (FTC) brought suit against Taiwan-based D-Link Corp. and its U.S. subsidiary, D-Link Systems Inc, in Los Angeles Federal Court, for failing to properly secure its consumer...more
In an April 13, 2017 decision in Walters v. Kimpton Hotel, a California federal judge rejected the bid of hotel chain Kimpton Hotel and Restaurant Group, LLC to dismiss a proposed class action arising from a data breach last...more
When data thieves steal payment card data, consumers suffer no legally cognizable injuries. Card issuers absorb the fraudulent charges and replace the affected cards. Because fraudulent charges are not billed to consumers,...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
The U.S. Court of Appeals for the Fourth Circuit has made it more difficult to establish Article III standing in data breach cases both at the pleading stage and at summary judgment by requiring plaintiffs to allege and show...more
On November 10th, the Eleventh Circuit Court of Appeals handed an embarrassing defeat to the Federal Trade Commission and an early Christmas present to LabMD, Inc. in the ongoing David and Goliath battle between the...more
In this edition of our Privacy & Cybersecurity Update, we take a look at the FCC's new rules for broadband privacy, the FTC's new playbook for data breach response and notification, the NHTSA's voluntary guidance for...more
The lengthy saga between the Federal Trade Commission (FTC) and LabMD, Inc. reached another turning point on July 28, 2016. The FTC issued its unanimous Opinion in which it found that LabMD’s data security practices were...more
In this edition of our Privacy & Cybersecurity Update, we discuss the revised Privacy Shield and what companies should be doing to prepare for the new program, the FTC's reinstatement of its LabMD case, the European...more
Last week, three commissioners from the Federal Trade Commission (FTC) held in In the Matter of LabMD, Inc. that a company’s failure to implement reasonable security measures to protect sensitive consumer information on its...more
The Federal Trade Commission unanimously (3-0) ruled on July 29, 2016 that LabMD’s data security practices were “unfair” under Section 5 of the FTC Act, reversing a decision of its Administrative Law Judge (ALJ). As we...more
On July 12, 2016, the United States District Court for the Eastern District of Missouri granted Scottrade’s motion to dismiss a putative class action complaint that was predicated on the alleged theft of personal information...more
One of the great scourges for retail companies in the digital age has been the ever-present threat of massive data breaches by hackers attempting to steal millions of consumers ’debit and credit card information. In...more
Last week, a federal court in Atlanta issued an order preliminarily approving a proposed settlement – valued up to $19.5 million – of the consumer claims arising from the 2014 theft of payment card data from Home Depot. The...more
Last month, the Federal Trade Commission’s Chief Administrative Law Judge dismissed the Commission’s long-running data security case against LabMD because it failed to prove that there was an actual or reasonably imminent...more
Last Friday, Chief Administrative Law Judge D. Michael Chappell ruled that the FTC had failed to prove its case against LabMD and dismissed the FTC's Complaint. LabMD is one of only two companies (the other being Wyndham) to...more
Dismissing a class action based on a data breach, the Southern District of Texas added to the growing number of decisions that find an alleged risk of future identity theft due to a data breach is not an injury that creates...more