No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
#Risk New York Speaker Series – Bridging the Gap: Effective Risk Communication in Compliance with Rob Clark, Jr.
Privacy for Risk Management: Bridge the Business, Technology and Compliance Gaps
Innovation in Compliance: Real-Time Fraud Prevention Strategies for Financial Loss Prevention with Vince Walden
Rethinking Records Retention
#Risk New York Speaker Series: The Future of AI Governance in GRC with Matt Kelly
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance and AI: Using AI for Data Loss Prevention Systems with Vinay Goel
Safeguarding Your Business Data
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
When a court begins its order denying class certification by lamenting the “failure to properly vet named plaintiffs” and “seeming unwillingness to promptly address issues that arise during litigation with named plaintiffs”...more
In a significant decision for privacy class action litigation, a federal judge in California recently denied the certification of a proposed class action involving claims under the state’s invasion of privacy law. The May 29...more
On January 31, 2025, in Campos v. TJX Companies, Inc., No. 24-cv-11067, the District of Massachusetts granted a motion to dismiss a class action due to the plaintiff’s lack of standing. The court concluded that the named...more
Courts across the country are becoming skeptical of data breach and web tracking claims that assert theoretical privacy violations without alleging any actual injury to the plaintiffs. Recent decisions underscore that courts...more
In data breach litigation, courts generally find plaintiffs have standing such that their complaints may proceed past the pleading stage when it is alleged that sensitive information was impacted and there is an allegation of...more
On February 10, 2025, the first class action complaint was filed pursuant to Washington’s MY Health MY Data Act (“MHMDA”), Wash. Rev. Code Ann. § 19.373.005 et seq. See Maxwell v. Amazon.com, Inc. et al., Case No. 2:25-cv-261...more
The deluge of lawsuits and demand letters under the California Invasion of Privacy Act (CIPA) has prompted courts to scrutinize CIPA claims more rigorously, including the threshold question of whether CIPA plaintiffs have...more
On Jan. 24, the Illinois Supreme Court, in Petta v. Christie Business Holdings Company, PC, affirmed the dismissal of a putative class action following an alleged data breach because the named plaintiff failed to allege any...more
On January 24, 2025, the Illinois Supreme Court ruled in Petta v. Christie Business Holding Co., P.C., 2025 IL 130337, that a patient who alleged an increased risk of harm arising from a data breach at a medical clinic did...more
Class actions arising from data breach represented the fastest growing segment of class action filings. In 2023, more than 2000 class actions were filed, more than triple the amount filed in 2022. These cases were filed in...more
Data breaches have become a serious issue for businesses, leading to numerous putative class action lawsuits alleging that the defendants failed to prevent the unauthorized disclosure of personally identifiable information or...more
The following is a review of notable cases and regulatory developments for nonprofit organizations at the federal and state levels during the last two years....more
The Western District of Pennsylvania recently granted Spirit Airlines, Inc. (“Spirit Airlines”)’s Rule 12(b)(1) motion to dismiss a class action brought by a putative class of plaintiffs who visited Spirit Airlines’ website...more
The modern “Information Age” has been defined by rapidly increasing interconnectivity and dependence on the internet by consumers and businesses alike. One side effect of these technological advances has been the increasing...more
On February 21, the U.S. Court of Appeals for the Fourth Circuit held that a proposed class action over website login procedures belongs in state court. Plaintiff alleged that after a nonparty credit reporting agency...more
Biometric data continues to take up a massive amount of space in the digital universe. Fingerprints, facial scans, and voice recognition are staples of modern devices and are regularly integrated into business models....more
On October 18, 2022, in Webb v. Injured Workers Pharmacy, LLC, the District of Massachusetts dismissed a class action complaint brought by former pharmacy patients alleging that their sensitive personal information had been...more
On October 5, 2022, in Laufer v. Acheson Hotels LLC, the U.S Court of Appeals for the First Circuit reversed a lower court’s dismissal of a suit against Acheson Hotels, LLC, which operates an inn on Maine’s southern coast....more
Second Circuit Denies Settlement of Data Breach Case Due to Lack of Standing - As we previously reported, in April 2021, the Second Circuit became the latest federal circuit to hold that an individual may establish Article...more
With all the focus on data privacy, it is no surprise that courts are weighing in on this topic so that consumers can have more guidance about their legal options and organizations can tailor their breach response plans. On...more
A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no...more
Takeaway: In Tsao v. Captiva MVP Restaurant Partners, LLC, 986 F.3d 1332, 1339 (11th Cir. 2021), the Eleventh Circuit held that evidence of a “mere data breach” is not sufficient to establish standing where the hackers...more
The question of standing has proven to be a tricky one in data breach litigation. Last week a federal district court in Maryland rejected a proposed class action brought by Marriott guests related to a data breach suffered by...more
On February 4, 2021, the Eleventh Circuit Court of Appeals issued a critical opinion addressing Article III standing in private data breach actions, which has been the subject of a closely watched circuit split. The case,...more
Takeaway: As Judge Diane Wood of the Seventh Circuit recently observed in a putative class action alleging violations of Illinois’s Biometric Information Privacy Act (BIPA), “allegations matter” and “a plaintiff is the...more