Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Category Archives: Privacy Litigation

Subscribe to Privacy Litigation RSS Feed

Home Depot Data Breach Litigation: Venue and Consolidation

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin McGinty Substantive litigation in the flood of lawsuits concerning the recent Home Depot data breach awaits a determination of where the cases will be heard.  Numerous overlapping lawsuits have been filed in courts throughout the United States asserting claims on behalf of consumers and financial institutions arising from the massive theft of… Continue Reading

Law360 Expert Analysis – D&O Liability

Posted in Cybersecurity, Privacy Litigation

Law360 has published expert analysis of the Palkon v. Holmes case and what it means for director liability in data breach-related cases, written by Mintz Levin’s David Barres (registration required).   D&O Liability For Data Breaches After Palkon V. Holmes A federal district court in New Jersey recently dismissed with prejudice a shareholder derivative suit, Palkon v…. Continue Reading

Court Dismisses Shareholder Derivative Action Targeting Directors and Officers for Data Breaches

Posted in Cybersecurity, Data Breach, Privacy Litigation

Written by David Barres A federal district court in New Jersey has dismissed with prejudice a shareholder derivative suit, Palkon v. Holmes, No. 14-CV-01234 (SRC) (D.N.J.), that tried to blame the directors and officers at hospitality company Wyndham Worldwide Corporation (“Wyndham”) for a series of data breaches. The court’s decision is notable because it illustrates some… Continue Reading

Cyber Liability Insurance: Where’s the Beef?

Posted in Cybersecurity, Insurance, Privacy Litigation

Written by Heidi Lawson, CPCU and Danny Harary  “Cyber liability insurance” is often used to describe a range of insurance policies, in the same way that the word cyber is used to describe a broad range of information security related tools, processes and services. Everyone is talking about the need for “stand alone” cyber liability… Continue Reading

Ninth Circuit Rules Marketing Consultant Can Be Held Vicariously Liable for Text Messages under TCPA

Posted in Class Action Litigation, Privacy Litigation

Written by Ernie Cooper  In a ruling issued late last week, the Ninth Circuit held that a marketing consultant that hired a firm to send text messages for a third party could also be held vicariously liable for violations of the Telephone Consumer Protection Act (TCPA).  The marketing consultant acknowledged that Federal Communications Commission orders… Continue Reading

Update on Google Unauthorized Children’s In-App Purchase Class Action: THE SHOW MUST GO ON!

Posted in Children, Class Action Litigation, Privacy Litigation

Written by Julia Siripurapu, CIPP U.S. District Court Judge Ronald M. Whyte has issued an order  granting in part and denying in part Google’s Motion to Dismiss the class action filed against the Company on ­March 7 in the U.S. District Court for the Northern District of California as a result of unauthorized children’s in-app purchases… Continue Reading

Backlash Over Facebook Timeline Experiment Serves as a Reminder: User Expectations Still Trump Fine Print

Posted in Federal Trade Commission, Privacy Litigation, Privacy Regulation

Written by Jake Romero, CIPP If you are one of the approximately 1.3 billion people who use Facebook, you’ve likely experienced the phenomenon where a single event (like Luiz Suarez biting that Italian guy or pretty much anything involving TSA) manages to raise the ire of a large number of your Facebook friends, causing them… Continue Reading

Hulu Scores a Victory (at least temporarily) in Avoiding Class Certification

Posted in Class Action Litigation, Privacy Litigation

Written by Meredith Leary Another important decision has been rendered in the ongoing In re: Hulu Privacy Litigation saga pending in the United States District Court for the Northern District of California, this time denying – without prejudice – the proposed certification of a class of Hulu users pursuing claims involving Hulu’s allegedly wrongful disclosure of “cookies.” … Continue Reading

Wyndham Gets Life Preserver in Data Breach Case

Posted in Data Breach, Data Breach Notification, Federal Trade Commission, Privacy Litigation

Written by Adam Veness New Jersey U.S. District Judge Esther Salas agreed to allow Wyndham Hotels and Resorts LLC to immediately appeal to the Third Circuit a ruling affirming the FTC’s authority to bring data security cases.  We have been following this case since the beginning, and you can see our last post here. Judge Salas… Continue Reading

SCOTUS to Police on Cellphone Searches: “Get a warrant”

Posted in Privacy Litigation

Finding that cellphones contain the “privacies of life”, the U.S. Supreme Court issued a broad endorsement of cell phone privacy, unanimously holding that law enforcement may not search digital information seized from an arrestee’s person without first obtaining a warrant.  The high court was persuaded by the massive quantity of evidence, distinct types of information… Continue Reading

Massachusetts High Court Permits Compelled Decryption of Seized Digital Evidence

Posted in Privacy Litigation

Written by Matthew D. Levitt Today, in Commonwealth v. Gelfgatt, No. SJC-11358 (Mass. June 25, 2014), a divided Massachusetts Supreme Judicial Court held that under certain circumstances, a court may compel a criminal defendant to provide the password to encrypted digital evidence seized by the government without violating either the Fifth Amendment or Article Twelve… Continue Reading

“May I have your ZIP Code?” Retailers may want to read this….

Posted in Cyber Risks Boardroom Series, Insurance, Privacy Litigation

Written by Nancy Adams, CPCU There are only a handful of decisions addressing whether a commercial general liability (CGL) policy provides coverage for lawsuits brought against retailers allegedly collecting their customers’  ZIP code information.   Thus, when a decision is issued in this area, particularly a decision denying coverage, it is noteworthy. Recently, in OneBeacon American… Continue Reading

Health Data Breach Victims Have Standing to Sue Says WV Supreme Court

Posted in Data Breach, HIPAA/HITECH, Privacy Litigation

The most common defense against class actions for data breach has itself been breached in a ruling last week by the West Virginia Supreme Court. The Court’s opinion held that representatives of the class of medical clinic patients whose names, contact details, social security numbers and medical information had been accidentally posted to a publicly… Continue Reading

My company isn’t a search engine. Why should I care about Google Spain?

Posted in Data Breach, Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Privacy Litigation, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Google – along with the rest of us – is still considering the implications of the European Court of Justice’s May 13, 2014 decision that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis… Continue Reading

Cyber Risks for the Boardroom Part 5: Coverage for Privacy Violations

Posted in Cybersecurity, Insurance, Privacy Litigation

The last installment in our series – “Coverage for Privacy Violations” Written by Heidi Lawson and Danny Harary Part 5 of 5:  Coverage For Privacy Violations As we previously noted, recent SEC actions on the topic of cybersecurity indicates increased SEC focus and likely heralds the coming of enforcement actions against public companies for cyber… Continue Reading

Aggressive Liability Theory Does Not Eliminate Obstacles To Banks’ Claims In Target Data Breach Class Action

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin McGinty The latest salvo in the Target data breach litigation is a class action brought by credit card issuing banks advancing a creative and somewhat misleading construction of the Minnesota’s Plastic Card Security Act.  The banks allege that there was a violation of the statute’s prohibition on retaining PIN, security code and… Continue Reading

California Moves to Restrict Collection of Consumer Personal Information Online: the Process, History and Politics Behind Senate Bill 383

Posted in Data Compliance & Security, Legislation, Privacy Litigation, Privacy Regulation

Written by Jake Romero The California Senate has passed a bill restricting the information that certain online retailers can collect in connection with consumer purchases.  Senate Bill 383 would amend Sections 1747.02 and 1747.08 of the California Civil Code to address the collection of customer information in connection with credit card purchases in online transactions… Continue Reading

On the 10th Day of Privacy, my employer gave to me …..

Posted in Employee Privacy, Privacy Litigation, Social Media

And, no — it was not a big fat bonus.    On this 10th Day of Privacy, we  look ahead at employment related privacy issues …. Written by Michael Arnold As use of social media and other technologies continue to raise serious employment-related privacy issues in the workplace, expect to see a flurry of activity… Continue Reading

On the Fifth Day of Privacy, the SEC Gave to Me…..

Posted in Cybersecurity, Data Breach, Privacy Litigation, Security

Sing it with me now….. FIVE GOLDEN RULES! Written by Adam Veness As public companies prepare for the New Year and the start of yet another annual reporting season, it is the perfect time to reflect on our 2013 prediction that the SEC would require greater disclosure relating to cybersecurity risks and data breaches.  As… Continue Reading

The Dark Cloud Over Nordstrom’s Black Friday: California Law May Prohibit Retailers from Collecting Email Addresses at Checkout

Posted in Class Action Litigation, Privacy Litigation

Written by Jake Romero, CIPP/US This past weekend if you survived the towel aisle and other Black Friday dangers and made it to the register to purchase your items, it is possible you were asked to provide an email address so that your receipt could be emailed to you.  This type of request is the… Continue Reading

Google pays BIG to state Attorney Generals for Improper Consumer Tracking

Posted in Class Action Litigation, Data Compliance & Security, Federal Trade Commission, Privacy Litigation, Privacy Regulation

Written by Julia Siripurapu Earlier this month, Google, Inc. (“Google” or “Company”) entered into an  agreement with the Attorney Generals of 37 states and the District of Columbia, settling allegations of violation of  the participating states’ consumer protection or applicable computer abuse statutes (the “Settlement Agreement”). Here’s what got the tech giant in trouble: Google… Continue Reading

Google Must Face Most Claims in Keyword Wiretap Class Action

Posted in Class Action Litigation, Privacy Litigation

Written by Jake Romero If you were on Google’s home page yesterday at the office, you probably spent more time than you care to admit playing the “help the letter ‘g’ hit the piñata” game that Google created for its 15th birthday. For Google, that might be a welcome distraction from very bad news it received… Continue Reading

Your Face is for Sale! The 4 Most Interesting Things About the Proposed Update to Facebook’s Governing Documents

Posted in Class Action Litigation, Privacy Litigation

Written by Jake Romero If you use Facebook (and you likely do, if only to play some game that apparently involves crushing large amounts of candy), then you received an email last week informing you that Facebook is proposing changes to its Data Use Policy and Statement of Rights and Responsibilities.  The proposed changes are… Continue Reading