Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Privacy Litigation

Subscribe to Privacy Litigation RSS Feed

Precedent and the Price Explain Why Target and the Consumer Class Agreed to an Early Data Breach Settlement

Posted in Class Action Litigation, Data Breach, Data Breach Notification, Privacy Litigation, Uncategorized

On March 18, 2015 – just three months after denial of a motion to dismiss consumer claims arising from Target’s 2013 data breach – Target and the consumer class filed papers seeking approval of a settlement.  The proposed settlement agreement creates a  $10 million cash fund to be paid out to class members claiming actual damages arising… Continue Reading

Target Data Breach Price Tag: $252 Million and Counting

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, Privacy Litigation

In a recently-released Form 8-K filing announcing fourth quarter and year-end financial results, Target Corporation reported that expenses incurred in 2014 relating to its 2013 data breach totaled over $191 million.  Those expenses were offset by $46 million in insurance proceeds, resulting in a $145 million charge against Target’s 2014 operating results.  The expenses incurred… Continue Reading

Register for our next Wednesday Webinar — February 25

Posted in Employee Privacy, Events and Webinars, HIPAA/HITECH, Identity Theft, Mobile Privacy, Privacy Litigation, Security, Social Media

Registration is open for the next installment in the Mintz Levin Privacy & Security Group Wednesday Webinar series — This webinar,  scheduled for Wednesday, February 25,  will focus on privacy in the workplace. Our workplace is everywhere these days, which makes employment and privacy compliance even more challenging. Jen Rubin and Gauri Punjabi will discuss… Continue Reading

Consumer Claims Survive Motion to Dismiss in Target Data Breach Class Action

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin McGinty A recent ruling by Federal District Judge Paul Magnuson will permit most of the consumer claims in the Target data breach litigation to survive Target’s motion to dismiss.  This most recent ruling follows on the heels of the court’s December 2 decision partially denying Target’s motion to dismiss consolidated complaint of… Continue Reading

On the Fourth Day of Privacy, My Insurance Carrier Gave to Me…..

Posted in Cyber Risks Boardroom Series, Cybersecurity, Insurance, Privacy Litigation

gaps in my cyber liability coverage…………….. Written by Heidi Lawson and Danny Harary What can companies and insurers expect in the new year when it comes to cyber liability insurance coverage?  While we wait for some court decisions interpreting these new stand-alone cyber liability insurance policies that are being heavily pushed in the market, there… Continue Reading

On the Second Day of Privacy, Plaintiffs’ Counsel Gave to Me . . .

Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Privacy Litigation

  . . . still more privacy litigation.  In 2015, we are likely to see further development of the law in data breach class actions, continuing growth in statutory privacy claims, and increased risk of privacy-related claims arising from burgeoning merger and acquisition activity. Written by Kevin McGinty and Meredith Leary “Trying to predict the future is a… Continue Reading

Privacy Monday: December 8, 2104 – The Twelve Days of Privacy 2014

Posted in 12 Days of Privacy, Cybersecurity, Data Compliance & Security, EU Data Protection Regulation, Insurance, Legislation, Mobile Privacy, Privacy Litigation, Privacy Monday, Privacy Regulation, Uncategorized

Our series last year was a reader favorite, so we decided to put our prognosticator hats on again and present:   Rather than look back at 2014, starting tomorrow, the Privacy & Security blog will count down The 12 Days of Privacy, looking ahead to what we might expect in 2015 and what we might… Continue Reading

Issuer Banks’ Claims in Target Data Breach Litigation Survive Motion to Dismiss

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin Mc Ginty Federal District Judge Paul Magnuson has ruled that banks that issued credit and debit cards to customers whose data was stolen in the December 2013 Target data breach could continue to litigate claims against Target for negligence and violation of Minnesota’s Plastic Security Card Act (“MPCSA”), Minn. Stat. § 325E.64.  The… Continue Reading

Home Depot Data Breach Litigation: Venue and Consolidation

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin McGinty Substantive litigation in the flood of lawsuits concerning the recent Home Depot data breach awaits a determination of where the cases will be heard.  Numerous overlapping lawsuits have been filed in courts throughout the United States asserting claims on behalf of consumers and financial institutions arising from the massive theft of… Continue Reading

Law360 Expert Analysis – D&O Liability

Posted in Cybersecurity, Privacy Litigation

Law360 has published expert analysis of the Palkon v. Holmes case and what it means for director liability in data breach-related cases, written by Mintz Levin’s David Barres (registration required).   D&O Liability For Data Breaches After Palkon V. Holmes A federal district court in New Jersey recently dismissed with prejudice a shareholder derivative suit, Palkon v…. Continue Reading

Court Dismisses Shareholder Derivative Action Targeting Directors and Officers for Data Breaches

Posted in Cybersecurity, Data Breach, Privacy Litigation

Written by David Barres A federal district court in New Jersey has dismissed with prejudice a shareholder derivative suit, Palkon v. Holmes, No. 14-CV-01234 (SRC) (D.N.J.), that tried to blame the directors and officers at hospitality company Wyndham Worldwide Corporation (“Wyndham”) for a series of data breaches. The court’s decision is notable because it illustrates some… Continue Reading

Cyber Liability Insurance: Where’s the Beef?

Posted in Cybersecurity, Insurance, Privacy Litigation

Written by Heidi Lawson, CPCU and Danny Harary  “Cyber liability insurance” is often used to describe a range of insurance policies, in the same way that the word cyber is used to describe a broad range of information security related tools, processes and services. Everyone is talking about the need for “stand alone” cyber liability… Continue Reading

Ninth Circuit Rules Marketing Consultant Can Be Held Vicariously Liable for Text Messages under TCPA

Posted in Class Action Litigation, Privacy Litigation

Written by Ernie Cooper  In a ruling issued late last week, the Ninth Circuit held that a marketing consultant that hired a firm to send text messages for a third party could also be held vicariously liable for violations of the Telephone Consumer Protection Act (TCPA).  The marketing consultant acknowledged that Federal Communications Commission orders… Continue Reading

Update on Google Unauthorized Children’s In-App Purchase Class Action: THE SHOW MUST GO ON!

Posted in Children, Class Action Litigation, Privacy Litigation

Written by Julia Siripurapu, CIPP U.S. District Court Judge Ronald M. Whyte has issued an order  granting in part and denying in part Google’s Motion to Dismiss the class action filed against the Company on ­March 7 in the U.S. District Court for the Northern District of California as a result of unauthorized children’s in-app purchases… Continue Reading

Backlash Over Facebook Timeline Experiment Serves as a Reminder: User Expectations Still Trump Fine Print

Posted in Federal Trade Commission, Privacy Litigation, Privacy Regulation

Written by Jake Romero, CIPP If you are one of the approximately 1.3 billion people who use Facebook, you’ve likely experienced the phenomenon where a single event (like Luiz Suarez biting that Italian guy or pretty much anything involving TSA) manages to raise the ire of a large number of your Facebook friends, causing them… Continue Reading

Hulu Scores a Victory (at least temporarily) in Avoiding Class Certification

Posted in Class Action Litigation, Privacy Litigation

Written by Meredith Leary Another important decision has been rendered in the ongoing In re: Hulu Privacy Litigation saga pending in the United States District Court for the Northern District of California, this time denying – without prejudice – the proposed certification of a class of Hulu users pursuing claims involving Hulu’s allegedly wrongful disclosure of “cookies.” … Continue Reading

Wyndham Gets Life Preserver in Data Breach Case

Posted in Data Breach, Data Breach Notification, Federal Trade Commission, Privacy Litigation

Written by Adam Veness New Jersey U.S. District Judge Esther Salas agreed to allow Wyndham Hotels and Resorts LLC to immediately appeal to the Third Circuit a ruling affirming the FTC’s authority to bring data security cases.  We have been following this case since the beginning, and you can see our last post here. Judge Salas… Continue Reading

SCOTUS to Police on Cellphone Searches: “Get a warrant”

Posted in Privacy Litigation

Finding that cellphones contain the “privacies of life”, the U.S. Supreme Court issued a broad endorsement of cell phone privacy, unanimously holding that law enforcement may not search digital information seized from an arrestee’s person without first obtaining a warrant.  The high court was persuaded by the massive quantity of evidence, distinct types of information… Continue Reading

Massachusetts High Court Permits Compelled Decryption of Seized Digital Evidence

Posted in Privacy Litigation

Written by Matthew D. Levitt Today, in Commonwealth v. Gelfgatt, No. SJC-11358 (Mass. June 25, 2014), a divided Massachusetts Supreme Judicial Court held that under certain circumstances, a court may compel a criminal defendant to provide the password to encrypted digital evidence seized by the government without violating either the Fifth Amendment or Article Twelve… Continue Reading

“May I have your ZIP Code?” Retailers may want to read this….

Posted in Cyber Risks Boardroom Series, Insurance, Privacy Litigation

Written by Nancy Adams, CPCU There are only a handful of decisions addressing whether a commercial general liability (CGL) policy provides coverage for lawsuits brought against retailers allegedly collecting their customers’  ZIP code information.   Thus, when a decision is issued in this area, particularly a decision denying coverage, it is noteworthy. Recently, in OneBeacon American… Continue Reading

Health Data Breach Victims Have Standing to Sue Says WV Supreme Court

Posted in Data Breach, HIPAA/HITECH, Privacy Litigation

The most common defense against class actions for data breach has itself been breached in a ruling last week by the West Virginia Supreme Court. The Court’s opinion held that representatives of the class of medical clinic patients whose names, contact details, social security numbers and medical information had been accidentally posted to a publicly… Continue Reading

My company isn’t a search engine. Why should I care about Google Spain?

Posted in Data Breach, Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Privacy Litigation, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Google – along with the rest of us – is still considering the implications of the European Court of Justice’s May 13, 2014 decision that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis… Continue Reading

Cyber Risks for the Boardroom Part 5: Coverage for Privacy Violations

Posted in Cybersecurity, Insurance, Privacy Litigation

The last installment in our series – “Coverage for Privacy Violations” Written by Heidi Lawson and Danny Harary Part 5 of 5:  Coverage For Privacy Violations As we previously noted, recent SEC actions on the topic of cybersecurity indicates increased SEC focus and likely heralds the coming of enforcement actions against public companies for cyber… Continue Reading

Aggressive Liability Theory Does Not Eliminate Obstacles To Banks’ Claims In Target Data Breach Class Action

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin McGinty The latest salvo in the Target data breach litigation is a class action brought by credit card issuing banks advancing a creative and somewhat misleading construction of the Minnesota’s Plastic Card Security Act.  The banks allege that there was a violation of the statute’s prohibition on retaining PIN, security code and… Continue Reading