Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Category Archives: Privacy Litigation

Subscribe to Privacy Litigation RSS Feed

Aggressive Liability Theory Does Not Eliminate Obstacles To Banks’ Claims In Target Data Breach Class Action

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin McGinty The latest salvo in the Target data breach litigation is a class action brought by credit card issuing banks advancing a creative and somewhat misleading construction of the Minnesota’s Plastic Card Security Act.  The banks allege that there was a violation of the statute’s prohibition on retaining PIN, security code and… Continue Reading

California Moves to Restrict Collection of Consumer Personal Information Online: the Process, History and Politics Behind Senate Bill 383

Posted in Data Compliance & Security, Legislation, Privacy Litigation, Privacy Regulation

Written by Jake Romero The California Senate has passed a bill restricting the information that certain online retailers can collect in connection with consumer purchases.  Senate Bill 383 would amend Sections 1747.02 and 1747.08 of the California Civil Code to address the collection of customer information in connection with credit card purchases in online transactions… Continue Reading

On the 10th Day of Privacy, my employer gave to me …..

Posted in Employee Privacy, Privacy Litigation, Social Media

And, no — it was not a big fat bonus.    On this 10th Day of Privacy, we  look ahead at employment related privacy issues …. Written by Michael Arnold As use of social media and other technologies continue to raise serious employment-related privacy issues in the workplace, expect to see a flurry of activity… Continue Reading

On the Fifth Day of Privacy, the SEC Gave to Me…..

Posted in Cybersecurity, Data Breach, Privacy Litigation, Security

Sing it with me now….. FIVE GOLDEN RULES! Written by Adam Veness As public companies prepare for the New Year and the start of yet another annual reporting season, it is the perfect time to reflect on our 2013 prediction that the SEC would require greater disclosure relating to cybersecurity risks and data breaches.  As… Continue Reading

The Dark Cloud Over Nordstrom’s Black Friday: California Law May Prohibit Retailers from Collecting Email Addresses at Checkout

Posted in Class Action Litigation, Privacy Litigation

Written by Jake Romero, CIPP/US This past weekend if you survived the towel aisle and other Black Friday dangers and made it to the register to purchase your items, it is possible you were asked to provide an email address so that your receipt could be emailed to you.  This type of request is the… Continue Reading

Google pays BIG to state Attorney Generals for Improper Consumer Tracking

Posted in Class Action Litigation, Data Compliance & Security, Federal Trade Commission, Privacy Litigation, Privacy Regulation

Written by Julia Siripurapu Earlier this month, Google, Inc. (“Google” or “Company”) entered into an  agreement with the Attorney Generals of 37 states and the District of Columbia, settling allegations of violation of  the participating states’ consumer protection or applicable computer abuse statutes (the “Settlement Agreement”). Here’s what got the tech giant in trouble: Google… Continue Reading

Google Must Face Most Claims in Keyword Wiretap Class Action

Posted in Class Action Litigation, Privacy Litigation

Written by Jake Romero If you were on Google’s home page yesterday at the office, you probably spent more time than you care to admit playing the “help the letter ‘g’ hit the piñata” game that Google created for its 15th birthday. For Google, that might be a welcome distraction from very bad news it received… Continue Reading

Your Face is for Sale! The 4 Most Interesting Things About the Proposed Update to Facebook’s Governing Documents

Posted in Class Action Litigation, Privacy Litigation

Written by Jake Romero If you use Facebook (and you likely do, if only to play some game that apparently involves crushing large amounts of candy), then you received an email last week informing you that Facebook is proposing changes to its Data Use Policy and Statement of Rights and Responsibilities.  The proposed changes are… Continue Reading

BOSTON: Join Us for “Cybersecurity: It’s Not Just for IT Anymore”

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation, Security

If you are in the Boston area (or will be on September 26), please join us for an afternoon discussion on cybersecurity and the growing risk to corporate directors.   It’s no longer just the purview of a company’s IT or compliance personnel.  Cybersecurity needs to be elevated to boardroom discussion and this seminar will cover what… Continue Reading

Hiding in plain sight: Failure to scrub patient data from digital copiers returned to leasing company results in $1.2 million HIPAA settlement

Posted in Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation

Written by Kevin McGinty We’ve sounded warnings about the lowly copy machine before (here  and here).  The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops.  Seemingly old fashioned equipment, such as copiers, can hide sensitive legally-protected data.  Affinity Health Plan, a New York-based managed care company,… Continue Reading

New Tools from the UK’s Information Commissioner’s Office: How to Respond to Subject Access Requests

Posted in Data Compliance & Security, European Union, Legislation, Privacy Litigation, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The UK ICO has come through yet again with some clear guidance as to how to apply the UK’s data protection laws in connection with requests by individuals for access to their personal data.  While we are waiting with bated breath for a final… Continue Reading

Huge FCRA Verdict Against Equifax Shows Potential Costs of Failing to Protect and Correct Consumer’s Credit History

Posted in Federal Trade Commission, Privacy Litigation

Written by Kevin McGinty Last week an Oregon jury awarded an individual plaintiff over $18 million in compensatory and punitive damages in what some sources have reported to be the first jury verdict in a case brought under the Fair Credit Reporting Act (“FCRA”), 15 U.S.C. § 1681a(c).  The plaintiff, Julie Miller, discovered problems with her… Continue Reading

FTC v. Wyndham: Wyndham Calls for Back-Up

Posted in Data Breach Notification, Federal Trade Commission, Privacy Litigation, Privacy Regulation

Written by Adam Veness It appears that Wyndham Hotel & Resorts LLC (“Wyndham”) has received reinforcements in its defense against the Federal Trade Commission’s (the “FTC”) case.  A federal judge has agreed to allow the U.S. Chamber of Commerce and several other organizations to file an amicus curiae brief in support of dismissing the FTC’s… Continue Reading

NJ Attorney General Settles with PulsePoint for $1 Million

Posted in Mobile Privacy, Privacy Litigation

Written by Amy Malone Digital marketing company, PulsePoint  entered into a Consent Order with the New Jersey Attorney General and agreed to pay $1 million, following an investigation of claims that PulsePoint bypassed privacy setting of Apple’s Safari browser to allow tracking of consumer activity. Last year, Google settled similar claims with the Federal Trade… Continue Reading

Avoid an International Conflict of Laws: Court-Ordered Customer Consent

Posted in Privacy Litigation

Cross-border discovery issues and competing data privacy laws are some of the most vexing issues in international litigation, particularly when bank secrecy laws are implicated.   Mintz Levin partner David Barres addresses the discovery of information shielded by foreign bank-secrecy law – specifically, situations where a bank faces conflicting obligations under US law (requiring disclosure of bank… Continue Reading

Seventh Circuit Declines to Review Class Certification Order in Enormous Computer Privacy Class Action

Posted in Class Action Litigation, Privacy Litigation

Written by Kevin McGinty and Evan Nadel In its recent decision in Harris v. comScore, Inc., the Seventh Circuit declined to review a trial court order certifying a plaintiff class consisting of hundreds of thousands of computer owners who downloaded software that permitted comScore, Inc. to track internet traffic and usage.  The comScore software was… Continue Reading

Delta Finds Reprieve in State Court, but Not Everyone Will Get to Fly the Friendly Skies

Posted in Data Compliance & Security, Mobile Privacy, Privacy Litigation, Privacy Regulation

By Cynthia Larose, Evan Nadel, and Jake Romero California Attorney General Kamala Harris’ attempt to bring an enforcement action against Delta Air Lines, Inc. won’t be leaving the runway. California Superior Court Judge Marla J. Miller has dismissed a data privacy complaint against Delta brought by Attorney General Harris. The development comes as an unexpected… Continue Reading

Yet Another Zip Code Class Action Filed in Massachusetts

Posted in Class Action Litigation, Privacy Litigation

Written by Amy Malone Earlier this month, we reported on the privacy case against craft giant Michaels Stores (see our blog post here, as well as our client alert here) in which the plaintiff alleged that Michaels illegally collected zip codes during credit card transactions. The case was ultimately dismissed by the federal district court,… Continue Reading

Hannaford Data Breach Class Action Certification: Denied

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin McGinty Damages issues continue to bedevil would-be data breach class action plaintiffs.  A long and growing line of cases holds that consumers cannot maintain claims arising from theft of their personal or financial data without alleging that the theft resulted in financial injury.  One notable exception to this trend was the First… Continue Reading

Zip Code as Personal Information: The Massachusetts Round 2

Posted in Class Action Litigation, Data Compliance & Security, Privacy Litigation

Yesterday, the Massachusetts Supreme Judicial Court (“SJC”) ruled that zip codes constitute “personal identification information” under G.L. c. 93.  The question of law came to the SJC from the U.S. District Court for Massachusetts stemming from Tyler vs. Michaels Store, Inc, which was dismissed in January.  This ruling echoes California’s 2011 decision that the Song-Beverly… Continue Reading

Activity at the Federal Trade Commission

Posted in Federal Trade Commission, Privacy Litigation, Privacy Regulation

Written by Amy Malone There is much going on at the Federal Trade Commission (FTC)  these days, particularly in the privacy arena.  In addition to the settlements discussed below, today the White House confirmed that President Obama will nominate Edith Ramirez as Chair of the FTC, replacing outgoing Chairman Jon Leibowitz. Path Settlement: Path, a… Continue Reading

#3 in our 2013 Issues Series: Privacy of Mobile Applications

Posted in Data Compliance & Security, Privacy Litigation, Privacy Regulation

As we continue our “new year, new look” series into important privacy issues for 2013, we boldly predict: Regulatory Scrutiny of Data Collection and Use Practices of Mobile Apps Will Increase in 2013 Mobile apps are becoming a ubiquitous part of the everyday technology experience.  But, consumer apprehension over data collection and their personal privacy… Continue Reading