Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Privacy Litigation

Subscribe to Privacy Litigation RSS Feed

Early Settlement of the Home Depot Consumer Data Breach Claims – The Start of a Trend?

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Last week, a federal court in Atlanta issued an order preliminarily approving a proposed settlement – valued up to $19.5 million – of the consumer claims arising from the 2014 theft of payment card data from Home Depot.  The cash and noncash terms of the proposed settlement are unexceptional.  What is unusual about this settlement is its… Continue Reading

Apple vs. FBI: The House Judiciary Committee Hearing and Takeaways

Posted in Cybersecurity, Mobile Privacy, Privacy Litigation, Privacy Regulation, Security, Uncategorized

Among the major headlines dominating not only the recent news cycle, but also this week’s RSA Conference in San Francisco, has been Apple’s challenge to the federal government’s request that Apple assist in unlocking the iPhone recovered from the perpetrators of the shootings in San Bernardino.  On March 1, 2016, the House Judiciary Committee held… Continue Reading

Massachusetts Court: Patients Have Standing to Sue for Data Breach Based on Data Exposure Alone

Posted in Class Action Litigation, Privacy Litigation, Uncategorized

A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach. The court concluded that the plaintiff had pleaded a “real and immediate risk” of injury despite failing to allege that any unauthorized persons had even… Continue Reading

Wyndham and FTC Settle Case Over “Unfair” Data Security Practices

Posted in Cybersecurity, Data Breach, Federal Trade Commission, Privacy Litigation, Security

The years-long saga of the Federal Trade Commission’s suit against Wyndham Hotels over data breaches that occurred at least as early as April 2008 is finally coming to an end with a proposed settlement filed today with the court.  The original complaint, which is summarized in this post from 2012, alleged that Wyndham’s claims to… Continue Reading

Happy Holidays: VTech data breach affects over 11 million parents and children worldwide

Posted in Children, Cybersecurity, Data Breach, Privacy Litigation

The recent data breach of Hong Kong-based electronic toy manufacturer VTech Holdings Limited (“VTech” or the “Company”) is making headlines around the world for good reason: it exposed sensitive personal information of over 11 million parents and children users of VTech’s Learning Lodge app store, Kid Connect network, and PlanetVTech in 16 countries! VTech’s Learning… Continue Reading

Target and Card Issuers Reach Final Data Breach Settlement

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Two years after the massive holiday season theft of customers’ payment card data from Target point of sale terminals, the Target data breach litigation appears to be entering its final act.  On Tuesday, December 1, Target entered into a settlement agreement with a class of banks and financial institutions that issued the credit and debit… Continue Reading

Standing Issues Could Still Derail Google Cookie Placement Litigation

Posted in Class Action Litigation, Privacy Litigation

In a decision almost a year in the making, the Third Circuit’s recent opinion in In re Google Inc. Cookie Placement Privacy Litig. (3d Cir. Nov. 10, 2015),  (“Google”), reversed a trial court order dismissing a lawsuit alleging that Google and other internet advertising companies circumvented cookie-blocking technology in Safari and Internet Explorer web browsers. … Continue Reading

Data Breach Planning in 10 Easy Steps: How to Think Like A Litigator

Posted in Class Action Litigation, Data Compliance & Security, Events and Webinars, Privacy Litigation, Privacy Monday

For the first Monday in November, we have 10 easy steps to make sure that your data breach incident response planning is viewed from that pesky point of view of a litigator. Fail to plan = plan to fail. Big problems first, small problems later (don’t let the perfect be the enemy of the good)…. Continue Reading

Wednesday Webinar: Tricks, But No Treats – A Halloween Visit to the Frightening World of Data Security Litigation

Posted in Class Action Litigation, Cybersecurity, Data Breach, Events and Webinars, Privacy Litigation, Security

To take a step back from our continuing analysis of the situation and developments in Europe,  there are other things going on in the privacy and data security world!   Our October Wednesday Webinar is coming up and we will take a walk on the wild side:  data security litigation.    Registration is open now! Read more –

Strike Suit Offers Conjectures, And Little More, About Scottrade Data Breach

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, Identity Theft, Privacy Litigation

As reported on Friday in the Krebs on Security blog, online broker Scottrade had sent an e-mail to customers earlier that day stating that it recently had learned from law enforcement officials that Scottrade was one of a number of financial services companies that had been victimized by data thieves.  That very same day saw… Continue Reading

Sony: Stipulation Announces (but does not disclose) Employee Data Breach Class Settlement

Posted in Class Action Litigation, Data Breach, Employee Privacy, Identity Theft, Privacy Litigation

This Is The End? Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach allegedly perpetrated by North Korean hackers in retaliation for SPE’s release of “The Interview,” a satirical comedy depicting an attempt on the life of… Continue Reading

Banks’ Class Certification Motion Trumpets Target Data Security Failings, Ignores Impact of Card Association Settlements

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Card-issuing banks are forging ahead with their lawsuit against Target arising from the 2013 holiday shopping season data breach.  Their July 1 motion for class certification has just been unsealed, allowing a glimpse at plaintiffs’ version of the events during November and December 2013 that resulted in theft of payment card data for 40 million Target… Continue Reading

Privacy Monday – August 24, 2015 – Breaking News: FTC vs. Wyndham Update

Posted in Cybersecurity, Data Breach, Federal Trade Commission, Privacy Litigation, Privacy Monday

Rather than our usual Privacy Monday “bits and bytes,” we have a breaking story relating to the ongoing Wyndham/FTC saga. Today, Wyndham Worldwide Corp. lost a critical round in the Third Circuit.   Anticipated since April, 2014, the three-judge panel upheld U.S. District Judge Esther Salas’ ruling that the Federal Trade Commission (FTC) has the authority… Continue Reading

Breaking News: Target to Settle Data Breach Claims of Visa Card Issuers for $67 Million

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Target has announced that it has entered into a settlement with Visa to resolve claims of issuers of Visa credit and debit cards arising from Target’s November 2013 data breach.  The proposed settlement will pay issuers of Visa payment cards up to $67 million to reimburse losses associated with the theft of card numbers from… Continue Reading

Neiman Marcus Chides Seventh Circuit Panel

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Neiman Marcus Petition Claims that Seventh Circuit Decision Invents Harm to Find Standing to Bring Data Breach Claims Retailer Neiman Marcus has filed a petition seeking en banc review by the entire Seventh Circuit of the decision by a three-judge panel of that court in Remijas v. Neiman Marcus Group, LLC reversing dismissal of consumer data… Continue Reading

Change in the Prevailing Winds in Consumer Data Breach Cases?

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Seventh Circuit Rules Consumers Have Standing to Sue in Neiman Marcus Payment Card Data Breach Case In Remijas v. Neiman Marcus Group, LLC, the Seventh Circuit reversed a district court decision dismissing consumer payment card data breach claims for lack of standing.  The appellate panel held that injuries consisting of 1) lost time and money resolving… Continue Reading

Home Depot Moves to Dismiss Bank Data Breach Claims on Standing and Ripeness Grounds

Posted in Class Action Litigation, Data Breach, Privacy Litigation

In its recently-filed motion to dismiss claims of card-issuing banks arising from the September 2014 theft of payment card data from Home Depot point of sale terminals, Home Depot employs an approach typically used to respond to consumer claims.  In payment card data breach cases, defendants typically argue that consumers lack standing to sue because card… Continue Reading

Data Breach Affects Millions of Current and Former Government Workers

Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Employee Privacy, Identity Theft, Privacy Litigation, Security

The U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security numbers.  OPM serves as the human resources department -and holds employee records – for the entire federal government, ranging from security clearances to the identities… Continue Reading

Home Depot Moves to Dismiss Consumer Data Breach Claims for Lack of Standing

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Home Depot has staked its defense of consumer claims arising from the 2014 theft of payment card data from the home improvement retailer on the asserted absence of injuries sufficient to confer standing to sue.  Because consumers rarely sustain out-of-pocket losses when their payment card numbers are stolen, lack of standing is typically the primary… Continue Reading

Privacy Monday – June 1, 2015 – Courts Affirm Insurers’ Denial of Coverage for Electronic Data Claims  

Posted in Cybersecurity, Insurance, Privacy Litigation, Privacy Monday

Happy June – the first day of meteorological summer! In the last month, both a federal and state court denied coverage for claims relating to an insured’s handling of electronic data.  In the first case, a federal court held that there was no coverage under a cyber insurance policy for a claim alleging that the… Continue Reading

Failure to Obtain Required Retailer Approval Scuttles Target-MasterCard Data Breach Settlement

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Target’s attempt to resolve claims of MasterCard-issuing banks through a $19 million private settlement with MasterCard has been terminated for failure of issuers of 90% of the affected cards to accept the settlement by the Wednesday, May 20 acceptance deadline.  Press reports on Friday, May 22 indicated that both Target and MasterCard had confirmed that… Continue Reading

CNA Denies Cyber Insurance Claim

Posted in Cybersecurity, Data Breach, Insurance, Privacy Litigation

Key takeaway:   The insurance applications and underwriting questionnaires prepared in connection with cyber insurance do matter. Cyber security, and cyber insurance, have dominated the industry headlines for several years now, but even as companies, brokers and insurers work to develop these products, there has been a dearth of case law interpreting key provisions.  This is beginning to change… Continue Reading

Breaking Down the DOJ Cybersecurity Unit’s Guidance on Responding to Cyberattacks

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Security

Another federal agency has weighed in with “guidance” on cybersecurity preparation and breach response.  The Department of Justice (DOJ) is the latest to issue guidance on how companies should respond to data breaches.   The guidance is not perfect, and in some respects is simply a recitation of existing best practices, but it is still valuable because… Continue Reading

Target and Card Issuers Dispute Use of MasterCard Settlement to Resolve Data Breach Claims

Posted in Class Action Litigation, Cybersecurity, Data Breach, Privacy Litigation

In the wake of Target’s April 15 announcement of a private $19 million settlement of the data breach claims of MasterCard-issuing banks, counsel representing the putative card issuer class in the consolidated Target data breach litigation moved to enjoin the proposed settlement, arguing that it is an improper end-run around the Minnesota federal court’s adjudication… Continue Reading