Written by Jake Romero If you use Facebook (and you likely do, if only to play some game that apparently involves crushing large amounts of candy), then you received an email last week informing you that Facebook is proposing changes to its Data Use Policy and Statement of Rights and Responsibilities. The proposed changes are… Continue Reading
Privacy Litigation
Subscribe to Privacy Litigation RSS FeedBOSTON: Join Us for “Cybersecurity: It’s Not Just for IT Anymore”
Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation, SecurityIf you are in the Boston area (or will be on September 26), please join us for an afternoon discussion on cybersecurity and the growing risk to corporate directors. It’s no longer just the purview of a company’s IT or compliance personnel. Cybersecurity needs to be elevated to boardroom discussion and this seminar will cover what… Continue Reading
Hiding in plain sight: Failure to scrub patient data from digital copiers returned to leasing company results in $1.2 million HIPAA settlement
Posted in Data Breach, Data Compliance & Security, Privacy Litigation, Privacy RegulationWritten by Kevin McGinty We’ve sounded warnings about the lowly copy machine before (here and here). The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops. Seemingly old fashioned equipment, such as copiers, can hide sensitive legally-protected data. Affinity Health Plan, a New York-based managed care company,… Continue Reading
New Tools from the UK’s Information Commissioner’s Office: How to Respond to Subject Access Requests
Posted in Data Compliance & Security, European Union, Legislation, Privacy Litigation, Privacy RegulationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The UK ICO has come through yet again with some clear guidance as to how to apply the UK’s data protection laws in connection with requests by individuals for access to their personal data. While we are waiting with bated breath for a final… Continue Reading
Huge FCRA Verdict Against Equifax Shows Potential Costs of Failing to Protect and Correct Consumer’s Credit History
Posted in Federal Trade Commission, Privacy LitigationWritten by Kevin McGinty Last week an Oregon jury awarded an individual plaintiff over $18 million in compensatory and punitive damages in what some sources have reported to be the first jury verdict in a case brought under the Fair Credit Reporting Act (“FCRA”), 15 U.S.C. § 1681a(c). The plaintiff, Julie Miller, discovered problems with her… Continue Reading
FTC v. Wyndham: Wyndham Calls for Back-Up
Posted in Data Breach Notification, Federal Trade Commission, Privacy Litigation, Privacy RegulationWritten by Adam Veness It appears that Wyndham Hotel & Resorts LLC (“Wyndham”) has received reinforcements in its defense against the Federal Trade Commission’s (the “FTC”) case. A federal judge has agreed to allow the U.S. Chamber of Commerce and several other organizations to file an amicus curiae brief in support of dismissing the FTC’s… Continue Reading
NJ Attorney General Settles with PulsePoint for $1 Million
Posted in Mobile Privacy, Privacy LitigationWritten by Amy Malone Digital marketing company, PulsePoint entered into a Consent Order with the New Jersey Attorney General and agreed to pay $1 million, following an investigation of claims that PulsePoint bypassed privacy setting of Apple’s Safari browser to allow tracking of consumer activity. Last year, Google settled similar claims with the Federal Trade… Continue Reading
Avoid an International Conflict of Laws: Court-Ordered Customer Consent
Posted in Privacy LitigationCross-border discovery issues and competing data privacy laws are some of the most vexing issues in international litigation, particularly when bank secrecy laws are implicated. Mintz Levin partner David Barres addresses the discovery of information shielded by foreign bank-secrecy law – specifically, situations where a bank faces conflicting obligations under US law (requiring disclosure of bank… Continue Reading
Seventh Circuit Declines to Review Class Certification Order in Enormous Computer Privacy Class Action
Posted in Class Action Litigation, Privacy LitigationWritten by Kevin McGinty and Evan Nadel In its recent decision in Harris v. comScore, Inc., the Seventh Circuit declined to review a trial court order certifying a plaintiff class consisting of hundreds of thousands of computer owners who downloaded software that permitted comScore, Inc. to track internet traffic and usage. The comScore software was… Continue Reading
Delta Finds Reprieve in State Court, but Not Everyone Will Get to Fly the Friendly Skies
Posted in Data Compliance & Security, Mobile Privacy, Privacy Litigation, Privacy RegulationBy Cynthia Larose, Evan Nadel, and Jake Romero California Attorney General Kamala Harris’ attempt to bring an enforcement action against Delta Air Lines, Inc. won’t be leaving the runway. California Superior Court Judge Marla J. Miller has dismissed a data privacy complaint against Delta brought by Attorney General Harris. The development comes as an unexpected… Continue Reading
Yet Another Zip Code Class Action Filed in Massachusetts
Posted in Class Action Litigation, Privacy LitigationWritten by Amy Malone Earlier this month, we reported on the privacy case against craft giant Michaels Stores (see our blog post here, as well as our client alert here) in which the plaintiff alleged that Michaels illegally collected zip codes during credit card transactions. The case was ultimately dismissed by the federal district court,… Continue Reading
Hannaford Data Breach Class Action Certification: Denied
Posted in Class Action Litigation, Data Breach, Privacy LitigationWritten by Kevin McGinty Damages issues continue to bedevil would-be data breach class action plaintiffs. A long and growing line of cases holds that consumers cannot maintain claims arising from theft of their personal or financial data without alleging that the theft resulted in financial injury. One notable exception to this trend was the First… Continue Reading
Google: Better to Seek Forgiveness Than Permission?
Posted in Class Action Litigation, Privacy LitigationWritten by Amy Malone For years, Google has been blazing trails in the technology world and along the way they have been caught in a few snares. The latest entanglement wrapped up this week as the company settled a two-year investigation led by an executive committee that represents 38 states and the District of Columbia… Continue Reading
Zip Code as Personal Information: The Massachusetts Round 2
Posted in Class Action Litigation, Data Compliance & Security, Privacy LitigationYesterday, the Massachusetts Supreme Judicial Court (“SJC”) ruled that zip codes constitute “personal identification information” under G.L. c. 93. The question of law came to the SJC from the U.S. District Court for Massachusetts stemming from Tyler vs. Michaels Store, Inc, which was dismissed in January. This ruling echoes California’s 2011 decision that the Song-Beverly… Continue Reading
Activity at the Federal Trade Commission
Posted in Federal Trade Commission, Privacy Litigation, Privacy RegulationWritten by Amy Malone There is much going on at the Federal Trade Commission (FTC) these days, particularly in the privacy arena. In addition to the settlements discussed below, today the White House confirmed that President Obama will nominate Edith Ramirez as Chair of the FTC, replacing outgoing Chairman Jon Leibowitz. Path Settlement: Path, a… Continue Reading
#3 in our 2013 Issues Series: Privacy of Mobile Applications
Posted in Data Compliance & Security, Privacy Litigation, Privacy RegulationAs we continue our “new year, new look” series into important privacy issues for 2013, we boldly predict: Regulatory Scrutiny of Data Collection and Use Practices of Mobile Apps Will Increase in 2013 Mobile apps are becoming a ubiquitous part of the everyday technology experience. But, consumer apprehension over data collection and their personal privacy… Continue Reading
“Fly Delta” May Get Grounded by California Attorney General
Posted in Class Action Litigation, Privacy Litigation, Privacy RegulationWritten by Evan Nadel and Jake Romero Delta Airlines, Inc. may have to pay fines equal to 20 “excess bag” fees for each user that has downloaded its “Fly Delta” mobile application. California Attorney General Kamala Harris has filed a complaint against Delta, alleging that Delta has failed to conspicuously post a privacy policy on… Continue Reading
The Tale of Two Banks: Final Settlement in Maine Bank Security Practices Case and a Failure of Bank Security Procedures in Florida
Posted in Identity Theft, Privacy LitigationIn a case that we have written about here and here, People’s United Bank of Maine has agreed to pay about $ 390,000 to settle a claim that its security practices allowed unauthorized persons to withdraw funds from a construction company’s account (Patco Construction Co. v. People’s United Bank, D. Me., No. 09-503, agreed dismissal filed 11/19/12)…. Continue Reading
The FTC Fires Back Against Wyndham
Posted in Data Breach, Data Breach Notification, Federal Trade Commission, Privacy Litigation, Privacy RegulationWritten by Adam Veness The Federal Trade Commission (the “FTC”) has filed its response to the Wyndham Hotel & Resorts LLC’s (“Wyndham”) Motion to Dismiss. More information about Wyndham’s Motion can be seen in an earlier blog post here. In its response, the FTC rebuts Wyndham’s Motion and argues three main points: 1) the FTC… Continue Reading
Checked your insurance policies lately?
Posted in Data Breach, Privacy LitigationWritten by Nancy Adams In a ruling that might provide a new path to data breach insurance coverage, DSW Shoe Warehouse, Inc. has prevailed in its attempt to obtain insurance coverage for losses associated with a data breach under a commercial crime policy. The Sixth Circuit Court Appeals, in Retail Ventures, Inc. et al. v…. Continue Reading
FTC Sues Wyndham Hotels
Posted in Data Breach, Federal Trade Commission, Privacy LitigationWritten by Amy Malone The Federal Trade Commission (FTC) has announced that it has filed suit in U.S. District Court in Phoenix against Wyndham Worldwide Corporation and three of its subsidiaries. The lawsuit cites “alleged data security failures that led to three data breaches at Wyndham hotels in less than two years.” The breaches in question… Continue Reading
FTC v. Myspace Part II — The Takeaways
Posted in Data Compliance & Security, Federal Trade Commission, Online Advertising, Privacy Litigation, Privacy RegulationThe FTC has again provided us with a road map to compliance through the Myspace consent order. Here are the takeaways that should concern every company with an online presence. Keeping the FTC Out of Your Space — The Takeaways Much can be learned from how the FTC has evaluated the adequacy of Myspace’s privacy policy… Continue Reading
Does an employer invade an employee’s privacy by accessing and reviewing the employee’s email?
Posted in Employee Privacy, Privacy LitigationA recent Massachusetts Superior Court decision, Falmouth Firefighters Union v. Town of Falmouth, answers “no.” Our colleagues over at the Mintz Levin Employment Matters blog have posted an analysis of this interesting decision and the takeaways for employers — particularly Massachusetts employers. Read more here.
Supreme Court Holds that Warrantless “Trespass” in Placement of GPS Device on Vehicle Constitutes an Unreasonable Search Violative of the Fourth Amendment
Posted in Privacy Litigation, US Supreme CourtWritten by Paul E. Pelletier The Chinese Year of the Dragon started with a bang as the Supreme Court issued a much anticipated ruling in this Fourth Amendment case that was neither brave nor innovative. In United States v. Antoine Jones the Court chose to affirm the district and circuit courts’ Fourth Amendment ruling on… Continue Reading
