Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Litigation

Subscribe to Litigation RSS Feed

Once Again, Clapper Defeats Data Breach Class Action

Posted in Data Breaches, Identity Theft, Litigation, Online Privacy, Privacy
Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused.  In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held … Continue Reading

Privacy Class Action – Theories of Liability – 2013 Year in Review

Posted in Litigation
Authors: Erica Gann Kitaev and Paul Karlsgodt One hot area of data privacy litigation over the past several years has been data breach class actions brought under the California Confidentiality of Medical Information Act (“CMIA”),[1]  which provides that a person may recover $1,000 “nominal” damages against a healthcare provider who has negligently “released” the person’s … Continue Reading

Legal concepts every social media marketer should know: Part III — Use of third-party images, graphics, and content

Posted in Litigation, Marketing, Miscellaneous, Social Media
Editor’s Note: This blog post was originally published on September 11, 2013, courtesy of iMedia Connection’s Blog. It is repurposed with permission. This post is co-authored by Alan M. Pate. It’s often said that imitation is the sincerest form of flattery. But when it comes to running an online marketing campaign or social media site, … Continue Reading

South Korea Court Opens the Door for Unintentional Data Breach Collective Actions

Posted in Data Breaches, International Privacy Law, Litigation, Privacy Class Actions, Privacy Litigation
Authorship Credit:  Nathan A. Schacht This is a cross blog post with BakerHostetler’s class action blog.  For the latest in class action developments, visit classactionlawsuitdefense.com.  On February 15, 2013, the Seoul Western District Court in South Korea issued a judgment in a collective consumer action against a South Korean company for a data breach involving … Continue Reading

Courts Preliminarily Approve Settlements in Netflix and Blockbuster Video Privacy and Protection Act Class Actions

Posted in Litigation, Privacy Litigation
Two Federal District Courts recently approved settlements in two significant class actions brought under the Video Privacy and Protection Act, 18 U.S.C. § 2710, et seq. (“VPPA”), which limits the disclosure of personally identifiable information about subscribers as well as the amount of time that video rental service providers can retain subscriber information. On July … Continue Reading

DPPA Does Not Prohibit Bulk Obtainment of Motor Vehicle Records

Posted in Litigation, Privacy Litigation
The Sixth Circuit Court of Appeals has upheld the dismissal of a purported class action lawsuit brought under the federal Driver’s Privacy Protection Act, 18 U.S.C. § 2127, et. seq. (“DPPA”).  Plaintiffs’ claims in Wiles v. Ascom  Transport System, Inc., Case No. 11-5342, were based on the bulk obtainment of personal information from Kentucky motor … Continue Reading

Lessons Learned from the Second Circuit’s Reinstatement of Copyright Suit Against YouTube

Posted in Federal Legislation, Litigation
The Social Media revolution is built on two legal foundations – the Digital Millennium Copyright Act (“DMCA”) which generally protects websites that host user generated content from copyright claims, and the Communications Decency Act, which generally protects such websites from claims based on the publication of defamatory or other illegal content. The Second Circuit sent … Continue Reading

California’s Privacy Class Action Litigation Du Jour: “Shine the Light” Law

Posted in Litigation, Miscellaneous, Online Privacy
Privacy class action litigation is hot in California and a new wave of lawsuits are being filed under California’s 2003 “Shine the Light” law, codified in Cal. Civ. Code Section 1798.83. This privacy law affects most businesses with as few as 20 employees and allows individuals to learn about how a business sells and shares … Continue Reading

Will the Driver’s Privacy Protection Act Fuel the Next Wave of Class Actions Against Retailers?

Posted in Federal Legislation, Litigation
Within a month of a California Supreme Court decision in Pineda v. Williams-Sonoma Stores, Inc. (finding ZIP codes constitute personal identification information under California’s Song-Beverly Act), over 100 putative class action law suits were filed against retailers operating in California. A November 22 lawsuit against Best Buy (Siegler v. Best Buy Co. of Minnesota, Inc.) … Continue Reading

RockYou Proposed Settlement Would Leave Decision Standing

Posted in Data Breaches, Litigation
The parties in the Claridge v. RockYou case submitted a proposed settlement agreement to the court for approval on November 14, 2011.  This case, which was filed shortly after RockYou disclosed a breach that compromised 32 million log-in credentials, received national attention in the spring.  In April 2011, the California federal district court declined to … Continue Reading

Actual Harm is Required even when a Privacy Law Allows for Statutory Damages

Posted in Litigation
A California federal district court judge found last week that plaintiffs must establish a cognizable injury even when minimum statutory damages are available under a California state statute.  This could prove to be a significant win for the defense bar.  As I discussed here, the recent First Circuit decision in Hannaford could signal a changing … Continue Reading

White Collar Wiretaps: Will Your Own Words Come Back to Haunt You?

Posted in Enforcement, Litigation, Mobile Privacy, Online Privacy
Jonathan B. New, a partner in Baker Hostetler’s New York office and a member of the firm’s White Collar Defense and Corporate Investigations Team, along with associate attorney Sammi Malek recently authored the article, “White Collar Wiretaps: Will Your Own Words Come Back to Haunt You?” published in the July 21, 2011 issue of the New York … Continue Reading

Loss of Personal Information in Security Breach Results in Loss of Some “Unidentified Value”

Posted in Data Breaches, Litigation, Online Privacy
A December 2009 SQL injection attack against social network application maker RockYou.com’s database resulted in the breach of 32 million log-in credentials ( e-mail address and password).  Not only did RockYou.com store the log-in credentials of its users in plain text, it also stored those user’s log-in credentials for social networking sites like Facebook and … Continue Reading

If There is Credit Card Fraud, There Must Have Been a Breach

Posted in Data Breaches, Litigation, Payment Card Industry
U.S. Bank removed a putative class action complaint filed by an online merchant named Paintball Punks to U.S. District Court in Minneapolis on December 6.  The complaint (Paintball v USBank.pdf) alleges that Paintball Punks suffered chargeback losses of $11,259.91 from nine transactions that were fraudulently billed to U.S. Bank-issued credit cards as a result of U.S. Bank’s failure to “remedy known … Continue Reading