Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Privacy Litigation

Subscribe to Privacy Litigation RSS Feed

Social Media’s Not For You—It’s About You: Risks for Organizations in a New Age of Sharing

Posted in Data Breaches, Information Governance, International Privacy Law, Mobile Privacy, Privacy Litigation, Social Media, Workplace Privacy
Social media and social networking, including websites and applications that allow users to create and share content, have become ubiquitous. Joining the social networking revolution may be very easy for individuals, but establishing best practices for organizations that want or need to be actively engaged with social media is not. Initial considerations tend to focus… Continue Reading

Bring Your Own Device (Everywhere): Legal and Practical Considerations for International BYOD Programs

Posted in Information Governance, International Privacy Law, Mobile Privacy, Privacy Litigation, Workplace Privacy
The cross-use of mobile devices for personal and professional purposes, commonly referred to as “Bring Your Own Device” or “BYOD”, is a relatively recent phenomenon that has created a host of legal and practical challenges for organizations of all sizes. Implementing a BYOD program is especially complex for companies that have employees who regularly travel… Continue Reading

Once Again, Clapper Defeats Data Breach Class Action

Posted in Data Breaches, Identity Theft, Online Privacy, Privacy Litigation
Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused.  In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held… Continue Reading

Information Governance – 2013 in Review

Posted in Data Breaches, Online Privacy, Privacy Litigation
By: Judith A. Selby and James A. Sherer 2013 was the year that the term “Information Governance” or “IG” began to be widely used outside of technical circles. Despite that fact, the concept of IG is not well understood. Gartner, a premier information advisory company, defines IG as the specification of decision rights and an accountability framework… Continue Reading

Opening the Flood Gates? California Voters May Create Presumption of Harm in Privacy Breach Cases

Posted in Data Breaches, Privacy Class Actions, Privacy Litigation
Authored by: Julian Perlman Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. California has moved one step closer towards amending its Constitution to create a presumption of harm whenever personal data is shared without a consumer’s express opt-in, a change that would clear a significant hurdle to many privacy breach… Continue Reading

Legal concepts every social media marketer should know: Part III — Use of third-party images, graphics, and content

Posted in Marketing, Privacy Litigation, Social Media
Editor’s Note: This blog post was originally published on September 11, 2013, courtesy of iMedia Connection’s Blog. It is repurposed with permission. This post is co-authored by Alan M. Pate. It’s often said that imitation is the sincerest form of flattery. But when it comes to running an online marketing campaign or social media site,… Continue Reading

Federal Prosecutors Indict Accused Data Thieves

Posted in Privacy Litigation
Federal prosecutors announced yesterday the indictment of five men accused of involvement in the theft of over 160 million credit card numbers. According to prosecutors, thefts by this group involved some of the largest and most notable U.S. data breaches of recent years, including Global Payments, Heartland Payment Systems, Hannaford, and NASDAQ, among others. Payment… Continue Reading

South Korea Court Opens the Door for Unintentional Data Breach Collective Actions

Posted in Data Breaches, International Privacy Law, Privacy Class Actions, Privacy Litigation
Authorship Credit:  Nathan A. Schacht This is a cross blog post with BakerHostetler’s class action blog.  For the latest in class action developments, visit classactionlawsuitdefense.com.  On February 15, 2013, the Seoul Western District Court in South Korea issued a judgment in a collective consumer action against a South Korean company for a data breach involving… Continue Reading

Call Centers Increasingly Targeted in Class Action Lawsuits for Statutory Penalties Under Decades-Old California Law

Posted in Privacy Class Actions, Privacy Litigation
Authored by: Paul Karlsgodt Editor’s Note – This article is a joint submission to BakerHostetler’s Class Action Lawsuit Defense blog. Companies that provide call center services to consumers are increasingly being targeted in class action lawsuits under an arcane section of the California penal code that provides a civil right of action and statutory damages… Continue Reading

Courts Preliminarily Approve Settlements in Netflix and Blockbuster Video Privacy and Protection Act Class Actions

Posted in Privacy Litigation
Two Federal District Courts recently approved settlements in two significant class actions brought under the Video Privacy and Protection Act, 18 U.S.C. § 2710, et seq. (“VPPA”), which limits the disclosure of personally identifiable information about subscribers as well as the amount of time that video rental service providers can retain subscriber information. On July… Continue Reading

DPPA Does Not Prohibit Bulk Obtainment of Motor Vehicle Records

Posted in Privacy Litigation
The Sixth Circuit Court of Appeals has upheld the dismissal of a purported class action lawsuit brought under the federal Driver’s Privacy Protection Act, 18 U.S.C. § 2127, et. seq. (“DPPA”).  Plaintiffs’ claims in Wiles v. Ascom  Transport System, Inc., Case No. 11-5342, were based on the bulk obtainment of personal information from Kentucky motor… Continue Reading

US Supreme Court Finds that Mental and Emotional Distress are not “Actual Damages” under the Privacy Act

Posted in Privacy Litigation
In privacy litigation, the majority of the federal courts have required demonstration of a certain tangible, provable harm before granting damage awards to plaintiffs claiming a violation of their privacy.  The Supreme Court’s recent decision in Federal Aviation Administration et al. v. Stanmore Cawthon Cooper, case number 10-1024, is no different.  In the Court’s March 28,… Continue Reading

Lessons Learned from the Second Circuit’s Reinstatement of Copyright Suit Against YouTube

Posted in Federal Legislation, Privacy Litigation
The Social Media revolution is built on two legal foundations – the Digital Millennium Copyright Act (“DMCA”) which generally protects websites that host user generated content from copyright claims, and the Communications Decency Act, which generally protects such websites from claims based on the publication of defamatory or other illegal content. The Second Circuit sent… Continue Reading

California’s Privacy Class Action Litigation Du Jour: “Shine the Light” Law

Posted in Online Privacy, Privacy Class Actions, Privacy Litigation
Privacy class action litigation is hot in California and a new wave of lawsuits are being filed under California’s 2003 “Shine the Light” law, codified in Cal. Civ. Code Section 1798.83. This privacy law affects most businesses with as few as 20 employees and allows individuals to learn about how a business sells and shares… Continue Reading

Will the Driver’s Privacy Protection Act Fuel the Next Wave of Class Actions Against Retailers?

Posted in Federal Legislation, Privacy Litigation
Within a month of a California Supreme Court decision in Pineda v. Williams-Sonoma Stores, Inc. (finding ZIP codes constitute personal identification information under California’s Song-Beverly Act), over 100 putative class action law suits were filed against retailers operating in California. A November 22 lawsuit against Best Buy (Siegler v. Best Buy Co. of Minnesota, Inc.)… Continue Reading

RockYou Proposed Settlement Would Leave Decision Standing

Posted in Data Breaches, Privacy Litigation
The parties in the Claridge v. RockYou case submitted a proposed settlement agreement to the court for approval on November 14, 2011.  This case, which was filed shortly after RockYou disclosed a breach that compromised 32 million log-in credentials, received national attention in the spring.  In April 2011, the California federal district court declined to… Continue Reading

Actual Harm is Required even when a Privacy Law Allows for Statutory Damages

Posted in Privacy Litigation
A California federal district court judge found last week that plaintiffs must establish a cognizable injury even when minimum statutory damages are available under a California state statute.  This could prove to be a significant win for the defense bar.  As I discussed here, the recent First Circuit decision in Hannaford could signal a changing… Continue Reading

White Collar Wiretaps: Will Your Own Words Come Back to Haunt You?

Posted in Enforcement, Mobile Privacy, Online Privacy, Privacy Litigation
Jonathan B. New, a partner in Baker Hostetler’s New York office and a member of the firm’s White Collar Defense and Corporate Investigations Team, along with associate attorney Sammi Malek recently authored the article, “White Collar Wiretaps: Will Your Own Words Come Back to Haunt You?” published in the July 21, 2011 issue of the New York… Continue Reading

Loss of Personal Information in Security Breach Results in Loss of Some “Unidentified Value”

Posted in Data Breaches, Online Privacy, Privacy Litigation
A December 2009 SQL injection attack against social network application maker RockYou.com’s database resulted in the breach of 32 million log-in credentials ( e-mail address and password).  Not only did RockYou.com store the log-in credentials of its users in plain text, it also stored those user’s log-in credentials for social networking sites like Facebook and… Continue Reading

If There is Credit Card Fraud, There Must Have Been a Breach

Posted in Data Breaches, Payment Card Industry, Privacy Litigation
U.S. Bank removed a putative class action complaint filed by an online merchant named Paintball Punks to U.S. District Court in Minneapolis on December 6.  The complaint (Paintball v USBank.pdf) alleges that Paintball Punks suffered chargeback losses of $11,259.91 from nine transactions that were fraudulently billed to U.S. Bank-issued credit cards as a result of U.S. Bank’s failure to “remedy known… Continue Reading