The Illinois Supreme Court recently clarified when a Biometric Information Privacy Act (BIPA) claim accrues: each time, and not just the first time, a person’s biometric information is collected without consent. BIPA requires...more
3/7/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Employer Liability Issues ,
Employment Litigation ,
Fingerprints ,
IL Supreme Court ,
Illinois ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government
It’s the call you hope you never get. Your company has been hit with a ransomware attack. Your systems are offline. Your customer data was stolen by an unknown threat actor who is threatening to leak it. You have lots of...more
4/1/2022
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Extortion ,
FBI ,
FinCEN ,
Hackers ,
Information Technology ,
Office of Foreign Assets Control (OFAC) ,
Personally Identifiable Information ,
Ransomware ,
Risk Management
In a highly anticipated ruling, the Illinois Supreme Court on January 25, 2019, held that plaintiffs who violated the Illinois Biometric Information Privacy Act — which regulates the collection of biometric information such...more
1/30/2019
/ Actual Injuries ,
Amusement Parks ,
Appeals ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Fingerprints ,
IL Supreme Court ,
Injunctive Relief ,
Liquidated Damages ,
Parental Consent ,
Personally Identifiable Information ,
Private Right of Action ,
Putative Class Actions ,
Risk Mitigation ,
Standing ,
Statutory Violations
The Pennsylvania Supreme Court recently held that employers have “a legal duty to safeguard” the personal data of their employees which is stored on internet-accessible computer systems and that the economic loss doctrine...more
12/20/2018
/ Breach of Duty ,
Breach of Implied Contract ,
Class Action ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Storage ,
Duty to Protect ,
Economic Damages ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Hackers ,
Identity Theft ,
Negligence ,
PA Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Reasonable Care ,
Remand ,
Reversal
What You Need to Know Now -
• The new law takes effect January 1, 2020, but there’s a lot to do so you need to start work now.
• The new law expands the definition of personal information and gives California consumers...more
7/17/2018
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Data-Sharing ,
Disclosure Requirements ,
Enforcement ,
Governor Brown ,
Minors ,
New Legislation ,
Notice Requirements ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Right to Delete ,
Statutory Damages ,
Third-Party Service Provider ,
Vendors
The U.S. Court of Appeals for the Third Circuit has found that plaintiffs must show a causal connection between the theft of their personal information and the purported harm that they have suffered in order to survive a...more
7/13/2018
/ Appeals ,
Breach of Contract ,
Data Breach ,
Data Privacy ,
Data Security ,
Discovery ,
Dismissals ,
Economic Loss Doctrine ,
Former Employee ,
Fraudulent Charges ,
Hackers ,
Motion for Summary Judgment ,
Personally Identifiable Information ,
Property Theft ,
Putative Class Actions ,
Unjust Enrichment
The U.S. Court of Appeals for the Fourth Circuit has found that allegations that fraudsters used the personal information of data breach victims are sufficient to establish standing even without any fraudulent charges...more
6/27/2018
/ Appeals ,
Article III ,
Class Action ,
Cybersecurity ,
Data Breach ,
Debit and Credit Card Transactions ,
Fraudulent Charges ,
Identity Theft ,
Injury-in-Fact ,
Negligence ,
Personally Identifiable Information ,
Pleading Standards ,
Popular ,
Remand ,
Standing ,
Subject Matter Jurisdiction ,
Vacated
Overview (10. – 6.) -
10. The European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. It applies to the processing of “personal data” of EU citizens and residents (a/k/a “data...more
6/20/2018
/ Consent ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Subjects Rights ,
e-Discovery ,
Electronically Stored Information ,
Encryption ,
EU ,
EU Data Protection Laws ,
Exceptions ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Third-Party Service Provider
The U.S. Court of Appeals for the Ninth Circuit has found that allegations of a future risk of identity theft resulting from a data breach are sufficient to establish standing....more
3/12/2018
/ Article III ,
Consumer Fraud ,
Corporate Counsel ,
Customer Information ,
Cyber Attacks ,
Data Breach ,
Hackers ,
Identity Theft ,
Injury-in-Fact ,
Internet Retailers ,
Motion to Dismiss ,
Personally Identifiable Information ,
Putative Class Actions ,
Retail Market ,
Standing ,
Zappos
The Federal Trade Commission on Jan. 8 announced its first settlement of alleged violations of the Children’s Online Privacy Protection Act arising from internet-connected toys. The FTC complaint against VTech followed the...more
1/24/2018
/ Children's Products ,
Children's Toys ,
Connected Items ,
COPPA ,
Data Breach ,
Data Collection ,
Data Security ,
Federal Trade Commission (FTC) ,
Internet of Things ,
Online Safety for Children ,
Personally Identifiable Information ,
Popular ,
Regulatory Violations ,
Settlement
The U.S. Court of Appeals for the Ninth Circuit held in Eichenberger v. ESPN that allegations that the Video Privacy Protection Act was violated are sufficient to establish Article III standing, but that the definition of...more
12/7/2017
/ Appeals ,
Article III ,
Consumer Privacy Rights ,
Data Collection ,
ESPN ,
Internet ,
Internet Streaming ,
Personally Identifiable Information ,
Roku ,
Standing ,
Television Programming ,
VPPA
Equifax, one of the three nationwide credit bureaus that track and rate the financial history of consumers, announced in September that it had suffered a data breach exposing personal information of up to 143 million...more
9/25/2017
/ Breach Notification Rule ,
Credit Reporting Agencies ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Emergency Management Plans ,
Equifax ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Risk Management
The U.S. Court of Appeals for the Eighth Circuit held that allegations of a future risk of identity theft resulting from a data breach are not sufficient to establish standing. The August 30 ruling in In re SuperValu Customer...more
The U.S. Court of Appeals for the Eighth Circuit has held that allegations that the security provisions of a privacy policy were violated are sufficient for standing in a data breach case, but that plaintiffs’ contractual...more
8/28/2017
/ Article III ,
Bitcoin ,
Breach of Contract ,
Breach of Implied Contract ,
Corporate Counsel ,
Data Breach ,
Gambling ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Privacy Policy ,
Putative Class Actions ,
Scottrade ,
Standing ,
Stock Prices ,
Unjust Enrichment
This week, the U.S. Court of Appeals for the Second Circuit issued an important decision in Whalen v. Michaels Stores, placing the court at the center of the controversy around what allegations are sufficient to establish...more
5/9/2017
/ Article III ,
Corporate Counsel ,
Credit Cards ,
Data Breach ,
Fraudulent Charges ,
Hackers ,
Identity Theft ,
Malware ,
Michaels ,
Personally Identifiable Information ,
Pleading Standards ,
Popular ,
Putative Class Actions ,
Retail Market ,
Standing
Last week, the U.S. Court of Appeals for the Eleventh Circuit held that allegations that personally identifiable information was disclosed without consent in violation of the Video Privacy Protection Act were sufficient to...more
5/3/2017
/ Article III ,
CNN ,
Corporate Counsel ,
Data Collection ,
Digital Media ,
Injury-in-Fact ,
Mobile Apps ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Prior Express Consent ,
Putative Class Actions ,
Spokeo v Robins ,
Standing ,
Subscribers ,
VPPA ,
Web Tracking
The U.S. Court of Appeals for the Fourth Circuit has made it more difficult to establish Article III standing in data breach cases both at the pleading stage and at summary judgment by requiring plaintiffs to allege and show...more
2/23/2017
/ Actual Injuries ,
Article III ,
Corporate Counsel ,
Data Breach ,
Future Harm ,
Identity Theft ,
Medical Records ,
Personally Identifiable Information ,
Pleadings ,
Privacy Act of 1974 ,
Split of Authority ,
Standing ,
Summary Judgment ,
Young Lawyers
Last week, the Third Circuit held that allegations of the unauthorized disclosure of personal information in violation of the Fair Credit Reporting Act (FCRA) constituted a de facto injury sufficient to confer standing at the...more
1/25/2017
/ Appeals ,
Article III ,
Blue Cross ,
Blue Shield ,
Class Action ,
Consumer Reporting Agencies ,
Cookies ,
Data Breach ,
De Facto Injury ,
Dismissals ,
Fair Credit Reporting Act (FCRA) ,
Health Insurance ,
Personally Identifiable Information ,
Pleadings ,
Reversal ,
Standing ,
Statutory Rights ,
Unauthorized Disclosure ,
Web Browsers
Privacy Shield – An Early Reflection -
EU law generally prohibits the transfer of personal data from the European Economic Area to the U.S., unless the transfer is made in accordance with an authorized data transfer...more
10/25/2016
/ Article III ,
Cable Communications Protection Act (CCPA) ,
Confidential Information ,
COPPA ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Collection ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Equal Employment Opportunity Commission (EEOC) ,
EU ,
EU-US Privacy Shield ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
Injury-in-Fact ,
International Data Transfers ,
IP Addresses ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Standing ,
Video Privacy Protection Act ,
VPPA ,
Wellness Programs
Last week, the Sixth Circuit held that allegations that personal information was stolen following a data breach was sufficient to confer Article III standing to sue to the affected individuals, even in the absence of...more
9/20/2016
/ Article III ,
Class Action ,
Corporate Counsel ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
Insurance Industry ,
Nationwide Insurance Co. ,
Personally Identifiable Information ,
Popular ,
Standing
Last week, the Eighth Circuit became the first Circuit Court to address the reach of Spokeo v. Robbins in a privacy case, holding that a plaintiff’s allegation that a cable company’s retention of his personal information in...more
After a two-year comment process, the Federal Trade Commission adopted its long-awaited amendments to the Children's Online Privacy Protection Rule in December 2012. The amendments, which go into effect July 1, 2013,...more
1/21/2013
/ Advertising ,
Behavioral Advertising ,
COPPA ,
Data Collection ,
Federal Trade Commission (FTC) ,
Internet Service Providers (ISPs) ,
Mobile Apps ,
Notice Requirements ,
Parental Consent ,
Personally Identifiable Information ,
Safe Harbors ,
Social Media ,
Websites