VPPA, litigation, Privacy Law
VPPA Claims: Could Your Site Be Next?
By Justine Young Gottshall and Chloé Nelson on June 13, 2023
anthem, ashley madison, class actions, cyberattack, FTC, FTC Act section 5, liability, privacy, reasonable security
A Reasonable Security Blanket
By W. Scott Blackmer on July 21, 2017
Breach, breach notification, cyber insurance, cyberinsurance, heartland payment processor, litigation, PCI DSS, point of sale breach, Target, TJX
Payment Card Breaches: Time to Spread the Risk with Mandatory Cyber Insurance
By InfoLawGroup LLP on February 24, 2014
BitTorrent, copyright, infringement, joinder, litigation
Court Dismisses BitTorrent Defendants Wrongly Joined in Copyright Infringement Action
By InfoLawGroup LLP on August 03, 2013
Breach, damages, litigation, personal information, privacy, security breach litigation
California Federal Court Holds that Damages Properly Alleged in RockYou Data Breach Case
By InfoLawGroup LLP on April 19, 2011
In what may be a sign of an evolving judicial atmosphere and approach concerning data breach lawsuits, a Federal judge in the Northern District of California District Court recently refused to dismiss various causes of action related to a data breach involving RockYou. In particular, the Court explored the issue of whether the plaintiff sufficiently alleged "harm" arising out of the data breach. This blog post takes a look the highlights of the Court's decision.
litigation, personal information, privacy
MySpace Sued for Alleged Privacy Violations
By InfoLawGroup LLP on April 15, 2011
Breach, consumer fraud law, damages, duty, employee, employee privacy, employer, litigation, negligence, notification, social security number
IL Appellate Court: No Duty Exists to Safeguard SSNs for Purposes of a Negligence Claim
By InfoLawGroup LLP on February 03, 2011
InfoLawGroup recently discovered a new data breach case, one of the first that we are aware of in the United States, that dives deep into the issue of whether a common law duty exists to safeguard personal information. In Cooney, et. al v. Chicago Public Schools, et. al¸ an Illinois appellate court actually rendered a decision holding that no such duty exists under Illinois law. In this blogpost we take a closer look at the court's rationale for dismissing the plaintiffs' negligence claim, as well as the other interesting holdings of the court.
behavorial advertising, CFAA, cookies, deep packet inspection, EPCA, flash cookies, hmtl5, litigation, mobile privacy, privacy, SCA, Security
While We Were Shopping, the Privacy Legal Risk Environment Shifts Again
By InfoLawGroup LLP on January 18, 2011
2010. What a year for data security and privacy, and the law. Choose whatever story you want: Facebook privacy practices, Google Buzz, Wikileaks data breach , TSA full body scanning at the airports, FTC Do Not Track, etc. I am having trouble thinking of a week (perhaps even a day) in 2010 where there wasn't a big privacy or data security story reported at a major media outlet. It is difficult to come up with an issue in 2010 (except perhaps "the economy" or the healthcare debate) that became more firmly lodged in the public consciousness than privacy and data security.While we were all thinking about Halloween and Thanksgiving, and trying to avoid the crush of Hanukah, Christmas and New Years, several privacy lawsuits were filed against online behavioral tracking companies and some of their clients. In my view these lawsuits and the activity that arises out of them (regulatory and otherwise) will be one of the big data security and privacy stories of 2011.
What follows is a very brief listing of some the key lawsuits from 2010 that InfoLawGroup is aware of and tracking. There may be more that are not on the list (such is pace of change in this space) and if you know of others, please send them to me so I can list them here to serve as a resource for the larger privacy community. Over the course of 2011 (and beyond) InfoLawGroup will be taking a deeper look at these cases and providing updates as they progress through motion practice, trial and settlement.
damages, Hannaford, litigation, payment card, PCI DSS, security breach
"Damages" Last Stand - Maine Supreme Court Puts an End to the Hannaford Bros. Breach Suit
By InfoLawGroup LLP on September 22, 2010
The Maine Supreme Court has rendered its opinion on the "damages" issue in the Hannaford Bros. consumer security breach lawsuit. Again, the plaintiffs have been unable to establish that they suffered any harm as a result of the Hannaford security breach. Specifically, the Court ruled that "time and effort" alone spent to avoid or remediate reasonably foreseeable harm do not constitute "a cognizable injury for which damages may be recovered." In this blogpost we take a closer look at the Court's rationale.
authentication, banking, Breach, FFEIC, liability, litigation, phishing, reasonable, reasonable security, UCC 4A-202
EMI v. Comerica: Court Finds Bank's Security is Commercially Reasonable -- Bank Loses Motion for Summary Judgment
By InfoLawGroup LLP on August 12, 2010
An odd result -- we know. We previously reported on the lawsuit filed by Experi-Metal, Inc. ("EMI") and the subsequent motion for summary judgment (and briefs) filed by Comerica Bank to have the case dismissed. As reported in July, the U.S. District Court for the Eastern District of Michigan has issued a ruling on Comerica's motion for summary judgment. To make a long story short, the Court denied Comerica's motion and this case appears headed toward trial (or potentially settlement). In the course of its ruling the Court found that Comerica had utilized commercially reasonable security procedures. However, that ruling had more to do with the language in Comerica's contracts than an actual substantive analysis of the reasonableness of Comerica's security. In this blogpost, we take a look at the Court's ruling.
Breach, fiduciary duty, Heartland, litigation, negligence, payment card, PCI DSS, third party beneficiary
Heartland Bank and Keybank's Motion to Dismiss
By InfoLawGroup LLP on July 13, 2010
banking, fraud, HIPAA, Mexico, privacy, reasonable, reasonable security, Regulation, Security
Quickhits: Dog Days of Summer Edition
By InfoLawGroup LLP on July 08, 2010
authentication, banking, Breach, FFEIC, liability, litigation, phishing, reasonable, reasonable security, UCC 4A-202
EMI v. Comerica: Comerica's Motion for Summary Judgment
By InfoLawGroup LLP on June 30, 2010
Back in February 2010, we reported on an online banking lawsuit filed by by Experi-Metal Inc. ("EMI") against Comerica (the "EMI Lawsuit"). As you might recall this case involved a successful phishing attack that allowed the bad guys to get the EMI's online banking login credentials and wire transfer about $560,000 from EMI's account (the original amount was $1.9 million, but Comerica was able to recover some of that). The bad guys were able to foil Comerica's two factor token-based authentication with a man in the middle attack. Comerica did not reimburse EMI for the loss, and this lawsuit resulted. In April 2010, Comerica filed a motion for summary judgment in order to dismiss the case. The motion has been fully briefed by both sides, and this blogpost looks at the arguments being made by the parties
1st Amendment, 4th Amendment, Apple, Breach, Facebook, health information, Kroll, litigation, opt-in, opt-out, Quon, security breach, security schedule
Quickhits: 4th Amendment & the Cloud; Dept. of Commerce Explores Privacy; Apple Plays Hardball; Kroll on Healthcare Data Security; The Senate on Facebook Privacy
By InfoLawGroup LLP on April 26, 2010
4A-202, banking, Breach, FFIEC, litigation, measures, online, reasonable, reasonable security, Security, security breach litigation, Shames-Yeakel, standards, UCC, UCC 4A-202
The Curious Case of EMI v. Comerica: A Bellwether on the Issue of "Reasonable Security"?
By InfoLawGroup LLP on February 24, 2010
contracting, contracts, indemnification, reasonable, reasonable security, Security, security measures, security schedule, service provider
Developing an Information Security and Privacy Schedule for Service Provider Transactions (Part Two)
By InfoLawGroup LLP on February 18, 2010
contracting, contracts, indemnification, reasonable, reasonable security, Security, security measures, security schedule, service provider
Developing an Information Security and Privacy Schedule for Service Provider Transactions
By InfoLawGroup LLP on February 15, 2010
banking, FFIEC, measures, online, online banking, reasonable, reasonable security, Security, security breach litigation, security breach litigation security measures, security standards, Shames-Yeakel, UCC 4A-202
Online Banking and "Reasonable Security" Under the Law: Breaking New Ground?
By InfoLawGroup LLP on January 13, 2010
ADCR, BJ, BJ Wholesale Club, Breach, card, Club, damages, doctrine, economic, economic loss doctrine, fraud, Hannaford, litigation, loss, Massachusetts, mastercard, negligence, payment, payment card, PCI DSS, PCI DSS litigation, retailers, TJX, unfair practices, unfair practices Massachusetts visa mastercard ADCR, visa, Wholesale
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift
By InfoLawGroup LLP on December 23, 2009
litigation, payment, payment card, PCI DSS, PCI DSS Radiant Systems, Radiant, Savvis, security breach litigation, security breach litigation service provider, service provider, Systems
The Merchants Strike Back?
By InfoLawGroup LLP on December 03, 2009
