Feeds:
Posts
Comments

Archive for the ‘Data Privacy Class Actions’ Category

Data breach cases are popular targets for class actions these days because a single incident of hacking or theft can expose the sensitive personal or financial information of millions of people at a time.  However, a key hurdle in these cases has been proof of harm sufficient to satisfy the Article III injury-in-fact standard for cases filed in the federal courts (or in state courts that apply a similar injury-in-fact standard).  Recently, plaintiffs have been attempting to get around the standing problem by alleging that they had to incur credit monitoring fees or other out-of-pocket expenses due to a fear of identity theft.

Shannon Tan, associate corporate counsel for Raymond James Financial, Inc., in St. Petersburg, FL, recently authored an insightful article for the IAPP newsletter The Privacy Advisor, titled Supreme Court Wiretap Ruling Upholds Stringent Standing-To-Sue Requirements.  Tan’s article discusses the potential impact of the Supreme Court’s decision in Clapper v. Amnesty International USA on the question of Article III standing in civil data breach cases.  Tan points out that while Clapper is case involving alleged wiretapping by the government, it is likely to make it more difficult for plaintiffs to meet the Article III standing requirements in civil data breach cases because data breaches often don’t result in any immediate harm but only a threat of potential future harm.  A threat of harm must be “certainly impending” to satisfy the Article III standard set forth in Clapper.  This issue is exacerbated in the class action context, because even if some members of the class can prove actual harm, such as identity theft, it is a rare case where the plaintiff would have some common proof that identity theft occurred for all class members, a problem that recently doomed certification of a class action in In re Hannaford Bros. Co. Customer Data Security Breach Litigation.

Read Full Post »

My article for the University of Denver Law Review’s Online Edition entitled Statutory Penalties and Class Actions: Social Justice or Legalized Extortion?  was posted today.  The article discusses potential reforms to address the problem of class actions for statutory penalties giving rise to potentially annihilating liability in cases involving little or no actual harm.  Please check it out.  While you’re there, check out some of the other excellent content on a wide variety of legal topics that the DU Law Review has to offer in its online supplement to its regular print publication.

Read Full Post »

Work commitments have prevented me from posting over the past week, but I wanted to take the opportunity to point out that there have been some notable developments in the privacy class action area over the past week.  Judy Selby covered these developments in a recent blog post for the BakerHostetler Class Action Defense and Data Privacy Monitor blogs.  Selby’s post, titled Hannaford v. comScore – Up and Down Results for Privacy Class Action Defendants, compares and contrasts two recent decisions, one granting and one denying class certification, in privacy cases.

Read Full Post »

Don’t miss the upcoming Strafford webinar on recent developments in TCPA class actions, scheduled for March 20.  My colleague Justin Winquist and I will provide commentary from the defense perspective, while Keith J. Keogh and John G. Watts will offer the plaintiffs’ viewpoint.  For more information about the program and to register, click this link.  Here’s a brief synopsis of the program:

TCPA consumer and privacy class action litigation remains steady following the 2012 milestone U.S. Supreme Court case Mims v. Arrow Financial Services.

The Mims case opened the door for plaintiffs’ attorneys to file TCPA class actions in state or federal court, even where diversity jurisdiction does not exist. Since Mims, defendants have tested state law limitations on federal claims and whether state or federal statutes of limitations defenses apply.

TCPA claims challenging text messages to cellphones are also on the rise, forcing courts to consider how to interpret the Act in light of new technology.

Listen as our authoritative panel of class action attorneys explains the latest trends in telephone and fax advertising under the TCPA, highlighting key issues of federal jurisdiction, state law limitations, and how courts are adapting their decisions to new technology. The panel will provide plaintiff and defense counsel with best practices for litigating in this rapidly-changing area of law.

Read Full Post »

The Baker Hostetler Privacy and Data Protection Team has published a comprehensive guide to the data privacy laws in countries around the world.  The International Compendium of Data Privacy Laws summarizes the civil, criminal, and regulatory data breach and other privacy laws of more than 40 countries.

 

Read Full Post »

According to an article in the Korea JoongAng Daily, a Korean court has issued the first ever judgment in a collective action arising out of a data breach caused by alleged mismanagement of the data, as opposed to intentional conduct.  The Seoul Western District Court’s judgment in favor of 2,882 petitioners against SK Communications was for a total of approximately USD 534,200.   Although the amount may be insignificant by U.S. standards, the judgment reflects a key development in the development of both collective litigation and privacy law abroad.

Postscript: for more on the case, see this story published February 19.

Read Full Post »

The Ninth Circuit Court of Appeals issued a ruling yesterday that will be a blow to plaintiffs seeking to sue call centers in class actions for violations of California’s Invasion of Privacy Law, Cal. Penal Code § 632 (sometimes called the “wiretapping” statute).  The law prohibits the recording or monitoring of confidential telephone calls without the caller’s consent.  It is an appealing basis for class action claims because it provides for statutory penalty of $5,000 per violation, creating the possibility of annihilating exposure in a case that involves a call center that handles thousands of customer calls.

In Faulkner v. ADT Security Services, Inc., the court affirmed the trial court’s dismissal of a claim under the statute based on allegations that a call center for a security company recorded the call of a customer who called with a billing dispute.  The Ninth Circuit fell short of holding that a billing dispute with a security company could never qualify as a “confidential” communication giving rise to liability under the law, but it did observe that whether a particular call was confidential would require unique facts:

For example, a caller might be asked to verify his identity by confirming his social security number or his unlisted telephone number, or to disclose other private or potentially private information. If adequately pled, such facts might well support a finding of confidentiality.

Slip op. at 9, n.***.  The need to examine the particular content of each call to determine whether liability is present would in most cases create an individualized issue of fact preventing class certification.  So, although the ruling does not close the door on claims against call centers for violations of the Invasion of Privacy law, it presents a hurdle to the certification of potentially bankrupting class actions.

Read Full Post »

« Newer Posts - Older Posts »