Archives: Litigation

Subscribe to Litigation RSS Feed

District Court Dismisses Multiple Counts in FTC’s Complaint Against D-Link

On September 19, 2017, the U.S. District Court for the Northern District of California dismissed three of the six counts in the Federal Trade Commission’s (“FTC’s”) January 2017 complaint against D-Link Systems, Inc., allowing the FTC until October 20, 2017 to amend its complaint. The FTC’s complaint alleged that D-Link engaged in unfair and deceptive … Continue Reading

Recent Cases on E-Mail “Spoofing” Coverage Highlight the Impact of Specific Crime Policy Wordings

By Benjamin Duke, Matt Schlesinger, and Scott Levitt [This article was also published as a Client Alert.] Two recent federal district court decisions involving computer “spoofing” scams highlight the uncertainty about whether such incidents may be covered under standard “computer fraud” provisions in widely used crime insurance forms. The conflicting results in these cases provide … Continue Reading

Ninth Circuit Holds That Spokeo Plaintiff Has Standing to Proceed on Claim Over Inaccurate Information

The closely watched lawsuit alleging Spokeo, Inc., violated the Fair Credit Reporting Act (“FCRA”) may proceed, after a federal appeals court ruled — on remand from the Supreme Court — that publication of the inaccuracies alleged by the plaintiff would constitute a sufficiently “concrete” harm to give the plaintiff standing to sue in federal court.  … Continue Reading

Is The Hutchins Indictment Over Malware Unconstitutional?

By Alex Berengaut [This article also was published in Law360.] In May 2017, the “WannaCry” malware was used to launch a worldwide ransomware cyberattack. WannaCry encrypted files on victim computers and demanded a ransom payable in bitcoin to provide the encryption key. The attack was stopped when a British security researcher, Marcus Hutchins, accidentally discovered … Continue Reading

D.C. Circuit: Data Breach Plaintiffs Plausibly Allege ‘Substantial Risk’ of
ID Theft Sufficient to Support Standing

Customers’ allegations that they face a substantial risk of identity theft as a result of a 2014 data breach are sufficiently plausible to allow their suit against health insurer CareFirst to proceed, the U.S. Court of Appeals for the D.C. Circuit held in an August 1 decision. CareFirst discovered in April 2015 — and announced … Continue Reading

Second Circuit in Silk Road Appeal: No Fourth Amendment Protection in IP Addresses under the Third Party Doctrine

In February 2015, a jury convicted Ross Ulbricht of drug trafficking and other crimes associated with his creation and operation of Silk Road, an online marketplace whose users primarily purchased and sold illegal goods and services.  A federal judge in the U.S. District Court for the Southern District of New York then sentenced Ulbricht to … Continue Reading

Ninth Circuit Will Rehear Dismissal of FTC Throttling Suit

The Ninth Circuit announced today that the full court will rehear the case in which the three-judge panel opinion had dismissed the FTC’s lawsuit against AT&T for allegedly violating Section 5 of the FTC Act due to past “throttling” practices around unlimited data plans.  According to the panel opinion, the FTC lacked jurisdiction over AT&T’s … Continue Reading

Eleventh Circuit Hands Another VPPA Loss to Video App Plaintiffs

In Perry v. Cable News Network, the Eleventh Circuit dealt another loss to putative class-action plaintiffs seeking to use the Video Privacy Protection Act (“VPPA”) as a weapon against free online video services. The court affirmed that to be a “subscriber” of a video service—someone who can sue under the VPPA—one must have a genuine … Continue Reading

U.S. Supreme Court Denies Cert In VPPA Case

Yesterday, the Supreme Court denied certiorari in In re Nickelodeon Consumer Privacy Litigation, a case addressing whether static digital identifiers like internet protocol (IP) addresses qualify as personally identifiable information (PII) under the Video Privacy Protection Act (VPPA).  As a result, the Third Circuit’s June 27, 2016 decision in the case—which held that IP addresses … Continue Reading

Data Breach Allegations Sufficient for Standing After Spokeo, Court Says

On Monday, the U.S. District Court for the District of Kansas ruled that the named plaintiff for a putative class of CareCentrix employees whose personal information was compromised had alleged enough harm for standing under Spokeo, Inc. v. Robins.  The case is Hapka v. CareCentrix, Inc. In early 2016, a phishing attack compromised defendant CareCentrix’s systems, … Continue Reading

California Judge Upholds CPUC Order to Share Confidential Subscriber Data, But Subject to Adequate Protective Order

On November 3, Judge Vince Chhabria of the U.S. District Court of the Northern District of California held that federal law does not bar the California Public Utilities Commission (CPUC) from requiring telecommunications companies to hand over, under an adequate protective order, confidential subscriber data to The Utility Reform Network (TURN) as part of an … Continue Reading

Ninth Circuit Upholds CDA Immunity Against Plaintiff’s Attempt to “Push[] the Envelope of Creative Pleading”

On Monday, a panel of the Ninth Circuit unanimously ruled that Section 230 of the Communications Decency Act (“CDA”) protected Yelp from liability relating to an allegedly defamatory user-generated review.  In doing so, the Court rejected several attempts by the Plaintiff to plead around the CDA’s broad immunity provisions by accusing Yelp of playing a … Continue Reading

Ninth Circuit Dismisses FTC’s Throttling Suit Against AT&T

In an opinion released today, the Ninth Circuit dismissed the Federal Trade Commission’s (“FTC”) lawsuit against AT&T for violating Section 5 of the FTC Act due to its throttling practices.  AT&T’s practice of throttling the speed of customers with unlimited data plans once they reached a certain data usage threshold had been challenged by the … Continue Reading

Sixth Circuit Allows Lawsuit to Proceed Against Electronic Monitoring Software Company

In a 2-1 decision on August 16, the Sixth Circuit refused to dismiss a claim against the maker of an online surveillance tool for wiretapping under both federal and state laws, and for intrusion against seclusion.  While the breadth of this holding is unclear, and the case may be an outlier, the Sixth Circuit’s reasoning … Continue Reading

Users of Pandora’s Free Service Are Not Customers Under Michigan Privacy Statute, But Questions Remain

Courts continue to grapple with how to apply existing privacy laws to new (and even not-so-new) technology. The recent Ninth Circuit decision, affirming the Northern District of California’s decision to dismiss a proposed class action suit against Pandora for disclosure of listener music preferences in violation of Michigan’s Preservation of Personal Privacy Act (PPPA), resolved … Continue Reading

Third Circuit Takes Narrow View of PII Under the VPPA

Last week, the Third Circuit adopted a narrow definition of “personally identifiable information,” or “PII,” under the Video Privacy Protection Act (“VPPA”), joining the majority of district courts that have addressed similar issues.  The VPPA defines PII as information that “identifies a person as having [obtained a video]” from a video tape service provider (“VTSP”). … Continue Reading

Ninth Circuit: CFAA’s Prohibition on Accessing Computer Without Authorization “Unambiguous”

In a decision released Tuesday, the Ninth Circuit held that the Computer Fraud and Abuse Act’s (“CFAA”) prohibition on accessing a computer “without authorization” is violated when a person whose access to a computer system has been “affirmatively revoked” nonetheless accesses that computer system by other means. In United States v. Nosal, the Ninth Circuit … Continue Reading

Supreme Court Issues Highly Anticipated Spokeo Decision

The Supreme Court released its highly anticipated decision yesterday in Spokeo, Inc. v. Robins, which addresses whether plaintiffs have standing to pursue statutory damages even in the absence of actual harm under the Fair Credit Reporting Act (“FCRA”).  As we previously reported, the case was expected to have significant down-stream implications for standing in privacy … Continue Reading

Video Privacy Protection Act Rulings in Gannett and CNN Reach Opposite Conclusions

In two cases last week, two courts entered widely divergent rulings on the central question of the specific definition of “personally identifiable information,” or “PII,” under the Video Privacy Protection Act (“VPPA”).  The VPPA defines PII as information that “identifies a person as having [obtained a video]” from a video tape service provider (“VTSP”). In … Continue Reading

Seventh Circuit, Relying on Defendant’s Post-Breach Statements, Allows Data Breach Class Action to Proceed

Last week, the Seventh Circuit handed down another friendly ruling for data breach class action plaintiffs, reversing a district court’s dismissal of a class action complaint over a 2014 data breach at P.F. Chang’s restaurants.  In reversing the district court’s holding that the plaintiffs had not demonstrated Article III standing, the Seventh Circuit ruled that … Continue Reading

Judge Denies Neiman’s Motion to Dismiss Data Breach Class Action

A federal judge in the Northern District of Illinois has denied Neiman Marcus Group LLC’s (“Neiman”) motion to dismiss a consumer class action lawsuit arising from a December 2013 data breach at the retailer that exposed about 350,000 credit cards.  As we previously reported, the plaintiffs sued Neiman alleging various claims arising from fraudulent charges … Continue Reading

Wyndham Settles FTC Charges

Wyndham Hotels and Resorts has agreed to settle the FTC’s charges that its corporate data security practices were deficient under the unfairness prong of Section 5 of the FTC Act.  Assuming the district court approves the proposed stipulated consent order, this concludes the litigation between Wyndham and the FTC.  Under the terms of the twenty-year … Continue Reading

Third Circuit Resurrects State Law Claims Against Google in Safari Cookie Tracking Lawsuit

Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law.  The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online … Continue Reading
LexBlog