A federal judge in the Northern District of Illinois has denied Neiman Marcus Group LLC’s (“Neiman”) motion to dismiss a consumer class action lawsuit arising from a December 2013 data breach at the retailer that exposed about 350,000 credit cards. As we previously reported, the plaintiffs sued Neiman alleging various claims arising from fraudulent
Wyndham Hotels and Resorts has agreed to settle the FTC’s charges that its corporate data security practices were deficient under the unfairness prong of Section 5 of the FTC Act. Assuming the district court approves the proposed stipulated consent order, this concludes the litigation between Wyndham and the FTC. Under the terms of the twenty-year…
Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law. The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online activity while publicly professing to respect users’ Safari browser settings. While the Third Circuit affirmed the trial court’s dismissal of federal claims under the Wiretap Act, the Stored Communications Act (SCA), and the Computer Fraud and Abuse Act (CFAA), the court vacated the district court’s dismissal of the plaintiffs’ claims under California tort law and the California constitution’s right to privacy.
A man who alleges he received an unauthorized prerecorded call on the landline he shared with his roommate has standing to proceed with his lawsuit under the Telephone Consumer Protection Act (“TCPA”), the U.S. Court of Appeals for the Third Circuit ruled.
Mark Leyse’s lawsuit against Bank of America alleges that a telemarketer advertising Bank of America credit cards called a residential landline registered to Genevieve Dutriaux, Leyse’s roommate, using a prerecorded message. Among other things, the TCPA generally prohibits making a non-emergency call “to any residential telephone line using an artificial or prerecorded voice” unless the caller has “the prior express consent of the called party” or the FCC has exempted the type of call at issue. The TCPA further states that “[a] person or entity” may sue based on a violation of that restriction, and may seek $500 in statutory damages for each violation (or $1,500 if the plaintiff proves the violation was willful or knowing).
The parties agreed that the telemarketer intended to call Dutriaux, who was listed as the subscriber to the phone line. Accordingly, Bank of America moved to dismiss Leyse’s lawsuit, arguing that Leyse was not the “called party” and thus had no standing to sue under the TCPA. Courts have disagreed on whether a TCPA plaintiff must be the “called party,” and if so whether the “called party” is the same as the “intended recipient.”
Continue Reading Third Circuit: TCPA Suit By Roommate Who Answered Prerecorded Call Can Proceed
On October 9, the Eleventh Circuit affirmed in Ellis v. Cartoon Network, Inc. that a person who downloads and uses a free mobile application to view freely available content is not, without more, a “subscriber” under the Video Privacy Protection Act (“VPPA”).
Cartoon Network offers a free mobile app that people can download to watch…
In one of the first decisions evaluating Telephone Consumer Protection Act (TCPA) claims under the FCC’s recent omnibus TCPA order, the Northern District of California dismissed a putative class action lawsuit alleging that AOL violated the TCPA when users of its Instant Messenger service (AIM) sent text messages to incorrect recipients. After the court dismissed…
A Seventh Circuit panel that allowed a data breach suit against Neiman Marcus to proceed misapplied the Supreme Court’s precedents on standing and, “if allowed to stand, will impose wasteful litigation burdens on retailers and the federal courts,” the retailer argues in a petition filed yesterday asking the full Seventh Circuit to rehear the case.
Last month, a Seventh Circuit panel ruled that Neiman Marcus customers whose credit card information potentially was exposed in a 2013 breach of the retailer’s computer systems could proceed with their proposed class action lawsuit against the retailer. The panel found that the plaintiffs alleged sufficient “injuries associated with resolving fraudulent charges and protecting oneself against future identity theft” to establish their standing to sue in federal court, and that affected customers “should not have to wait until hackers commit identity theft or credit‐card fraud in order to give the class standing, because there is an ‘objectively reasonable likelihood’ that such an injury will occur.” The panel also found it “telling” that the retailer offered affected customers a year of free credit monitoring and identity-theft protection, and appeared to interpret this as a tacit acknowledgment that the risk to customers was more than “ephemeral.”
Continue Reading Neiman Marcus Asks Full 7th Circuit to Consider Standing Ruling in Breach Suit
Neiman Marcus customers whose credit card information potentially was exposed in a 2013 breach of the retailer’s computer systems may proceed with their proposed class action lawsuit against the retailer, a federal appeals court ruled Monday.
Neiman Marcus discovered in December 2013 that some of its customers had found fraudulent charges on their credit cards, and after an investigation the retailer disclosed in early January 2014 that a data breach had exposed about 350,000 credit cards, of which 9,200 were known to have been used fraudulently. The plaintiffs sued Neiman Marcus, alleging — among other claims — that the company was negligent, breached its implied contract with customers, engaged in unfair and deceptive business practices, and violated state data breach laws.
Monday’s ruling comes at a preliminary stage of the case and addressed only whether the plaintiffs’ allegations, if proved, would meet the requirements of Article III of the U.S. Constitution, which requires that federal courts hear only actual “cases or controversies.” The Supreme Court has held that this requirement bars lawsuits where the plaintiffs have not alleged that they have suffered or imminently will suffer a concrete injury. The Supreme Court emphasized in a 2013 ruling, Clapper v. Amnesty International USA, that plaintiffs seeking to establish standing based on a risk of future injury must show that the threatened injury is “certainly impending,” a standard plaintiffs in other data breach cases have struggled to meet.
Continue Reading Data Breach Plaintiffs Allege Enough Risk of Harm for Suit to Proceed, Appeals Court Rules
On June 22, the Supreme Court issued its decision in Los Angeles v. Patel, striking down a Los Angeles city ordinance that allowed law enforcement to inspect hotel guest registers on demand as facially unconstitutional. Writing for a 5-4 majority, Justice Sotomayor held that the ordinance violated the Fourth Amendment by failing to provide for any form of review of search requests before hotels were forced to comply with law enforcement demands. According to the Court, this failure was fatal to the City of Los Angeles’ argument that the ordinance satisfies the requirements for the administrative search exception to the Fourth Amendment’s warrant requirement.
Continue Reading Supreme Court Strikes Down Ordinance Authorizing Warrantless Searches of Hotel Records
In an order adopted at Thursday’s Open Meeting, the Federal Communications Commission acted on 23 petitions or other requests for clarification regarding the application of the Telephone Consumer Protection Act, a federal law that restricts telemarketing and certain other types of calls. The FCC has issued a news release describing yesterday’s order as an effort to “clos[e] loopholes and strengthen consumer protections already on the books.” The text of the order is expected to be released in the coming days.
Continue Reading FCC Ruling Tightens TCPA Restrictions; Dissenters Warn of Increased Class-Action Abuse