On May 5, 2020, the Seventh Circuit held that violations of the section 15(b) disclosure and informed consent provisions of the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) constitute “an invasion of personal rights that is both concrete and particularized” for the purposes of establishing Article III standing to sue in … Continue Reading
As many data breach litigation cases have demonstrated over recent years, the question of a plaintiff’s standing can be quite important to the outcome of each case. While the Supreme Court has addressed standing issues in several cases with potential applicability in the data breach litigation context, most recently in Spokeo, Inc. v. Robins and … Continue Reading
The closely watched lawsuit alleging Spokeo, Inc., violated the Fair Credit Reporting Act (“FCRA”) may proceed, after a federal appeals court ruled — on remand from the Supreme Court — that publication of the inaccuracies alleged by the plaintiff would constitute a sufficiently “concrete” harm to give the plaintiff standing to sue in federal court. … Continue Reading
Customers’ allegations that they face a substantial risk of identity theft as a result of a 2014 data breach are sufficiently plausible to allow their suit against health insurer CareFirst to proceed, the U.S. Court of Appeals for the D.C. Circuit held in an August 1 decision. CareFirst discovered in April 2015 — and announced … Continue Reading
A Seventh Circuit panel that allowed a data breach suit against Neiman Marcus to proceed misapplied the Supreme Court’s precedents on standing and, “if allowed to stand, will impose wasteful litigation burdens on retailers and the federal courts,” the retailer argues in a petition filed yesterday asking the full Seventh Circuit to rehear the case. … Continue Reading
Neiman Marcus customers whose credit card information potentially was exposed in a 2013 breach of the retailer’s computer systems may proceed with their proposed class action lawsuit against the retailer, a federal appeals court ruled Monday. Neiman Marcus discovered in December 2013 that some of its customers had found fraudulent charges on their credit cards, … Continue Reading
In the closely-watched case of Spokeo, Inc. v Robins, the Solicitor General recently filed an amicus brief urging the Court to deny certiorari and leave in place the 9th Circuit’s holding, which could encourage the rising tide of privacy class action litigation. The Solicitor General’s brief—coauthored by the Consumer Financial Protection Bureau—argued that the dissemination … Continue Reading
On Monday, February 12, a Southern District of Ohio district court dismissed two proposed class actions relating to an October 2012 Nationwide Mutual Insurance Co. data breach. Galaria v. Nationwide Mutual Ins. Co., No. 2:13-cv-118 (S.D. Ohio Feb. 10, 2014); Hancox v. Nationwide Mutual Ins. Co., No. 2:13-cv-257 (S.D. Ohio Feb. 10, 2014). The court … Continue Reading
This week, in a 5-4 decision in Clapper et al. v. Amnesty International USA et al., the United States Supreme Court rejected two theories of Article III standing presented by a group of attorneys, human rights, labor, legal, and media organizations who sought a declaration that surveillance under section 1881a of the Foreign Intelligence Surveillance Act … Continue Reading
Yesterday, deeming LinkedIn’s motion to dismiss suitable for decision without oral argument, Judge Koh of the U.S. District Court for the Northern District of California dismissed all eight claims in Low v. LinkedIn with prejudice, ending this litigation. Covington successfully represented LinkedIn in this case, in which plaintiffs alleged that the purported transmittal to certain third … Continue Reading
By Mali Friedman and Simon Frankel With all eyes on the Affordable Care Act today, the United States Supreme Court also quietly dismissed a case that could have had a profound impact on a wide range of citizens’ rights litigation—First American Financial Corp. v. Edwards. Stating only that the writ of certiorari had been “improvidently … Continue Reading
Employees whose personal information might have been accessed in a data breach cannot sue the breached company in federal court based only on the possibility that the breach might lead to identity theft, a federal appeals court ruled Monday. The case, Reilly v. Ceridian Corporation, is a proposed class action brought by employees whose companies … Continue Reading
Class action lawsuits are increasingly being brought against organizations that have suffered data breaches, as well as against companies that are alleged to have allowed third parties access to online or mobile users’ confidential information without authorization (for example the recent Del Vecchio v. Amazon and Low v. LinkedIn cases). A repeated issue in these … Continue Reading
by David Fagan and Alex Berengaut On November 10, 2011, Judge Liam O’Grady of the United States District Court for the Eastern District of Virginia issued a 60-page memorandum opinion in a dispute over the validity of a special court order issued to Twitter for non-content records for certain users connected to the government’s Wikileaks … Continue Reading
Yesterday, Judge Lucy Koh of the U.S. District Court for the Northern District of California granted defendants’ motions to dismiss the consolidated, amended complaint in In re iPhone Application Litigation for lack of Article III standing, with leave to amend. In finding lack of standing, the Court stated that plaintiffs’ allegations were “clearly insufficient” as … Continue Reading
In a recent order, Judge Henderson of the District Court for the Northern District of California denied NebuAd Inc.’s motion to dismiss in Valentine v. NebuAd Inc., No. C08-05113 TEH, finding that plaintiffs had sufficient statutory standing to assert claims under the California Invasion of Privacy Act (“CIPA”) and the California Computer Crime Law (“CCCL”) … Continue Reading
By Eric Bosset Judge Phyllis Hamilton of the U.S. District Court for the Northern District of California recently permitted a lawsuit arising out of a major data security breach suffered by social-media application developer RockYou to survive a motion to dismiss in part, based on the theory that plaintiff had stated a “generalized injury” sufficient to maintain Article III standing—at least at the … Continue Reading
As we’ve described in this recent article, the past year has witnessed a surge in privacy litigation that shows no signs of easing. Many of these suits involve allegations that defendants have used Flash local shared objects (“Flash cookies”) for the purpose of tracking Internet users’ browsing activity. Flash cookies differ from traditional browser cookies in that … Continue Reading