Archive for IT & Data Protection

11th Cir. Reverses Limited Atty Fee Award Where Plaintiff Had No Actual Damages But Proved Statutory Violation

The U.S. Court of Appeals for the Eleventh Circuit recently affirmed a trial court’s award of $2,500 in statutory damages to a plaintiff whose private information was improperly viewed by a sheriff’s deputy who had a romantic relationship with the plaintiff’s ex-husband in violation of the federal Driver’s Privacy Protection Act (DPPA), holding that the

Read more →

8th Cir. Affirms Dismissal of Data Breach Class Action, But Not for Lack of Standing

The U.S. Court of Appeals for the Eighth Circuit recently affirmed the dismissal of a putative class action complaint alleging various causes of action relating to the cybertheft of personally identifiable information, based in part on the plaintiffs failure to adequately allege any damages caused by the data breach or how the defendant breached the

Read more →

SD Fla. Holds Website That ‘Operates as Gateway to Physical Locations’ Is Subject to ADA

The U.S. District Court for the Southern District of Florida recently held, after a non-jury trial, that a regional supermarket chain violated the federal Americans with Disabilities Act (ADA) because its website was inaccessible to the visually impaired. A copy of the Verdict and Order in Gil v. Winn-Dixie Stores, Inc. is available at:  Link to

Read more →

2nd Cir. Upholds Dismissal of Data Breach Action for Lack of Standing, Distinguishes 7th Cir. Rulings

The U.S. Court of Appeals for the Second Circuit recently affirmed the dismissal of a “data breach” lawsuit against a retailer, holding that the plaintiff lacked standing for failure to allege a cognizable injury. A copy of the opinion in Whalen v. Michaels Stores, Inc. is available at:  Link to Opinion. The plaintiff made credit

Read more →

CD Calif. Cites Lack of Clear Regulatory Guidance in Dismissing ADA Claims Relating to Website Accommodations for Visually-Impaired

The U.S. District Court for the Central District of California recently dismissed a claim brought under the federal Americans with Disabilities Act (ADA) brought by a visually-impaired plaintiff who alleged that the defendant pizza company’s website did not permit users to complete their purchases using a screen-reading software program.  The plaintiff also alleged that the

Read more →

8th Cir. Reverses Data Breach Class Settlement, Holds Appellate Bond Not to Include Delay-Based Administrative Costs

In a data breach putative class action, the U.S. Court of Appeals for the Eighth Circuit recently held that the trial court had not conducted the required “rigorous analysis” of Federal Rule of Civil Procedure 23(a)’s class certification prerequisites when certifying the settlement class or when evaluating arguments raised by class objectors. Additionally, the Eighth

Read more →

7th Cir. Upholds Dismissal of Unlawful Data Retention Claim Under Spokeo

The U.S. Court of Appeals for the Seventh Circuit recently held that although a consumer’s suit against a cable service provider for failing to destroy his personal information was a substantive violation of the federal Cable Communications Policy Act, it failed to allege a concrete injury sufficient to confer standing. A copy of the opinion

Read more →

6th Cir. Reverses Dismissal of Data Breach Consolidated Class Actions

In an unpublished ruling, the U.S. Court of Appeals for the Sixth Circuit recently reversed the dismissal of consolidated class actions arising from a data breach, holding that the plaintiffs had Article III standing to pursue certain tort claims and that the district court had erred in dismissing a federal Fair Credit Reporting Act claim

Read more →

8th Cir. Holds Cybertheft Covered by Financial Institution Bond Applying ‘Concurrent Causation’ Doctrine

The U.S. Court of Appeals for the Eighth Circuit recently held that a bank was entitled to recover its cybertheft losses under its financial institution bond, despite its employee’s violation of the bank’s internal policies and procedures, and despite the bank’s failure to update its antivirus software, holding that Minnesota’s “concurrent causation” doctrine applies to

Read more →

7th Cir. Holds Data Breach Plaintiffs Alleged Enough for Article III Standing, but Ruling May Not Hold Up Under Spokeo

Reversing the trial court’s ruling dismissing the action for lack of standing, the U.S. Court of Appeals for the Seventh Circuit recently held that the increased risk of fraudulent credit or debit card charges and possible identity theft due to a data breach that already occurred was “certainly impending future harm” and was sufficient for

Read more →

FTC’s Big Data Report Provides Recommendations, Raises Compliance Issues

The Federal Trade Commission has released a report examining the benefits, potential risks, and legality of the use of big data in business. Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues focuses on how big data is used after it is collected and how that information could result in discrimination against consumers.

Read more →

Congress Adds New Exception to GLBA Annual Privacy Act Notices

Section 75001 of the recently enacted Fixing America’s Surface Transportation (FAST) Act provides a new exception to the annual privacy notice requirement under the Gramm-Leach-Bliley Act (GLBA). The language of the provision is as follows: SEC. 75001. EXCEPTION TO ANNUAL PRIVACY NOTICE REQUIREMENT UNDER THE GRAMM-LEACH-BLILEY ACT. Section 503 of the Gramm-Leach-Bliley Act (15 U.S.C.

Read more →