The year 2020 offers to be an interesting one for bankruptcy litigation. With several issues before the Supreme Court, at least one will have a material effect on financial services. In addition, higher credit costs will spur an increase in the number of bankruptcy filings, both on the consumer and commercial side. With the California Consumer Privacy Act taking effect on Jan. 1, it will not be long before we see issues arising from it percolating into bankruptcy cases.
Posts published in “Data Privacy and Security”
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and introduced privacy concepts that were new to some U.S. businesses. Fortunately, the GDPR was developed over a period of time that allowed for thoughtful deliberation and careful drafting. The California Consumer Privacy Act (CCPA), on the other hand, was speedily enacted under the threat of a ballot initiative.
The federal banking regulators and the CFPB recently issued an “Interagency Statement on the Use of Alternative Data in Credit Underwriting,” stating in sum that the agencies “encourage responsible use” of alternative data, especially in the context of credit underwriting.
The U.S. Court of Appeals for the Third Circuit recently vacated an order approving the settlement of a class action certified under Rule 23(b)(2), where the only benefit to the class was the defendant’s payment of a cy pres award to organizations that promoted data privacy. In so ruling, the Third Circuit held that the trial court did not adequately scrutinize the settlement agreement’s broad release of claims for money damages, and the parties’ designation of cy pres recipients, as required by Rule 23(e). A copy of the opinion in In re Google Inc. Cookie Placement Consumer Privacy Litigation is…
The U.S. Court of Appeals for the Ninth Circuit recently held that class plaintiffs alleged a concrete and particularized harm sufficient to confer Article III standing where the defendant company’s alleged collection, use, and storage of the plaintiffs’ biometric information was the substantive harm targeted by the Illinois Biometric Information Privacy Act (BIPA), which statute protects the plaintiffs’ concrete privacy interests. The Ninth Circuit further held that the district court did not abuse its discretion in certifying the class. Accordingly, the Ninth Circuit affirmed the district court orders certifying the class, and denying the defendant’s motion to dismiss. A copy…
In a class action arising from a data breach at a retailer that resulted in the theft of millions of consumers’ credit card information, the U.S Court of Appeals for the Eleventh Circuit recently held that the fee arrangement included as part of the settlement was a fee-shifting contract and the constructive common fund doctrine did not apply, reversing as an abuse of discretion the trial court’s use of a fee multiplier in a fee-shifting case. A copy of the opinion in Northeastern Engineers Federal Credit Union, et al. v. Home Depot, Inc., et al. is available at: Link to Opinion.…
The U.S. Court of Appeals for the Seventh Circuit recently held that a blind plaintiff lacked standing to sue under the Americans with Disabilities Act (ADA) for alleged accessibility problems with a credit union’s website because he could not establish an injury in fact as a non-member. A copy of the opinion in Carello v. Aurora Policemen Credit Union is available at: Link to Opinion. The plaintiff, who is blind, sued a credit union, alleging that the credit union’s website violated his rights under the ADA because it was not accessible to blind people. Specifically, the plaintiff claimed that the credit…
On June 25, the Illinois Legislature sent Senate Bill 1624 to Gov. J. B. Pritzker. The legislation adds a requirement to Illinois’ data breach notification law to notify the attorney general in the event of certain data breaches. The bill will become law if not returned by the governor by Aug. 24, 2019. The legislation would amend the Personal Information Protection Act, 815 ILCS 530/10, by requiring that any data collector who must inform more than 500 Illinois residents of a data breach also provide notice to the attorney general describing: the nature of the breach; the number of affected residents;…
Texas Enacts Amendments to Data Breach Notification Law; Creates Privacy Protection Advisory Council
Texas Enacts Amendments to Data Breach Notification Law; Creates Privacy Protection Advisory Council
On June 14, Texas Gov. Greg Abbott signed into law House Bill 4390 which amends the notification requirements of Texas’ data breach law and creates an advisory council to study data privacy laws generally. The provisions become effective Jan. 1, 2020. Currently, a person conducting business in Texas who “owns or licenses computerized data that includes sensitive data” must disclose the breach to any affected individual “as quickly as possible.” Tex. Bus. & Com. Code § 521.053(b). The amendments will require the disclosure “be made without unreasonable delay and in each case not later than the 60th day after the…
The U.S. Court of Appeals for the Eighth Circuit recently upheld the dismissal of an alleged data breach victim’s allegations under the Illinois Consumer Fraud and Deceptive Business Practices Act, the Illinois Personal Information Protection Act, and the Illinois Uniform Deceptive Trade Practices Act, as well as various common law claims. A copy of the opinion in Melissa Alleruzzo v. SuperValu, Inc. is available at: Link to Opinion. In June and July 2014, hundreds of retail grocery stores operated by three different entities (“grocers”) were hacked, resulting in the theft of customers’ card information, including their names, credit or debit card account…
The Supreme Court of the United States recently vacated the U.S. Court of Appeals for the Ninth Circuit’s approval of a class action settlement against a prominent technology company claiming violations of the Stored Communications Act. In so doing, the Supreme Court concluded that significant questions regarding the class plaintiffs’ Article III standing had not yet been adequately considered by the lower courts following its ruling in Spokeo v. Robins, 578 U.S. ___ , and remanded for consideration of whether any of the named plaintiffs has alleged SCA violations that are sufficiently concrete and particularized to support standing in federal…
In a 2-1 decision, the U.S. Court of Appeals for the Ninth Circuit held that a putative class action against state entities and a private contractor for allegedly collecting and sharing personal data without authorization was essentially a local controversy and was therefore correctly remanded to state court under an exception in the federal Class Action Fairness Act (CAFA). Accordingly, the Ninth Circuit affirmed the ruling of the trial court remanding the matter to state court. A copy of the opinion in Kendrick v. Conduent State and Local Sols. is available at: Link to Opinion. The plaintiffs sought to maintain an action in…