The U.S. District Court for the Southern District of California recently dismissed a consumer’s putative class action lawsuit against a mortgage lending and servicing company for purported damages sustained as a result of a security breach wherein his personal information was compromised, and the hackers attempted to open credit cards in his name. Although the Court previously concluded that the consumer had standing to bring his claims under Article III of the Constitution, it held that the consumer failed to state causes of action for negligence and violations of various California laws. A copy of the opinion in Razuki v.…
Posts published in “Data Privacy and Security”
The U.S. Court of Appeals for the Fourth Circuit recently vacated a judgment of dismissal in consolidated class actions arising from a data breach of personal information, holding that the plaintiffs had standing to sue because fraudulent credit cards were actually opened in the victims’ names. In so ruling, the Court distinguished its 2017 ruling in Beck v. McDonald, which held “a mere compromise of personal information, without more, fails to satisfy the injury-in-fact element in the absence of an identity theft.” A copy of the opinion in Rhonda Hutton v. National Board of Examiners is available at: Link to…
On June 28, California passed into law the California Consumer Privacy Act of 2018, which becomes operative on Jan. 1, 2020. As with the EU’s General Data Protection Regulation, the Privacy Act gives consumers greater control over the use and sharing of their personal information. The Privacy Act allows a consumer to request that a business disclose: the categories and specific pieces of personal information that it collects about the consumer; the categories of sources from which that information is collected; the business purposes for collecting or selling the information; the categories of third parties with which the information is…
The U.S. Court of Appeals for the Third Circuit recently reversed the dismissal of a consumer’s complaint for unauthorized use of his credit card, holding that he stated claims for relief under the federal Fair Credit Billing Act’s correction of billing errors provisions, and the federal Truth in Lending Act’s unauthorized-use provisions. In so ruling, the Court held that: When “a creditor removes a disputed charge from a billing statement and later reinstates that charge, the 60-day period in which a consumer must file a written dispute begins when the consumer receives the first statement reinstating the charge.” “A cardholder…
In a data breach putative class action brought by financial institutions against a retail grocery store chain, the U.S. Court of Appeals for the Seventh Circuit recently held that the economic loss doctrine prevented recovery of economic losses in tort cases. Although the financial institutions had no direct contractual relationship with the retail grocery store chain, the Seventh Circuit noted that the banks and the merchant all participated in a network of contracts that tied together all the participants in the card payment system. In so ruling, the Seventh Circuit joined the Third and First Circuits in rejecting negligence theory…
In a data breach putative class action, the U.S. Court of Appeals for the Ninth Circuit recently held that the plaintiffs sufficiently alleged Article III standing based on an alleged “increased risk of future identity theft.” In so ruling, the Ninth Circuit rejected the defendant’s argument that Clapper v. Amnesty International USA, 568 U.S. 398 (2013), in which the Supreme Court of the United States held “an objectively reasonable likelihood” of injury was insufficient to confer standing, required dismissal. A copy of the opinion in In re Zappos.com is available at: Link to Opinion. In January 2012, hackers breached the servers of…
The California Court of Appeal, Fourth District, recently reversed summary judgment awarded in favor of the defendant based on violations of the California Invasion of Privacy Act, which prohibits the recording of confidential communications without the knowledge or consent of the other party, and the intentional recording of communications using a cellular or cordless telephone. In so ruling, the Appellate Court held that the defendant could not establish that it lacked the requisite intent to violate the Privacy Act, because the defendant’s full-time “always on” recording system recorded all calls on the company phones regardless of whether the calls were…
The U.S. Court of Appeals for the Eleventh Circuit recently affirmed a trial court’s award of $2,500 in statutory damages to a plaintiff whose private information was improperly viewed by a sheriff’s deputy who had a romantic relationship with the plaintiff’s ex-husband in violation of the federal Driver’s Privacy Protection Act (DPPA), holding that the statute did not provide for cumulative damages of $2,500 per violation. In so ruling, the Court reversed the trial court’s award of only 10 percent of the amount of attorney’s fees requested by the plaintiff’s counsel. The trial court limited the attorney fee award because…
The U.S. Court of Appeals for the Eighth Circuit recently affirmed the dismissal of a putative class action complaint alleging various causes of action relating to the cybertheft of personally identifiable information, based in part on the plaintiffs failure to adequately allege any damages caused by the data breach or how the defendant breached the terms of its agreement . A copy of the opinion in Kuhns v. Scottrade, Inc. is available at: Link to Opinion. The defendant securities brokerage firm suffered an attack by hackers in which the hackers successfully accessed the firm’s customer database extracting personally identifiable information…
The U.S. District Court for the Southern District of Florida recently held, after a non-jury trial, that a regional supermarket chain violated the federal Americans with Disabilities Act (ADA) because its website was inaccessible to the visually impaired. A copy of the Verdict and Order in Gil v. Winn-Dixie Stores, Inc. is available at: Link to Opinion. The plaintiff, a legally-blind customer of the supermarket who also suffers from cerebral palsy, sued under the ADA, 42 U.S.C. §§ 12181-12189, alleging that its website was not accessible, seeking declaratory and injunctive relief and attorney’s fees and costs. The parties did not dispute…
The U.S. Court of Appeals for the Second Circuit recently affirmed the dismissal of a “data breach” lawsuit against a retailer, holding that the plaintiff lacked standing for failure to allege a cognizable injury. A copy of the opinion in Whalen v. Michaels Stores, Inc. is available at: Link to Opinion. The plaintiff made credit card purchases at a retail store and, two weeks later, her credit card information was fraudulently presented to make purchases in a foreign country. The plaintiff immediately cancelled her credit card and the fraudulent charges were not incurred on the card, nor was she liable for…
The U.S. District Court for the Central District of California recently dismissed a claim brought under the federal Americans with Disabilities Act (ADA) brought by a visually-impaired plaintiff who alleged that the defendant pizza company’s website did not permit users to complete their purchases using a screen-reading software program. The plaintiff also alleged that the company’s mobile app did not allow him to access the menu on his iPhone using a particular software. In dismissing the action without prejudice, the Court concluded that there were no regulations clarifying what web accessibility accommodations are required under the ADA. Thus, the Court…