Press "Enter" to skip to content

Posts published in “IT & Data Protection”

2019: A Watershed Year for Consumer Financial Services Law

It has been an extraordinary 365 days for consumer financial services law. I cannot recall a year where so many states introduced legislation or proposed regulations or rules impacting the credit industry. At the federal level, proposed rules for the Fair Debt Collection Practices Act were (finally) released and California also proposed regulations under the California Consumer Privacy Act.

The 2019 Privacy Legislation Bomb Cyclone

The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and introduced privacy concepts that were new to some U.S. businesses.  Fortunately, the GDPR was developed over a period of time that allowed for thoughtful deliberation and careful drafting. The California Consumer Privacy Act (CCPA), on the other hand, was speedily enacted under the threat of a ballot initiative.

3rd Cir. Vacates Cy Pres Class Settlement Citing Trial Court’s Failure to Scrutinize Scope of Release

The U.S. Court of Appeals for the Third Circuit recently vacated an order approving the settlement of a class action certified under Rule 23(b)(2), where the only benefit to the class was the defendant’s payment of a cy pres award to organizations that promoted data…

9th Cir. Holds Violation of Facial Recognition Law Sufficient for Standing, Upholds Class Cert.

The U.S. Court of Appeals for the Ninth Circuit recently held that class plaintiffs alleged a concrete and particularized harm sufficient to confer Article III standing where the defendant company’s alleged collection, use, and storage of the plaintiffs’ biometric information was the substantive harm targeted…

7th Cir. Holds Plaintiff Lacked Standing in ADA ‘Website Accessibility’ Case Against Credit Union

The U.S. Court of Appeals for the Seventh Circuit recently held that a blind plaintiff lacked standing to sue under the Americans with Disabilities Act (ADA) for alleged accessibility problems with a credit union’s website because he could not establish an injury in fact as…

Texas Enacts Amendments to Data Breach Notification Law; Creates Privacy Protection Advisory Council

On June 14, Texas Gov. Greg Abbott signed into law House Bill 4390 which amends the notification requirements of Texas’ data breach law and creates an advisory council to study data privacy laws generally.  The provisions become effective Jan. 1, 2020. Currently, a person conducting…

8th Cir. Rejects Alleged Data Breach Victim’s UDAP, UDTPA, Common Law, and Other Claims

The U.S. Court of Appeals for the Eighth Circuit recently upheld the dismissal of an alleged data breach victim’s allegations under the Illinois Consumer Fraud and Deceptive Business Practices Act, the Illinois Personal Information Protection Act, and the Illinois Uniform Deceptive Trade Practices Act, as…

9th Cir. Holds ‘Unlawful Information Collection and Sharing’ Class Action Improperly Removed Under CAFA

In a 2-1 decision, the U.S. Court of Appeals for the Ninth Circuit held that a putative class action against state entities and a private contractor for allegedly collecting and sharing personal data without authorization was essentially a local controversy and was therefore correctly remanded…