The U.S. Court of Appeals for the Eighth Circuit recently upheld the dismissal of an alleged data breach victim’s allegations under the Illinois Consumer Fraud and Deceptive Business Practices Act, the Illinois Personal Information Protection Act, and the Illinois Uniform Deceptive Trade Practices Act, as well as various common law claims. A copy of the opinion in Melissa Alleruzzo v. SuperValu, Inc. is available at: Link to Opinion. In June and July 2014, hundreds of retail grocery stores operated by three different entities (“grocers”) were hacked, resulting in the theft of customers’ card information, including their names, credit or debit card account…
Posts tagged as “Data Protection”
On June 28, California passed into law the California Consumer Privacy Act of 2018, which becomes operative on Jan. 1, 2020. As with the EU’s General Data Protection Regulation, the Privacy Act gives consumers greater control over the use and sharing of their personal information. The Privacy Act allows a consumer to request that a business disclose: the categories and specific pieces of personal information that it collects about the consumer; the categories of sources from which that information is collected; the business purposes for collecting or selling the information; the categories of third parties with which the information is…
In a data breach putative class action brought by financial institutions against a retail grocery store chain, the U.S. Court of Appeals for the Seventh Circuit recently held that the economic loss doctrine prevented recovery of economic losses in tort cases. Although the financial institutions had no direct contractual relationship with the retail grocery store chain, the Seventh Circuit noted that the banks and the merchant all participated in a network of contracts that tied together all the participants in the card payment system. In so ruling, the Seventh Circuit joined the Third and First Circuits in rejecting negligence theory…
In a data breach putative class action, the U.S. Court of Appeals for the Ninth Circuit recently held that the plaintiffs sufficiently alleged Article III standing based on an alleged “increased risk of future identity theft.” In so ruling, the Ninth Circuit rejected the defendant’s argument that Clapper v. Amnesty International USA, 568 U.S. 398 (2013), in which the Supreme Court of the United States held “an objectively reasonable likelihood” of injury was insufficient to confer standing, required dismissal. A copy of the opinion in In re Zappos.com is available at: Link to Opinion. In January 2012, hackers breached the servers of…
The U.S. Court of Appeals for the Eighth Circuit recently affirmed the dismissal of a putative class action complaint alleging various causes of action relating to the cybertheft of personally identifiable information, based in part on the plaintiffs failure to adequately allege any damages caused by the data breach or how the defendant breached the terms of its agreement . A copy of the opinion in Kuhns v. Scottrade, Inc. is available at: Link to Opinion. The defendant securities brokerage firm suffered an attack by hackers in which the hackers successfully accessed the firm’s customer database extracting personally identifiable information…
The U.S. District Court for the Southern District of Florida recently held, after a non-jury trial, that a regional supermarket chain violated the federal Americans with Disabilities Act (ADA) because its website was inaccessible to the visually impaired. A copy of the Verdict and Order in Gil v. Winn-Dixie Stores, Inc. is available at: Link to Opinion. The plaintiff, a legally-blind customer of the supermarket who also suffers from cerebral palsy, sued under the ADA, 42 U.S.C. §§ 12181-12189, alleging that its website was not accessible, seeking declaratory and injunctive relief and attorney’s fees and costs. The parties did not dispute…
The U.S. District Court for the Central District of California recently dismissed a claim brought under the federal Americans with Disabilities Act (ADA) brought by a visually-impaired plaintiff who alleged that the defendant pizza company’s website did not permit users to complete their purchases using a screen-reading software program. The plaintiff also alleged that the company’s mobile app did not allow him to access the menu on his iPhone using a particular software. In dismissing the action without prejudice, the Court concluded that there were no regulations clarifying what web accessibility accommodations are required under the ADA. Thus, the Court…
In a data breach putative class action, the U.S. Court of Appeals for the Eighth Circuit recently held that the trial court had not conducted the required “rigorous analysis” of Federal Rule of Civil Procedure 23(a)’s class certification prerequisites when certifying the settlement class or when evaluating arguments raised by class objectors. Additionally, the Eighth Circuit also reversed the trial court’s ruling on the amount of the appeal bond, holding that an appellate bond should not include costs associated with delays in administering a class action settlement while the matter was on appeal. A copy of the opinion in Jim…
Reversing the trial court’s ruling dismissing the action for lack of standing, the U.S. Court of Appeals for the Seventh Circuit recently held that the increased risk of fraudulent credit or debit card charges and possible identity theft due to a data breach that already occurred was “certainly impending future harm” and was sufficient for Article III standing. In addition, the Court also held that time and money the plaintiffs allegedly spent resolving fraudulent charges and possible identity theft also were sufficient injuries for Article III standing. However, this opinion was issued prior to the Supreme Court of the United…
The Federal Trade Commission has released a report examining the benefits, potential risks, and legality of the use of big data in business. Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues focuses on how big data is used after it is collected and how that information could result in discrimination against consumers. The primary goal of the report is to provide businesses with important information on the relevant laws to big data analytics, as well as guidelines on how to use big data effectively while remaining compliant and non-discriminatory, according to the FTC. “Big data’s role is…
Section 75001 of the recently enacted Fixing America’s Surface Transportation (FAST) Act provides a new exception to the annual privacy notice requirement under the Gramm-Leach-Bliley Act (GLBA). The language of the provision is as follows: SEC. 75001. EXCEPTION TO ANNUAL PRIVACY NOTICE REQUIREMENT UNDER THE GRAMM-LEACH-BLILEY ACT. Section 503 of the Gramm-Leach-Bliley Act (15 U.S.C. 6803) is amended by adding at the end the following: (f) EXCEPTION TO ANNUAL NOTICE REQUIREMENT.—A financial institution that— (1) provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of section 502 or regulations prescribed under section 504(b), and…