Photo of Kathryn Cahoy

Kate Cahoy uses her substantial class action experience to help clients develop strategic and innovative solutions to their most challenging litigation matters. She specializes in defending clients in complex, high-stakes class action disputes involving privacy, antitrust, and consumer protection claims and has achieved significant victories for clients in the technology, entertainment, consumer product, and financial services industries. In addition, Kate has substantial experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), and common law and constitutional rights of privacy, among others.

A California federal district court recently granted in part the dismissal of certain federal and state privacy claims, including a California Consumer Privacy Act (“CCPA”) claim, in Hayden v. The Retail Equation, Inc., No. 8:20-cv-01203 (C.D. Cal.).  Plaintiffs in Hayden alleged that twelve retailers unlawfully shared customer data with a computer software firm, The Retail Equation (“TRE”), which in turn created “customer risk scores” to identify potentially fraudulent customer returns.  This customer risk score was alleged to include information about the customers’ purchase histories, information gleaned from social media, as well as personal information, including name, government identification card or passport information, address, sex, race, and date of birth.  TRE and the retailers sought dismissal of: (1) the Fair Credit Reporting Act (“FCRA”) claim; (2) the CCPA claim; (3) the California invasion of privacy claim; (4) the Unfair Competition Law (“UCL”) claim; and (5) unjust enrichment claim.  The Court dismissed all but the invasion of privacy claim.

Continue Reading Court Grants in Part Dismissal of Certain Privacy Claims, Including CCPA Claim, Against The Retail Equation and Retailers

A recent class action refiled in federal court against Shopify highlights a growing trend  of lawsuits against companies related to the theft of cryptocurrency, particularly as a result of internal company threats.  See Forsberg et al v. Shopify, Inc. et al, 1:22-cv-00436 (D. Del.).  Despite not itself being a repository for or facilitating the sale of any cryptocurrency, the plaintiffs in the Shopify case allege that Shopify is liable for a theft of cryptocurrency after Shopify experienced a data breach caused by its own employees, which exposed a customer list for a cryptocurrency hardware wallet vendor, Ledger SAS.  As cryptocurrency storage and related transactions increasingly feature in companies’ online presence, there is likely to be a growing risk posed by threat actors motivated to target crypto-related assets and data, and more litigation activity in this space.

Continue Reading Companies Increasingly Facing Class Actions Connected to Cryptocurrency Theft

Courts across the country continue to grapple with thorny questions surrounding the legal implications of cyber-attacks.  Recently, a federal court in California considered whether a plaintiff could assert a claim against a company when a cyber-criminal acquired his personal information from the company and then used that information to steal his cryptocurrency.  The district court

Last week, a federal court in Illinois dismissed a putative class action complaint alleging violations of the Illinois Biometrics Information Privacy Act (“BIPA”) for engaging in “impermissible group pleading.”  The ruling serves as a reminder that a complaint that fails to plead specific facts as to each defendant does not meet the Rule 8 pleading

An Illinois federal district court recently rejected dismissal of Illinois Biometric Information Privacy Act (“BIPA”) claims in In re Clearview AI, Inc., Consumer Privacy Litigation, No. 21-cv-135 (N.D. Ill.).  The Clearview plaintiffs alleged that Clearview violated their privacy rights without their knowledge and consent by scraping more than three billion photographs of facial images from the internet and using artificial intelligence algorithms on the images to harvest individuals’ unique facial biometric identifiers and corresponding biometric information.  Clearview sought dismissal of the BIPA claims under the First Amendment, extraterritoriality doctrine, dormant commerce clause, and BIPA’s express exemption for  photographs.  The court rejected these grounds, and declined to dismiss the BIPA claims.

Continue Reading Court Rejects Dismissal of Illinois Biometric Information Privacy Act Against Clearview in Pending Multidistrict Litigation

A magistrate judge in the Western District of New York recently recommended dismissing the putative class action Tassmer et al v. Professional Business Systems, concluding that any risk of identity theft or other injury was too “speculative” to show standing.  The recommendation is in line with numerous other federal circuit and district courts similarly requiring plaintiffs in data breach cases to show concrete harm, not merely a risk of future harm.  This recommendation, if adopted, will be another helpful precedent for companies facing class action lawsuits as a result of a data breach or cyber hack.

Continue Reading No Harm, No Foul: New York Federal Court Recommends Dismissing Sensitive Data Breach Class Action for Lack of Standing

A California federal district court recently granted partial dismissal of privacy claims brought by several Google users in Rodriguez v. Google, LLC, No. 20-cv-5688 (N.D. Cal.).  The Rodriguez plaintiffs claimed that Google engaged in unlawful wiretapping under section 631 of the California Invasion of Privacy Act (“CIPA”) by collecting data from third-party apps after users turned off certain data tracking in their Google privacy settings; they also claimed that Google breached a unilateral contract they had formed by selecting those privacy settings.  The court disagreed, and dismissed these two claims without leave to amend.  

Continue Reading Court Grants Dismissal of Wiretapping and Contract Claims in Putative Privacy Class Action Involving Google Privacy Settings