Courts across the country continue to grapple with thorny questions surrounding the legal implications of cyber-attacks.  Recently, a federal court in California considered whether a plaintiff could assert a claim against a company when a cyber-criminal acquired his personal information from the company and then used that information to steal his cryptocurrency.  The district court

Last week, a federal court in Illinois dismissed a putative class action complaint alleging violations of the Illinois Biometrics Information Privacy Act (“BIPA”) for engaging in “impermissible group pleading.”  The ruling serves as a reminder that a complaint that fails to plead specific facts as to each defendant does not meet the Rule 8 pleading

The Fourth Circuit’s opinion last week in In re Marriott International, Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful to companies facing data breach class actions.  Following a data breach of the Starwood guest reservation system, Marriott investors brought securities claims alleging that the purported failure to disclose vulnerabilities in Starwood’s IT systems rendered certain public statements false or misleading.

Continue Reading Fourth Circuit Holds Statements About Importance of Data Security Not Actionable

A financial institution and its vendor recently reached a $50 million settlement in a class action lawsuit for violating the call recording provision of the California Invasion of Privacy Act (“CIPA”).  The settlement is nearly three times the size of the largest previous settlement under CIPA, which provides for damages of $5,000 per violation.

The

An Illinois federal district court recently rejected dismissal of Illinois Biometric Information Privacy Act (“BIPA”) claims in In re Clearview AI, Inc., Consumer Privacy Litigation, No. 21-cv-135 (N.D. Ill.).  The Clearview plaintiffs alleged that Clearview violated their privacy rights without their knowledge and consent by scraping more than three billion photographs of facial images from the internet and using artificial intelligence algorithms on the images to harvest individuals’ unique facial biometric identifiers and corresponding biometric information.  Clearview sought dismissal of the BIPA claims under the First Amendment, extraterritoriality doctrine, dormant commerce clause, and BIPA’s express exemption for  photographs.  The court rejected these grounds, and declined to dismiss the BIPA claims.

Continue Reading Court Rejects Dismissal of Illinois Biometric Information Privacy Act Against Clearview in Pending Multidistrict Litigation

A magistrate judge in the Western District of New York recently recommended dismissing the putative class action Tassmer et al v. Professional Business Systems, concluding that any risk of identity theft or other injury was too “speculative” to show standing.  The recommendation is in line with numerous other federal circuit and district courts similarly requiring plaintiffs in data breach cases to show concrete harm, not merely a risk of future harm.  This recommendation, if adopted, will be another helpful precedent for companies facing class action lawsuits as a result of a data breach or cyber hack.

Continue Reading No Harm, No Foul: New York Federal Court Recommends Dismissing Sensitive Data Breach Class Action for Lack of Standing

A California federal district court recently granted partial dismissal of privacy claims brought by several Google users in Rodriguez v. Google, LLC, No. 20-cv-5688 (N.D. Cal.).  The Rodriguez plaintiffs claimed that Google engaged in unlawful wiretapping under section 631 of the California Invasion of Privacy Act (“CIPA”) by collecting data from third-party apps after users turned off certain data tracking in their Google privacy settings; they also claimed that Google breached a unilateral contract they had formed by selecting those privacy settings.  The court disagreed, and dismissed these two claims without leave to amend.  

Continue Reading Court Grants Dismissal of Wiretapping and Contract Claims in Putative Privacy Class Action Involving Google Privacy Settings

On Thursday, the Illinois Supreme Court unanimously ruled in McDonald v. Symphony Bronzeville Park LLC that the exclusivity provisions of the state’s workers’ compensation statute do not preclude liquidated damages claims under the Biometric Information Privacy Act.  The decision narrows the defenses available to employers facing employment-related BIPA claims.

Continue Reading Illinois Supreme Court Rules Workers’ Compensation Act Does Not Bar BIPA Liquidated Damages Claims

In a closely watched case by companies that operate in the UK—and one that had the potential to dramatically expand the UK’s representative action regime—the UK Supreme Court instead dismissed a representative privacy action against Google brought on behalf of 4 million iPhone users. The Court held that the claimant could not show that he