Tag Archives: Litigation

Third Circuit Holds Data Breach Plaintiffs Lack Standing

Posted on January 20, 2012 by Hunton & Williams LLP

On December 12, 2011, the United States Court of Appeals for the Third Circuit affirmed a decision that employees of Ceridian Corporation’s (“Ceridian’s”) customers did not have standing to sue Ceridian after the payroll processing firm suffered a data breach.

In December 2009, a hacker may have gained access to personal and financial information of Ceridian’s customers, including names, addresses, Social Security numbers, dates of birth and bank account information. Although it is not known if the hacker read, copied or understood the data, Ceridian sent notification letters to affected individuals informing them of the breach and offering to provide one year of complimentary credit monitoring and identity theft protection.

Continue reading…

Tags: , , , , , , ,

Court Dismisses Facebook “Friend Finder” Lawsuit

Posted on November 3, 2011 by Hunton & Williams LLP

On October 27, 2011, the United States District Court for the Northern District of California dismissed claims that Facebook misappropriated users’ names and likenesses in promoting its “Friend Finder” feature. Friend Finder identifies potential “friends” for a Facebook user by matching his or her email contacts with users already registered with Facebook, then presenting the user with friend suggestions. Facebook promoted the feature by displaying the names and profile photos of current friends as examples of users who had found friends with Friend Finder.

Continue reading…

Tags: , , , , ,

SEC Issues Disclosure Guidance on Cybersecurity Matters and Cyber Incidents

Posted on October 20, 2011 by Hunton & Williams LLP

On October 13, 2011, the Securities and Exchange Commission Division of Corporation Finance issued disclosure guidance (“Guidance”) regarding cybersecurity matters and cyber incidents. While the Guidance does not change existing disclosure requirements, it does add specificity to existing requirements. In some respects, that specificity is helpful, but the Guidance fails to take into account the uncertainty that inevitably accompanies efforts to assess and disclose cybersecurity matters and incidents.

Read a detailed summary of the Guidance and analysis regarding its effects, including its impact on disclosures both before and after a cyber incident, enforcement-related proceedings and potential litigation.

Tags: , ,

New Jersey Courts Issue Conflicting Rulings in ZIP Code Collection Cases

Posted on October 18, 2011 by Hunton & Williams LLP

Last month, two New Jersey judges issued opposing decisions in class action lawsuits regarding merchants’ point-of-sale ZIP code collection practices. The conflicting orders leave unanswered the question of whether New Jersey retailers are prohibited from requiring and recording customers’ ZIP codes at the point of sale during credit card transactions.

Continue reading…

Tags: , , , , ,

Seventh Circuit Finds in Favor of Resellers in DPPA Suit

Posted on September 30, 2011 by Hunton & Williams LLP

On September 28, 2011, a federal court in Illinois held that West Publishing Company (“West”) had not violated the Driver’s Privacy Protection Act (“DPPA”) by reselling driver’s license information obtained from state DMVs.  The court held that (1) the DPPA creates a federal private right of action permitting individuals like the plaintiffs to bring their class action suit, but (2) the lower court’s dismissal for failure to state a claim was proper.

Continue reading…

Tags: , ,

How the Supreme Court’s Decision in Sorrell v. IMS Health May Affect Forthcoming “Do Not Track” Legislation

Posted on September 9, 2011 by Hunton & Williams LLP

Following the U.S. Supreme Court’s ruling in Sorrell v. IMS Health, Thomas Julin, partner at Hunton & Williams LLP who represented IMS Health in the case, closely studied the Court’s decision to assess its implications, including with respect to other forthcoming legislation.  In an interview with Marty Abrams, President of the Centre for Information Policy Leadership, during the Centre’s First Friday Call on September 9, 2011, Julin discussed the close parallels between the law invalidated in Sorrell v. IMS Health and proposed federal regulation of behavioral advertising such as the “Do-Not-Track Online Act of 2011,” which was introduced by Senator Jay Rockefeller (D-WV) in May 2011.

Listen to the full audio recording of Thomas Julin discussing his views on the implications of Sorrell v. IMS.

Read Julin’s article on this topic published by BNA’s Privacy and Security Law Report.

Tags: , , , , ,

Online Tracking Practices Face Increasing Scrutiny

Posted on September 9, 2011 by Hunton & Williams LLP

Over the past several weeks, online tracking practices involving the use of Flash cookies and ETags have been the subject of new research studies, class action lawsuits and significant media attention.

Continue reading…

Tags: , , , , , , , ,

Next Jump Agrees to Stop Using Borders Customer List and Trademarks

Posted on September 8, 2011 by Hunton & Williams LLP

On September 6, 2011, a bankruptcy court approved an agreement between bankrupt bookseller Borders Group, Inc. (“Borders”) and Next Jump, Inc., (“Next Jump”) regarding Next Jump’s alleged trademark infringement and unauthorized use of Borders’ customer information.  Next Jump stipulated that it will not communicate with persons on Borders’ customer list, and that it would remove the Borders name and marks from websites that Next Jump owns or operates. Continue reading…

Tags: , , ,

EEOC Letter Suggests Employers May Need to Increase Privacy Safeguards for Employee Medical Information

Posted on July 25, 2011 by Hunton & Williams LLP

As reported in the Hunton Employment & Labor Perspectives Blog:

The EEOC recently released an informal discussion letter suggesting that employers may be obligated to do more than just maintain a separate file for employee medical records, especially when those records are in an electronic format. Both the Americans with Disabilities Act of 1990 (“ADA”), as amended, and the Genetic Information Non-Discrimination Act of 2008 (“GINA”) require employers to maintain a confidential medical record, which is separate from the employee’s other personnel file(s), for information about the employee’s medical conditions, medical history or “genetic information.” The statutes do not, however, specify how such records are to be maintained or what level of security must be in place to protect the confidentiality of medical or genetic information.

Continue reading…

Tags: , ,

Class Action Suit Filed Against Cloud Service over Data Breach

Posted on July 22, 2011 by Hunton & Williams LLP

A putative class action complaint filed on June 22, 2011, in the United States District Court for the Northern District of California alleges that the popular cloud-based storage provider Dropbox, Inc. failed to secure users’ private data or to notify the vast majority of them about a data breach.  According to the complaint, Dropbox announced in a blog post on its website that it had “introduced a bug” on June 19, 2011, which allowed users logged in to its system to log into other users’ accounts and access those users’ data stored on Dropbox.  The complaint further claims that Dropbox did not notify most, if not all, of its 25 million users that their information had been compromised.  The complaint defines the plaintiff class as all current or former Dropbox users as of June 19, 2011, whose accounts were breached. Continue reading…

Tags: , ,