In what appears to be an emerging privacy litigation trend, plaintiffs’ attorneys have recently filed a series of putative class action lawsuits targeting data companies in possession of cellular telephone numbers. The...more
7/8/2025
/ Class Action ,
Colorado ,
Consent ,
Consumer Protection Laws ,
Corporate Counsel ,
Data Brokers ,
Data Privacy ,
Fraud ,
Litigation Strategies ,
Privacy Laws ,
Putative Class Actions ,
State Privacy Laws ,
Telecommunications ,
Telemarketing
The new Department of Justice (DOJ) Data Security Program (DSP) took effect on April 8....more
4/17/2025
/ Corporate Counsel ,
Covered Person ,
Cybersecurity ,
Data Brokers ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Due Diligence ,
New Guidance ,
Penalties ,
Risk Management
2024 was a pivotal year in the regulation of data practices, with increased scrutiny of artificial intelligence (AI), data brokers, and the ecosystem of commercial data, and the continued proliferation of comprehensive United...more
2/13/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
State Privacy Laws
Using AI in HR - Hire or Hover? Hiring executives are asking if the compliance costs and discrimination risks outweigh the anticipated benefits of using artificial intelligence (AI) tools for hiring and employment-related...more
9/18/2024
/ Algorithms ,
Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Civil Rights Act ,
Corporate Counsel ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Employment Discrimination ,
Hiring & Firing ,
Human Resources Professionals ,
Machine Learning ,
Title VII
Following several years of investigating the common practices in the space, the Federal Trade Commission (FTC) reached its first settlement with a data broker over the alleged collection and sale of location information that...more
1/18/2024
/ Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Brokers ,
Data Collection ,
Data Sellers ,
Data Selling ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
Geolocation ,
Location Data ,
Personal Data ,
Request For Information ,
Settlement
Your business was hit with a ransomware attack over the weekend, and the critical systems are locked up (i.e., encrypted). To unlock those valuable systems and continue operating the business, the threat actor demands...more
With the notice and cure set to expire on January 1, 2023, California Attorney General Rob Bonta (CA AG) provided a glimpse at what to expect with its first settlement of alleged violations of the California Consumer Privacy...more
9/1/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Sephora ,
Statutory Violations
Recently, the Ninth Circuit joined its sister circuit, the Eleventh, in vacating class settlements on standing grounds. In Harvey v. Morgan Stanley Smith Barney LLC, the court vacated the district court’s approval of the...more
On May 9, Clearview AI (Clearview) and the American Civil Liberties Union (ACLU) reached a settlement whereby Clearview agreed to a nationwide injunction blocking many private entities, and some public entities, from...more
Introduction -
On April 29, Aerojet Rocketdyne Holdings Inc. (Aerojet) settled claims by whistleblower Brain Markus for a reported $9 million after the second day of a jury trial. This is the second recent settlement under...more
Creation of CyTech. On May 9, the National Association of Attorneys General (NAAG) announced the creation of the NAAG Center on Cyber and Technology (CyTech), joining a number of other centers focused upon key issues for...more
On May 3, Judge Grimm of the U.S. District Court for the District of Maryland issued a class certification decision in a consumer data breach multidistrict litigation case against an international hotel and resort management...more
Introduction: Biometric Laws in 2022 -
In the first quarter of 2022 alone, no fewer than seven states have introduced biometric laws — California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York — generally...more
On February 3, a New York magistrate judge recommended dismissing a class action against medical management company, Professional Business System d/b/a Practicefirst Medical Management Solutions in Tassmer v. Professional...more
On October 5, the Delaware Court of Chancery issued a decision in Firemen’s Retirement System of St. Louis v. Sorenson, et al., C.A. No. 2019-0965-LWW, dismissing breach of fiduciary duty claims brought against various...more
Despite overlap of alleged putative nationwide class definitions, the Judicial Panel on Multidistrict Litigation (JPML) denied Geico’s attempt to consolidate five class-action lawsuits arising from a data breach notification...more
Entities sued for a data breach – even one that is consolidated into a multidistrict litigation proceeding in the defendant’s home state – should not forget the personal jurisdiction defense, which can provide a powerful tool...more
The Central District of California recently dismissed a data breach class action for lack of standing, notwithstanding evidence that the stolen data of 40 million consumers had allegedly been offered for sale on the dark web....more
On July 7, Governor Jared Polis signed Colorado's comprehensive data privacy bill (SB 21-190) into law. The Colorado Privacy Act (CPA) will go into effect on January 1, 2023, making Colorado the third state to enact a...more
A federal court in Michigan recently ruled that out-of-state residents have standing to sue under the Michigan Personal Privacy Protection Act (PPPA). In Lin v. Crain Communications, Inc., Case No. 2:19-cv-11889 (E.D. Mich.,...more
Last Thursday, the Eleventh Circuit affirmed a district court’s dismissal for lack of standing in a data incident case. The majority opinion, written by Senior Judge Gerald Bard Tjoflat and joined by Judge Adalberto Jordan...more
Last week, Judge Sue Myerscough declined to certify a class of employees whose personal information was disclosed when Driveline Retail Merchandising fell prey to a phishing scam. While nearly 16,000 employees were allegedly...more
Do you want a simple way to keep current on important privacy changes? Avoid sleepless nights wondering whether you missed a privacy speed bump or pothole between annual updates? Worry no longer. Troutman Pepper is pleased to...more
1/8/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
NIST ,
Personal Information ,
PHI ,
Popular ,
Privacy Laws
On Tuesday, September 15, New York Attorney General Letitia James announced a settlement with Dunkin’ Brands Inc. regarding a lawsuit in New York state court titled The People of The State of New York et al. v. Dunkin’ Brands...more
The California Consumer Privacy Act of 2018 (CCPA) went into effect January 1, 2020. While the CCPA was amended in October of 2019 to exempt certain employment and personal information involved in business-to-business (B2B)...more
9/2/2020
/ B2B Organizations ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Security ,
Exemptions ,
Policies and Procedures ,
Privacy Policy ,
Public Information