No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
In this post: (1) Website tracking litigation risk remains as SB 690 is designated “two-year bill”; (2) Second Circuit reinforces narrower interpretation of PII to “shut the door for Pixel-based VPPA claims”; (3) Courts...more
Courts across the country are becoming skeptical of data breach and web tracking claims that assert theoretical privacy violations without alleging any actual injury to the plaintiffs. Recent decisions underscore that courts...more
Data breaches have become a serious issue for businesses, leading to numerous putative class action lawsuits alleging that the defendants failed to prevent the unauthorized disclosure of personally identifiable information or...more
The Western District of Pennsylvania recently granted Spirit Airlines, Inc. (“Spirit Airlines”)’s Rule 12(b)(1) motion to dismiss a class action brought by a putative class of plaintiffs who visited Spirit Airlines’ website...more
Seyfarth Synopsis: As reported here, to mark the two-year anniversary of TransUnion LLC v. Ramirez (“TransUnion”), the Workplace Class Action blog is examining how each of the federal Circuit Courts have applied this...more
Courts and class action counsel have been considering what kinds of injuries can confer standing to pursue federal claims following the Supreme Court’s 2021 decision in TransUnion LLC v. Ramirez, which held that the...more
Data incident lawsuits, especially class actions, have the potential to create significant business disruption, loss of marketplace credibility, civil liability or regulatory exposure. Consequently, companies that experience...more
Takeaway: We have written a number of articles about standing issues arising in data breach class actions. See, e.g., Data breach class actions: Third Circuit sets out parameters for Article III injury-in-fact (Oct. 27,...more
Last week, New York federal judge Vincent L. Bricetti dismissed a data breach class action against Northeast Radiology PC (northeast) and Alliance HealthCare Services (Alliance) because the plaintiffs failed to allege a...more
Takeaway: Since the U.S. Supreme Court addressed the issue of standing based on allegations of possible future injury in Clapper v. Amnesty International USA, 568 U.S. 398 (2013), the courts of appeals have addressed this...more
In McMorris v. Carlos Lopez & Associates, LLC, a data breach case, the Second Circuit held that plaintiffs may demonstrate standing based on a theory of “increased risk” of future identity theft or fraud following an...more
A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no...more
On April 26, 2021, the Second Circuit Court of Appeals decided the case of McMorris v. Carlos Lopez & Assocs., No. 19-4310, 2021 WL 1603808 (2d Cir. Apr. 26, 2021) and addressed one of the most critical issues in private data...more
While more states push forward on new privacy legislation statutorily granting consumers the right to litigate control of their personal information, federal courts continue to ponder how data breach injury fits traditional...more
In early November, we wrote about a new Eleventh Circuit decision on Article III standing law which directly held that it was not enough to allege a statutory violation and instead there must be a concrete injury to sustain...more
After the California Consumer Privacy Act (CCPA) took effect on January 1, 2020, a surge of class action lawsuits predicated on alleged CCPA violations hit businesses. Because of the act’s novelty, it was unclear whether...more
Takeaway: The Eleventh Circuit has yet to address whether a future risk of identity theft is sufficient to establish standing in a data breach case. In Muransky v. Godiva Chocolatier, Inc., 16-16486, 2020 WL 6305084, at *12...more
Takeaway: Data breach cases often turn on whether the threat of future identity theft suffices to establish Article III standing. In yet another data breach case, In re Brinker Data Incident Litig., 3:18-CV-686-J-32MCR,...more
Seyfarth Synopsis: Plaintiffs’ lawyers reached a landmark $550 million settlement in January 2020 in a lawsuit against Facebook by consumers in a class action brought under the Illinois Biometric Information Privacy Act (the...more
On January 21, 2020, the U.S. Supreme Court denied Facebook’s petition for a writ of certiorari to consider whether consumers alleged a sufficiently concrete injury-in-fact in a biometric privacy lawsuit. A group of...more
Seyfarth Synopsis: On January 29, 2020, Facebook announced that it had reached a settlement with plaintiffs in a class action brought under the Illinois Biometric Information Privacy Act (the “BIPA”) in the U.S. District...more
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
The rapid adoption of biometric technology—designed to measure unique human biological characteristics, like fingerprints, voiceprints, and hand or face scans—has led to a surge of consumer class actions alleging violations...more
The Ninth Circuit has issued its much-anticipated decision in a class action against Facebook involving alleged biometric privacy violations, affirming certification of a class. In Patel v. Facebook, the Northern District of...more
Recently, the Ninth Circuit Court of Appeals held that an Illinois class of Facebook users can pursue a class action lawsuit arising out of Facebook’s use of facial scanning technology....more