2022 proved to be an historic year for privacy and data security.  Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states.  For the first time, federal privacy legislation advanced to a House Subcommittee, and though the American Data Privacy and Protection

As we discussed in a recent webcast, there has been a surge in litigation focused on companies’ use of Meta Pixel, which is tracking code that enables the sharing of user online activity with Facebook.  Recent litigation has alleged that use of Meta Pixel with online videos violates the Video Privacy Protection Act (VPPA). 

The Third Circuit recently became the first federal appellate court to address the question of whether the victim of a data breach has Article III standing to bring a claim for damages based on the fear of identity theft since the Supreme Court’s decision in TransUnion v. Ramirez in 2021.  The Third Circuit, in Clemens

In a class action with potentially significant impact on data sharing disclosures that companies routinely provide in online privacy policies, the Third Circuit recently ruled that NaviStone, a third party marketing service, was not a “direct party” under the Pennsylvania Wiretapping and Electronic Surveillance Control Act (WESCA) and thus was potentially subject to liquidated damages

On February 3, the Illinois Supreme Court unanimously ruled in McDonald v. Symphony Bronzeville Park, LLC, 2022 IL 126511, that the exclusivity provisions of the Illinois Workers’ Compensation Act (WCA) do not preempt employees’ claims for statutory damages under the Illinois Biometric Information Privacy Act (BIPA).  The decision provides clarity for a number

On August 12, 2021, the United States District Court for the District of South Carolina issued an opinion denying in part and granting in part a motion by Blackbaud to dismiss seven statutory claims brought by plaintiffs in a multidistrict consolidated action stemming from a ransomware attack. The most notable aspect of the opinion is the Court’s interpretation of the California Medical Information Act (CMIA), which may have the effect of broadening the scope of liability for California-based cloud service providers that suffer data breaches.
Continue Reading  Federal Court Holds that Cloud Service Provider is Subject to CMIA

Following in the footsteps of the Eastern District of Virginia’s Capital One decision last year and the District of D.C.’s Clark Hill decision earlier this year, the Eastern District of Pennsylvania has just ordered the production of a data breach forensic report and related communications.  In re Rutter’s Data Sec. Breach Litig., No. 1:20-CV-382,

Phil Yannella, Ballard Spahr litigation partner and Practice Leader of Ballard’s Privacy & Data Security Group, recently authored a treatise on data breach and privacy litigation. The book, Cyber Litigation: Data Brach, Data Privacy & Digital Rights, is published by Thomson Reuters and is available now for purchase.
Continue Reading  Ballard Spahr Partner, Phil Yannella, Authors Book on Data Breach and Privacy Litigation

In a thoughtful opinion that diverges from how other circuit courts have addressed the issue, the Second Circuit recently issued a ruling clarifying the circumstances when data breach plaintiffs can rely on fear of identity theft to establish Article III standing.
Continue Reading  Second Circuit Ruling Clarifies When Data Breach Plaintiffs Have Adequately Plead Article III Standing