Phil Yannella, Ballard Spahr litigation partner and Practice Leader of Ballard’s Privacy & Data Security Group, recently authored a treatise on data breach and privacy litigation. The book, Cyber Litigation: Data Brach, Data Privacy & Digital Rights, is published by Thomson Reuters and is available now for purchase.
Continue Reading Ballard Spahr Partner, Phil Yannella, Authors Book on Data Breach and Privacy Litigation
Second Circuit Ruling Clarifies When Data Breach Plaintiffs Have Adequately Plead Article III Standing
In a thoughtful opinion that diverges from how other circuit courts have addressed the issue, the Second Circuit recently issued a ruling clarifying the circumstances when data breach plaintiffs can rely on fear of identity theft to establish Article III standing.
Continue Reading Second Circuit Ruling Clarifies When Data Breach Plaintiffs Have Adequately Plead Article III Standing
SCOTUS Narrows Reach of TCPA Autodialer Definition
In a unanimous decision, the U.S. Supreme Court limited the reach of the Telephone Consumer Protection Act (“TCPA”) by narrowing what technology qualifies as an Automatic Telephone Dialing System (“ATDS”). Among other restrictions, the TCPA prohibits calls to phone numbers using an ATDS without prior express consent. The TCPA defines an ATDS as “equipment which
Exploring the Rise in State Wiretap Claims
The latest wrinkle in the ever-changing world of data privacy litigation is the recent surge in state wiretap claims. What began as a trickle over the summer of 2020 has grown into a clear wave as plaintiffs have filed dozens of lawsuits against prominent tech, eCommerce, entertainment, and retail companies under state wiretap laws. These lawsuits seek statutory damages for the alleged interception of consumers’ electronic communications through the defendant’s use of various website analytic tools. Insofar as the use of website analytics tools is ubiquitous on the internet, privacy litigators are carefully watching the progress of these state wiretap claims. If successful, state wiretap claims could become the next TCPA, threatening virtually every company with a sizable web presence in the U.S.
Continue Reading Exploring the Rise in State Wiretap Claims
11th Circuit Finds No Standing Based on Fear of Future Identity Theft
In an opinion that deepens an existing circuit court split, the Eleventh Circuit recently held that the future risk of identity theft is not sufficient to establish Article III standing.
Continue Reading 11th Circuit Finds No Standing Based on Fear of Future Identity Theft
Facebook BIPA Class Settlement Receives Preliminary Approval
On August 19, 2020, the United States District Court for the Northern District of California granted preliminary approval of the class action settlement in In re Facebook Biometric Information Privacy Litigation, 3:15-cv-03747-JD. If the settlement receives final approval, Facebook would pay $650 million to Illinois class members as compensation for violations of the Illinois
What is the Potential Liability for Zoombombing?
Ballard privacy and data security lawyers Philip Yannella and Greg Szewczyk have authored an article for the Cybersecurity Law Report discussing the privacy and data security issues raised by Zoombombing, including potential first and third party liability. The article is available to subscribers here.
8th Circuit Decision in SuperValu Class Action is a Reminder that Injury and Damages Aren’t the Same Thing.
Last Friday we blogged on the Saks data breach class action, and in the process mentioned a trend among federal courts to reject fear of future identity theft claims in retail breach cases. As we explained, because retail breaches rarely involve theft of social security numbers, date of birth, healthcare information or other data that can be used to commit identity theft, courts have typically found that plaintiffs in such cases lack standing to pursue their claims in federal court.
Continue Reading 8th Circuit Decision in SuperValu Class Action is a Reminder that Injury and Damages Aren’t the Same Thing.
Court Ruling in Saks Data Breach Case Illustrates That Threshold for Article III Standing Is Low
For years, plaintiffs in data breach class actions have argued that the threshold for Article III standing is low – and increasingly courts are accepting that argument. The Saks data breach class action, pending in the Southern District of New York, is the latest example of a federal court finding that Article III standing exists even where the plaintiff’s asserted injuries are very minimal.
Continue Reading Court Ruling in Saks Data Breach Case Illustrates That Threshold for Article III Standing Is Low
Illinois Supreme Court: No ‘Actual Harm’ Required for Biometric Information Privacy Act Claims
The Illinois Supreme Court held on January 25, 2019, that plaintiffs filing suit under the Biometric Information Privacy Act—which regulates how private entities disclose and discard biometric identifiers—do not need actual damages for standing. The decision has serious implications for companies collecting biometric data from Illinois residents.
The Act provides a private right of action to individuals “aggrieved” by any violation, allowing them to seek, among other remedies, liquidated or actual damages, attorneys’ fees, and costs. However, there has been widespread uncertainty as to whether an aggrieved individual asserting a private action under the Act needed to show that he or she suffered an actual injury as a result of an alleged violation, or if a violation of the Act in and of itself conveys standing.
Continue Reading Illinois Supreme Court: No ‘Actual Harm’ Required for Biometric Information Privacy Act Claims