Articles Posted in Privacy Law

Published on:

A recent class action lawsuit filed against Facebook may end up having far-reaching implications for large companies that do business all over the country. The lawsuit has to do with the facial recognition technology the social media company utilizes to allow users to “tag” themselves and each other in photos that get posted on the site.

The named plaintiffs of the class action lawsuit sued Facebook in Illinois for allegedly violating the Illinois Biometric Information Privacy Act (BIPA). The law requires companies using facial-recognition software to inform their customers of the facial-geometry data that is being collected, how long the information is stored for, and how it gets used.

The law also requires companies to get a written release from consumers to authorize the company to collect the data. Negligent violations of BIPA come with statutory damages of $1,000 and $5,000 for violations that are considered to be intentional and reckless. Continue reading

Published on:

It is common for parties involved in a lawsuit, especially a large class action, to settle their legal claims outside of court, instead of pursuing the dispute all the way to a court ruling. But just because one party makes an offer, does not mean the other party is required to accept that offer. Each side will agree to or reject an offer to settle the dispute based on a number of factors, of which the amount of the settlement is just one.

In some cases involving statutory damages, such as allegations of violating the Telephone Consumer Protection Act (TCPA), if a defendant offers to pay the lead plaintiff all actual and statutory damages in full, the plaintiff’s claims are considered null and void, regardless of whether the plaintiff accepts the terms of the settlement. This allows defendants to avoid a large and costly class action lawsuit by paying off the claims of just one plaintiff. But that recently changed with a ruling by the Supreme Court. Continue reading

Published on:

The drastic advances in technology that have happened in recent years make many aspects of modern living much easier, but they have also put certain aspects of our lives at risk that were never at risk before. For example, as people use cash less and less and increasingly rely on their credit cards to pay for their everyday purchases, more and more people have had their credit cards compromised and used to pay for purchases they never authorized. It is now common for credit card companies to offer credit card protection, in which users won’t be made to pay for purchases they did not authorize, but credit card companies usually charge an extra fee for that protection.

Data security is doing its best to keep up with the hackers, but that’s not always possible. Many companies, especially large chains, have suffered data breaches in which hackers illegally gain access to customers’ credit card information. Since it is often very difficult, if not impossible, to locate and prosecute the hackers themselves, the company that suffered the data breach is often faced with a class action lawsuit from customers who had their credit card information exposed as a result of the company’s failure to have the proper protections in place. Continue reading

Published on:

 

The rulings made by appellate courts can affect many decisions to come in rulings made by lower courts all over the country. In a recent data breach lawsuit against Neiman Marcus, the retailer argued the ruling made by the Seventh Circuit Court could have long-term effects on data breach law if the court failed to change its ruling.

The court denied Neiman Marcus’s appeal and let its initial decision stand.

The consumer lawsuit consists of a proposed class of about 350,000 plaintiffs who allegedly suffered financial damages as a result of a security breach of Neiman Marcus’s systems in 2013. The plaintiffs allege the retailer did not take all necessary precautions in preventing or mitigating a security breach that exposed customers’ payment card details. The data breach lawsuit also alleges Neiman Marcus did not notify its customers of the data breach in a timely manner, once the security attack had happened. Continue reading

Published on:

Data Breach Cases

We are investigating various data breach cases and will bring class actions on behalf of victims of data breaches such as the Target, Ashley Madison, Sony and Home Depot data breaches.

Contact Us if You Are a Victim of the Ashley Madison Data Breach or of Another Data Breach

Published on:

 

It is widely accepted that the Internet is not a safe place for private or confidential information. Yet, when sensitive information gets leaked, people look for someone to blame. In some instances, they are correct and can bring a privacy claim especially when they can show direct injury due to the privacy breach. In other instances where they suffer no injury they have no claim.

In June of 2012, LinkedIn experienced a security breach and the passwords of 6.5 million users were posted online. A few days later, two premium LinkedIn users, Katie Szpyrka and Khalilah Wright, filed a class-action lawsuit against LinkedIn on behalf of all users.

The lawsuit alleged that LinkedIn had failed to store passwords in salted SHA1 hashed format. According to the lawsuit, this is basic industry standard security practice and, by failing to adhere to them, LinkedIn had failed to abide by its Privacy Policy.

What the Privacy Policy actually states is:
“In order to help secure your personal information, access to your data on LinkedIn is password-protected, and sensitive data (such as credit card information) is protected by SSL encryption when it is exchanged between your web browser and the LinkedIn website. To protect any data you store on our servers, LinkedIn also regularly audits its system for possible vulnerabilities and attacks, and we use a tierone secured-access data center.

“However, since the internet is not a 100% secure environment, we cannot ensure or warrant the security of any information you transmit to LinkedIn. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

“It is your responsibility to protect the security of your login information. Please note that emails, instant messaging, and similar means of communication with other Users of LinkedIn are not encrypted, and we strongly advise you not to communicate any confidential information through these means.”

LinkedIn’s Privacy Policy does not promise industry standard security practices and, in fact, warns the user that, despite their efforts, breaches can occur. In court, the plaintiffs admitted that they had not even read the Privacy Policy, which no doubt weakened their argument.
The lawsuit also filed for damages based on the allegation that the premium users had paid LinkedIn in order to access the premium membership status of the social networking site. The plaintiffs expected this to include enhanced security measures but the premium membership offers no such thing. Rather, it merely offered more advanced tools and usage of LinkedIn’s services. Heightened security measures were never offered as part of the premium membership and, as such, the plaintiffs could not prove that they received any financial harm or injury.
The plaintiffs also failed to prove that the injuries they suffered as a result of the breach were “concrete and particularized” or “actual and imminent”. No one stole their identities or got into their accounts and, on these grounds, the judge dismissed the lawsuit.

Continue reading