Archives: Enforcement & Litigation

Subscribe to Enforcement & Litigation RSS Feed

Supreme Court to Hear Microsoft Emails Case

In an order issued on October 16, 2017, the U.S. Supreme Court granted certiorari in United States v. Microsoft Corporation, a case with potentially far-reaching implications for the privacy of electronic data maintained by technology companies across the globe. The case, which Robinson+Cole has previously discussed here, here, and here, arises from a warrant obtained … Continue Reading

Vermont AG Settles with SAManage for $264,000 for Delayed Breach Notification

The Vermont Attorney General (AG) recently announced that it has settled with SAManage USA, a business support services company, for failing to timely notify 660 Vermont residents that their names and Social Security numbers were accessible through the online search engine Bing. In July of 2016, an employee of SAManage attached an excel spreadsheet containing … Continue Reading

Illinois Biometric Case Against Shutterfly Survives

We have been following biometric cases in Illinois, including the case against Shutterfly [view related posts]. Late last week, an Illinois federal judge denied Shutterfly’s motion to dismiss the case against Shutterfly alleging that it violates the Illinois Biometric Information Privacy Act when collecting and storing face geometry scans through facial recognition software. In allowing … Continue Reading

Supreme Court to Discuss Granting Review in Microsoft E-Mails Case October 6

The U.S. Supreme Court recently indicated that it will consider the federal government’s petition for a writ of certiorari in United States v. Microsoft Corp. at its conference scheduled for October 6, 2017. United States v. Microsoft is a “cutting edge” case that concerns the ability of law enforcement to obtain electronic documents stored abroad … Continue Reading

Lenovo Agrees to Settle Data Security Case with FTC and 32 AGs

The Federal Trade Commission (FTC) announced on September 5, 2017, that it has settled with Lenovo regarding allegations that Lenovo “harmed customers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.” According to the FTC’s complaint against Lenovo, it pre-loaded “man in the middle” software, VisualDiscovery that … Continue Reading

DOJ Announces Project Focused on Admissibility of Forensic Evidence

This morning, the U.S. Department of Justice (DOJ) announced an initiative aimed at “examining and strengthening forensic science.” Presumably, the initiative will impact how the DOJ approaches digital forensic evidence in criminal prosecutions. Deputy Attorney General Rod J. Rosenstein made the announcement at the International Association for Identification’s (IAI) conference in Atlanta, Georgia. The IAI … Continue Reading

Ashley Madison Settles Data Breach Case for $11.2M

Ashley Madison, which suffered a data breach in 2015 [view related posts here] involving the loss of 37 million users’ personal and financial information, has settled the suit for $11.2 million. Ashley Madison’s parent company previously settled data security allegations with 13 states and the Federal Trade Commission for $17.5 million, but ended up paying … Continue Reading

VTech Escapes Class Action Case Over Breach of 11 Million Toy Users’ Information

In November 2015, VTech Electonics North America LLC (VTech) announced that an unauthorized party infiltrated its network and gained access to the personal information of 5 million adults and 6.5 million children through its Learning Lodge app store, including their names, email addresses, security questions, photographs and messages [view related post]. One month following the … Continue Reading

FTC Settles Complaint Against Lead Generation Business Selling Consumers’ Sensitive Data

The Federal Trade Commission (FTC)  has announced that it has settled its Complaint against operators of the lead generation business Global Media, LLC and its CEO Christopher Kay for $104 million. The judgment has been suspended because the defendants are unable to pay it. It represents the amount the defendants made by selling loan applications. … Continue Reading

CoPilot Provider Support Services Settles with NYAG for $130,000 for Late Breach Notification

CoPilot Provider Support Services, Inc. (CoPilot), which provides health care companies with billing and insurance support services, has settled allegations by the New York Attorney General of failing to notify individuals of a data breach in a reasonable time for $130,000. CoPilot began investigating an unauthorized access to, and downloading of its reimbursement records through … Continue Reading

Reader’s Digest Publisher Settles Case Alleging It Sold Subscribers’ Personal Information for $8.2M

In what is being considered the largest-ever settlement of alleged violations of Michigan’s privacy law (the Michigan Preservation of Personal Privacy Act), the publisher of Reader’s Digest has agreed to pay out $8.2 million to settle a proposed class-action lawsuit brought by consumers who allege that the publisher sold subscribers’ personal information to data brokers … Continue Reading

New Nevada Law Recognizes Enforceability of Blockchain Transactions; Blocks Local Government Regulation and Taxation

Senate Bill 398, unanimously passed by the Nevada legislature and signed into law by the Governor on June 5th, represents the most far-reaching state legislation to date concerning the use of blockchain technology. Blockchain is a decentralized database system that can be used to track and manage a broad range of digital transactions. Originally conceived … Continue Reading

Illinois Court Rules That College Foundation Documents Subject to FOIA

On May 9, 2017, the Illinois Appellate Court held that the College of DuPage Foundation (Foundation), a fundraising organization for the public College of DuPage (College), is subject to the state’s open records law. In doing so, the Court rejected the Foundation’s argument that it was a charitable organization with no public role, and instead … Continue Reading

TCPA Class Action Tossed out After Hospital Provides Records Indicating Consent

Central Florida Regional Hospital (the Hospital) was released from a proposed class action last week for its alleged violations of the Telephone Consumer Protection Act (TCPA). The Hospital’s debt collector, Transworld Systems, allegedly made autodialed calls to collect overdue hospital debts without prior patient consent. Lead plaintiff, Charles Ivy, former emergency room patient at the … Continue Reading

Protection of Vendor Report and Documents as Work Product is Big Win for Experian

When assisting clients with emergency data breach response, and preparing and implementing a data privacy and security plan, it often becomes efficient, cost effective and necessary to hire outside vendors to assist with portions of the engagement. These activities include risk assessments, gap assessments, vulnerability testing, forensic analysis and security incident investigations. It is important … Continue Reading

Gather App Hit with TCPA Class Action Suit

Gather, a free app designed to allow users to create event invitations and send them to their contacts has been hit with a proposed TCPA class action suit. The named plaintiff alleges that Gather tricks users into giving Gather their contacts and then uses the contact information to send unsolicited texts to their contacts without … Continue Reading

Kmart Breach Settlement of $6.9M With Banks Approved by Court

Kmart’s proposed settlement with banks that had to reimburse customers following Kmart’s 2014 data breach was approved by an Illinois federal judge last week with one caveat: he wants to see how much each bank is being paid from the settlement, and he wants to see the plaintiffs’ attorneys’ billing records. The proposed deal reimburses … Continue Reading

Fourth Circuit Vacates $12M FCRA Class Action Judgment Against Experian

On May 11, 2017, the Fourth Circuit Court of Appeals vacated a $12 million judgment against Experian Information Solutions, Inc. (“Experian”) in a class action against the credit reporting bureau alleging violations of the Fair Credit Reporting Act (“FCRA”). Relying on the standard set forth by the U.S. Supreme Court in Spokeo, Inc. v. Robins, … Continue Reading
LexBlog