Leveraging Knowledge to Manage Your Data Risks
On March 11, 2026, the Federal Trade Commission (FTC) announced an Advance Notice of Proposed Rulemaking (ANPRM) highlighting its Rule Concerning the Use of Prenotification Negative Option Plans, seeking comment on whether the rule should be amended or supplemented to better address deceptive or unfair negative option practices.
The FTC describes negative options as marketing…
While California’s wiretapping statute, the California Invasion of Privacy Act (CIPA), tends to dominate the conversation about the recent rise in wiretapping litigation, plaintiffs are also turning to other states’ wiretapping laws to target web tracking and session-replay tools. The U.S. Court of Appeals for the Third Circuit recently held that a website visitor could…
Carfax, Inc. faced an early loss in a closely-watched privacy case under the federal Driver’s Privacy Protection Act (DPPA), after a judge in Maryland refused to throw out a proposed class action alleging the company sold drivers’ personal information sourced from crash and vehicle records. The plaintiff alleges that Carfax obtained his DPPA-protected personal information…
As we reported last week, Stryker was attacked by Iranian-backed hackers in retaliation for Israeli and U.S. strikes against Iran. It was a significant cyberattack, known as a wiper attack. A wiper attack is designed not to extort money from a victim, but instead to send a message and destroy the victim’s data to…
The U.S. District Court for the Northern District of Georgia, in Veronica Bramlett, on behalf of herself and all others similarly situated v. RES 360 LLC and Peach City Properties LLC, No. 1:25-CV-3312-MLB (N.D. Ga. Mar. 4, 2026) recently granted in part and denied in part a motion to dismiss a Telephone Consumer Protection…
The U.S. Court of Appeals for the Fifth Circuit recently issued a significant Telephone Consumer Protection Act (TCPA) decision in Bradford v. Sovereign Pest Control of TX, Inc., No. 24-20379, Doc. 85-1 (5th Cir. Feb. 25, 2026). The court affirmed summary judgment for the company and held that the TCPA’s “prior express consent” standard does…
A newly filed putative class action in the Western District of Texas targets Bumble, Inc., over an alleged “massive and preventable” cyberattack in or around January 2026, in which attackers allegedly accessed highly sensitive user data stored in Bumble’s systems. The complaint alleges the compromised information included names, dates of birth, addresses, telephone numbers, Social Security numbers…
Figure Lending, LLC, which markets itself as America’s #1 non-bank Home Equity Line of Credit lender, has been named in a proposed federal class action following a reported cyber incident that allegedly exposed customer personal information. Mardikian v. Figure Lending, LLC, 3:26-cv-00135 (W.D.N.C. Feb. 19, 2026). The complaint alleges that the company’s systems were…
Website tracking litigation continues to generate high stakes compliance risk, but not all privacy statutes are moving through the courts at the same pace. A notable divergence is emerging between the Video Privacy Protection Act (VPPA) and the California Invasion of Privacy Act (CIPA). Where the first is rapidly heading toward definitive interpretation by the…
California resident Nathaniel Bee filed a lawsuit this week alleging that the ATP Tour’s website used third-party tracking technology that captured details on how visitors interacted with the site, including what content they viewed; how they navigated the website; and what type of device they used, without user consent in violation of the California Invasion…
