The United States Court of Appeals for the Third Circuit, in Reilly v. Ceridian Corporation, 2011 U.S. App. LEXIS 24561, 3 (3d Cir., December 12, 2011), found that “allegations of an increased risk of identity theft resulting from a security breach” were insufficient to secure Article III standing.  In so doing, the court affirmed the dismissal of [...]

On November 2 – 3, 2011, about 600 persons from around the world attended the 33rd International Conference of Data Protection and Privacy Commissioners.   For those unable to make the trek to Mexico City, what follows is selected insight gained from several folks who attended and were kind enough to report back what was discussed in [...]

On October 20, 2011, the United States Court of Appeals for the First Circuit issued an opinion reversing a Maine District Court’s dismissal of negligence and implied contract claims against grocer Hannaford Brothers.  The underlying data breach publicly announced on March 17, 2008 by Hannaford led to a consolidated class action that was ultimately rejected in its entirety by the [...]

Earlier this year, the California Supreme Court ruled on the outer reach of a state statute meant to protect consumers during credit card transactions – the Song-Beverly Credit Card Act of 1971.  See Pineda v. Williams-Sonoma Stores, Inc., 51 Cal. 4th 524 (2011).  Specifically, Song-Beverly precludes retailers from requesting and recording a customer’s “personal identification [...]

In a widely anticipated decision, the United States Supreme Court today unanimously reversed a U.S. Court of Appeals for the Ninth Circuit ruling that allowed a class action to go forward against Wal-Mart.   And, in its majority ruling, the Court found that the action should be completely dismissed given that plaintiffs could not ultimately overcome [...]

On June 7, 2011, Senator Patrick Leahy introduced “The Personal Data Privacy and Security Act” — the fourth time he has introduced this particular piece of legislation.  According to the senator’s press release, the law would ”establish a national standard for data breach notification, and require American businesses that collect and store consumers’ sensitive personal information [...]

On May 18, 2011, Jacoby & Meyers Law Offices LLP filed lawsuits challenging state professional rules in New York, New Jersey and Connecticut that prohibit non-lawyers from having an ownership interest in law firms.  The New York lawsuit was filed in the United States District Court for the Southern District of New York and alleges that Rule 5.4 of [...]

Over the years, plaintiffs’ class action counsel have utilized their jet flyover time trying to create a claims theory that would be common to any victim of a data breach event.   For the reasons set forth in the first of this two-part post, theories based on a “fear of ID theft” or “lost time and [...]

Four years ago, the EU’s Article 29 Data Protection Working Party stated that it “considered IP addresses as data relating to an identifiable person” — even though such nuggets of information can only discern a likely geographic location.  Indeed, firms like Google and MaxMind routinely use IP addresses to help identify where Internet users are [...]

While some data breach victims will eventually sustain an ID theft, it is generally acknowledged that the vast majority will not.  Accordingly, the direct damages sustained by ID theft victims are not very helpful in a class action — there are just not enough plaintiffs.  Over the years, plaintiffs’ class action counsel have spent many [...]