Privacy

In Wengui v. Clark Hill, Civil Action No. 19-3195 (JEB), 2021 U.S. Dist. LEXIS 5395 (D.D.C. Jan. 12, 2021), Judge B0asberg ordered production of internal investigation reports regarding a cybersecurity breach, which were not protected by the attorney client or work product privileges. Malicious cyberattacks have unfortunately become a routine part of our modern digital world. So have the lawsuits… Read More

In I.C. v. Zynga Inc., No. 20-cv-01539-YGR, 2021 U.S. Dist. LEXIS 2227 (N.D. Cal. Jan. 6, 2021), Judge Rogers held that the defendant was entitled to limited discovery from the class representatives to obtain information to bring a proper Petition to Compel Arbitration. Currently pending in each of the captioned cases is defendant Zynga Inc.'s motion to compel arbitration or, in… Read More

In In re StockX Customer Data Sec. Breach Litig., No. 19-12441, 2020 U.S. Dist. LEXIS 241178 (E.D. Mich. Dec. 23, 2020), Judge Roberts ordered the class representative’s claims to arbitration, despite the fact that they were minors when they signed the Terms of Service containing the Arbitration Clause. This action arises from a data breach to StockX's system which occurred… Read More

In Clare v. Clare, (9th Cir. 2020) 2020 DAR ___, the Court of Appeals for the 9th Circuit held that the Stored Communications Act (18 USC 2701, 2707 creates a private right of action against a person who intentionally accesses, without authorization, an electronic communication system, thereby obtaining an electronic communication in the system's electronic storage.  For this purpose, electronic storage… Read More

In Stasi v. Inmediata Health Grp. Corp., No. 19cv2353 JM (LL), 2020 U.S. Dist. LEXIS 217097 (S.D. Cal. Nov. 19, 2020), Judge Miller allowed a data security breach class action to proceed.  The basis of the class action was as follows: According to Plaintiffs' FAC,1 Inmediata provides billing and health record software and service solutions to healthcare providers. (FAC ¶¶… Read More

In Adkins v. Facebook, Inc., No. C 18-05982 WHA, 2020 U.S. Dist. LEXIS 214006 (N.D. Cal. Nov. 15, 2020), Judge Alsup granted preliminary approval of the Facebook data breach class action. This case arises from the September 2018 hack of Facebook. A prior order detailed the facts (Dkt. No. 153). In brief, certain access tokens permitted access to Facebook users'… Read More

In In re Sonic Corp. Customer Data Breach Litig. Fin. Insts., No. 1:17-md-02807-JSG, 2020 U.S. Dist. LEXIS 204169 (N.D. Ohio Nov. 2, 2020), Judge Gwin certified a data breach class.  The facts were as follows: Between April 7, 2017, and October 28, 2017, hackers used malware installed on point-of-sale systems at 762 Sonic restaurants to steal sales transaction payment card… Read More

In Holly v. Alta Newport Hosp., Inc., No. 2:19-cv-07496-ODW (MRWx), 2020 U.S. Dist. LEXIS 195652 (C.D. Cal. Oct. 21, 2020), Judge Wright dismissed a data breach class action because the class representative could not demonstrate compensable loss. Holly alleges that she suffered "emotional harm and distress and has been injured in her mind and body." (SAC ¶ 49.) She also… Read More

In Foster v. Health Recovery Servs., No. 2:19-CV-4453, 2020 U.S. Dist. LEXIS 186508 (S.D. Ohio Oct. 7, 2020), Judge Marbley found that at least one claim of damages for a data breach victim satisfied Art. III standing. In a recent data breach case brought pursuant to the FCRA, the [*14]  Third Circuit examined both the congressional judgment and common law factors… Read More

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory yesterday, alerting companies who engage with victims of ransomware attacks of potential sanctions risks for facilitating ransomware payments.  This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program. It identifies U.S. government resources for reporting… Read More