The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Standing

  • From Vol. 4 No.42 (Dec. 12, 2018)

    Illinois Appellate Decision Creates Split on Standing to Sue Under BIPA

    The Illinois Biometric Information Privacy Act, a groundbreaking statute that specifies requirements for the collection and handling of biometric data, has been the basis for a number of standing cases. The recent decision by the Appellate Court of Illinois, First District, in Klaudia Sekura v. Krishna Schaumburg Tan, Inc., has lowered the bar for plaintiffs, although a pending Illinois Supreme Court decision in a different case may raise it again. This article analyzes the Decision and other relevant cases, with insights from Jackson Lewis principals Jason C. Gavejian and Joseph J. Lazzarotti. See also “Actions Under Biometric Privacy Laws Highlight Related Risks” (Dec. 6, 2017).

    Read Full Article …
  • From Vol. 4 No.2 (Jan. 31, 2018)

    Biometric Data Protection Laws and Litigation Strategies (Part One of Two)

    Both the public and private sectors are increasingly using biometric identification as a security method, making it more important than ever to understand the wide range of relevant legal requirements and restrictions. During a recent WilmerHale webinar, firm attorneys Jonathan G. Cedarbaum and Arianna Evers analyzed the regulatory landscape related to the collection and use of biometric data. In the first installment of our two-part series, we cover their presentation on relevant state laws and notable cases, litigation strategies and defenses. Part two will cover applicable federal and international regulations. See also “Actions Under Biometric Privacy Laws Highlight Related Risks” (Dec. 6, 2017).

    Read Full Article …
  • From Vol. 4 No.1 (Jan. 17, 2018)

    A Wake-Up Call: Data Breach Standing Is Getting Easier

    A year’s worth of federal appellate decisions that considered the standing issue following Spokeo demonstrate that plaintiffs have become increasingly more successful at persuading federal judges that they had pled a constitutional injury. This is a dramatic reversal in the trajectory of federal jurisprudence on “standing” in data breach cases and should be a wake-up call to companies that collect personal information from consumers, Boies Schiller Flexner attorneys Travis LeBlanc and Jon R. Knight argue. In this guest article, they analyze important standing decisions to date and provide advice to companies and their counsel on preparing for data breach litigation in 2018. See also “Third and Seventh Circuits Shed New Light on Spokeo Standing Analysis” (Feb. 8, 2017).

    Read Full Article …
  • From Vol. 3 No.3 (Feb. 8, 2017)

    Third and Seventh Circuits Shed New Light on Spokeo Standing Analysis

    After the Supreme Court’s 2016 Spokeo decision opened the possibility for statutory violations to form the basis for standing in data privacy cases even without a concrete harm, lower courts have offered their own interpretations highlighting the tension in the Spokeo holding. The Seventh Circuit and Third Circuit appellate courts recently came to different conclusions looking at claims of violations of different statutes, shedding new light on the issue. This article explores and explains these decisions. See also “Spokeo’s Impact on Data Breach Cases: The Class Action Floodgates Have Not Been Opened, But the Door Has Not Been Locked” (May 25, 2016).

    Read Full Article …
  • From Vol. 2 No.20 (Oct. 5, 2016)

    Eighth Circuit Sides With Defendants As the Spokeo Standing Battle Continues 

    In the aftermath of Spokeo, courts have had to wrestle with the notion of “concreteness” and the other facets of the standing doctrine in the statutory context. In Braitberg v. Charter Communications, Inc., the Eighth Circuit recently weighed in, finding standing cannot arise from a mere statutory violation alone without a consequent concrete harm. However, Spokeo still arguably leaves the door open for a plaintiff-friendly Article III analysis in the data privacy context or where the lawsuit stems from a hacking incident, Deborah Renner, a partner at BakerHostetler, says in a guest article. She examines the current state of Article III standing decisions in the context of the Eighth Circuit’s most recent pronouncement and discusses some of the most recent arguments likely to stand up on both sides of the bar. See “Making Sense of Conflicting Standing Decisions in Data Breach Cases” (Mar. 30, 2016).

    Read Full Article …
  • From Vol. 2 No.11 (May 25, 2016)

    Spokeo’s Impact on Data Breach Cases: The Class Action Floodgates Have Not Been Opened, But the Door Has Not Been Locked

    The U.S. Supreme Court’s highly anticipated decision in Spokeo, Inc. v. Robins makes a significant mark on the landscape of data breach cases addressing the threshold Article III standing issue. In this guest article, Thomas Rohback and Patricia Carreiro, a partner and associate, respectively, at Axinn, Veltrop & Harkrider LLP, examine the significance and implications of the May 16, 2016 decision and analyze the floodgate of cases in the past week where both plaintiffs and defendants have run to the court in reliance upon Spokeo. See also “When Do Consumers Have Standing to Sue Over Data Breaches?” (May 11, 2016).

    Read Full Article …
  • From Vol. 2 No.10 (May 11, 2016)

    When Do Consumers Have Standing to Sue Over Data Breaches?

    When a company is hacked, civil litigation often follows, and the types of claims brought against hacked companies – like in the recent P.F. Chang’s case – include a host of traditional common law and statutory claims. None of these claims can succeed, however, unless plaintiffs can establish standing. This threshold issue has plagued plaintiffs in data breach cases, but a federal appeals court recently ruled in their favor by reversing the dismissal of a class action. In a guest article, Thomas Rohback and Patricia Carreiro, a partner and associate, respectively, of Axinn, Veltrop & Harkrider, analyze the progeny of standing outcomes in data breach cases, including the Lewert v. P.F. Chang’s holding, and examine what this issue and others might look like in future data breach class actions. See also “Making Sense of Conflicting Standing Decisions in Data Breach Cases” (Mar. 30, 2016).

    Read Full Article …
  • From Vol. 2 No.7 (Mar. 30, 2016)

    Making Sense of Conflicting Standing Decisions in Data Breach Cases

    Does a data breach constitute a case or controversy for purposes of Article III standing? This is a threshold question that could dramatically change the course for data breach cases, yet the answer remains uncertain. If a court does not find standing, the proposed class cannot seek relief in court and plaintiffs’ relief would be limited to statutory damages and/or penalties imposed, for example, under various state data breach laws. In 2013, the United States Supreme Court’s decision in Clapper v. Amnesty International USA was widely seen to shut the courthouse door on data breach class actions. In 2015, however, some significant case law at the circuit court level called this belief into question. In a guest article, Christina H. Bost Seaton, a partner at FisherBroyles, surveys these developments and a case that could potentially change the landscape.

    Read Full Article …
  • From Vol. 1 No.18 (Dec. 9, 2015)

    Proactive Steps to Protect Your Company in Anticipation of Future Data Security Litigation (Part Two of Two)

    There are several steps companies can take before and after a data breach to best position themselves for the litigation likely to follow.  In this second installment of our coverage of a recent Mintz Levin webinar, partners Kevin McGinty and Mark Robinson explore best practices for internal investigations and common defenses in data breach class actions.  The first article featured insight from partner Meredith Leary on how companies can put themselves in the best position now to defend their actions post-breach and Robinson’s list of threshold questions that companies can ask themselves at the outset of a data breach internal investigation.

    Read Full Article …
  • From Vol. 1 No.16 (Nov. 11, 2015)

    Liability Lessons from Data Breach Enforcement Actions

    Inadequate cybersecurity measures can expose companies not only to data breach incidents, but to liability from multiple fronts, including state attorneys general, the FTC and civil litigants.  In a recent panel at the Practising Law Institute, Michael Vatis, a Steptoe & Johnson partner, and KamberLaw partner David Stampley discussed the dynamic enforcement and judicial climate in this space, distilling actionable takeaways from recent settlements with state attorneys general, FTC actions including Wyndham, and evolving consumer litigation jurisprudence.  The enforcement actions and litigations are instructive for companies seeking to fortify their internal information security and data privacy efforts and guard against the risk of liability in the event of a breach.  See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015). 

    Read Full Article …