As noted in Dittman et al. v. The University of Pittsburgh Medical Center, Case No. GD-14-003285, previously reported on here, Pennsylvania has firmly adopted the approach that the Risk of Harm is Not Enough in Data Breach Actions. Still, data breaches have become some of the most noteworthy headlines in recent news. An increase in litigation has brought with it efforts to shrink the case load through the Article III requirement of standing. This means that courts are finding that the plaintiffs have not sufficiently established a concrete injury in order to seek remedies from the court. One of the main issues with data breaches is that once the data has been extracted or accessed, it is not necessarily always true that tangible harm will follow. Due to that nature, the Third Circuit established that when it comes to data breach actions, simply the risk of future harm does not suffice to save the claim. The seminal case of Reilly v. Ceridian Corp. held that where no actual misuse is alleged, “allegations of hypothetical, future injury do not establish standing under Article III.” 664 F. 3d 38 at 41 (3rd Circuit 2011).
Continue Reading Pennsylvania Continues to Rely on Third Circuit Holding that the Risk of Harm is Not Enough in Data Breach Actions
Regulatory Enforcement and Litigation
FTC Approves Settlement Order With Snapchat
On December 31, 2014, the Federal Trade Commission announced that it approved a final order settling charges against Snapchat.
In its complaint, the FTC charged Snapchat with deceiving consumers over…
Continue Reading FTC Approves Settlement Order With Snapchat
Billing Company Settles FTC Charges That It Misled Consumers Regarding Health Data Collection
The Federal Trade Commission recently announced that it settled charges against a health billing company and its former CEO that they misled consumers who had signed up for their online…
Continue Reading Billing Company Settles FTC Charges That It Misled Consumers Regarding Health Data Collection
The FCC – A New Data Security Regulator?
On October 24, the Federal Communications Commission (FCC) threw its hat into the data security regulation ring when it announced it intends to fine two telecommunications companies $10 million for…
Continue Reading The FCC – A New Data Security Regulator?
FTC Bans Twitter From Misleading Us for 20 Years
The Federal Trade Commission entered into a settlement with the social networking site Twitter on Thursday, June 25th. The settlement was the result two 2009 hacker breaches, which resulted in 35 user accounts (mostly celebrities and politicians) being compromised and passwords disclosed. Under the terms of the settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers. The company also must establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.
Continue Reading FTC Bans Twitter From Misleading Us for 20 Years
FTC Concerned About Retention of Scans on Copy Machines
It is not often that we come across something that just does not seem possible. Yesterday was one of those days, when the FTC announced that it is working with copy machine manufacturers to either end or severely restrict the existing practice of storing digital images captured on photocopiers. The FTC’s response was in reaction to a letter from Representative Ed Markey (D-MA) after seeing a CBS report last month on the issue.
Continue Reading FTC Concerned About Retention of Scans on Copy Machines
Litigation Update – Computer Fraud and Abuse Act
In the recent federal case in the Middle District of Tennessee, ReMedPar, Inc. v. AllParts Med., LLC, a split among federal circuit courts is apparent regarding the interpretation of…
Continue Reading Litigation Update – Computer Fraud and Abuse Act
TJX Reaches Settlement In Data Security Breach Investigation
…
Continue Reading TJX Reaches Settlement In Data Security Breach Investigation
Eleventh Circuit Court of Appeals Rejects Veterans’ Claims For Damages
On June 17, 2009, the Eleventh Circuit Court of Appeals affirmed the decision of the United States District Court for the District of Alabama and held that veterans were not…
Continue Reading Eleventh Circuit Court of Appeals Rejects Veterans’ Claims For Damages
Federal Circuit Court Of Appeals Rules That TJX Litigation May Proceed On State Law Claims
The First Circuit Court of Appeals has ruled that, by accepting credit cards for payment, retailer TJX and its processing bank, Fifth Third, could have negligently misrepresented to credit and…