Month: March 2014

Hulu hoops: standing & damages as threshold issues in privacy cases

March 3, 2014 Administrator Leave a comment Privacy

Hulu hoops: standing & damages as threshold issues in privacy cases (Paul Hastings, Jan 2014) – Imagine you are in the mall, and you overhear an interaction between a clerk and another shopper. The clerk asks to see a drivers’ license to verify their identity. The clerk then remarks, “Your age makes you eligible for our senior discount-you get 10% off on this order!” The shopper, aghast, threatens to sue the store. It’s seemingly an empty threat-you can’t sue without being hurt, right? According to a California magistrate judge, that’s not necessarily true-at least in the context of privacy lawsuits. And as the number of privacy suits continue to skyrocket, that means the cost of doing business is about to go up. That commonsense inkling that someone must be injured in some tangible way to pursue a lawsuit (at least, a lawsuit in federal court) is codified in Article III of US Constitution, in a legal doctrine known as “standing.” To show standing, a plaintiff must allege an injury that is (1) “concrete and particularized” and “actual or imminent,” (2) traceable to an action by a defendant, and (3) able to be redressed by a decision of the court. This hurdle has been historically difficult to overcome in privacy suits, where the “injuries” are often nebulous concepts like a “violation of privacy” or “slowing down my computer with cookies.” See, e.g., In Re DoubleClick, Inc. Privacy Litigation, 154 F. Supp. 2d 497 (S.D.N.Y. 2001) (rejecting plaintiffs’ damages theories under the CFAA, holding that the cost of “remediate” cookies and the alleged decreased value of personal information fail to meet the CFAA damages requirement). But times, they are changing. The Ninth Circuit-a hotbed of innovation and the home jurisdiction for many of the tech companies being sued-has decided that in some cases, simply invoking the name of a federal statute and alleging its violation can provide standing.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

Target’s Derivative Lawsuit

March 2, 2014 Administrator Leave a comment Ethics

A new “target” on their backs: Target’s officers and directors face derivative action arising out of data breach (Global Regulatory Enforcement Law Blog, 30 Jan 2014) – In the wake of its massive data breach, Target now faces a shareholder derivative lawsuit, filed January 29, 2014. The suit alleges that Target’s board members and directors breached their fiduciary duties to the company by ignoring warning signs that such a breach could occur, and misleading affected consumers about the scope of the breach after it occurred. Target already faces dozens of consumer class actions filed by those affected by the breach, putative class actions filed by banks, federal and state law enforcement investigations, and congressional inquiries. This derivative action alleges that Target’s board members and directors failed to comply with internal processes related to data security and “participated in the maintenance of inadequate cyber-security controls.” In addition, the suit alleges that Target was likely not in compliance with the Payment Card Industry’s (PCI) Data Security Standards for handling payment card information. The complaint goes on to allege that Target is damaged by having to expend significant resources to: investigate the breach, notify affected customers, provide credit monitoring to affected customers, cooperate with federal and state law enforcement agency investigations, and defend the multitude of class actions. The derivate action also alleges that Target has suffered significant reputational damage that has directly impacted the retailer’s revenue.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.