Year: 2014

Hulu hoops: standing & damages as threshold issues in privacy cases

March 3, 2014 Administrator Leave a comment Privacy

Hulu hoops: standing & damages as threshold issues in privacy cases (Paul Hastings, Jan 2014) – Imagine you are in the mall, and you overhear an interaction between a clerk and another shopper. The clerk asks to see a drivers’ license to verify their identity. The clerk then remarks, “Your age makes you eligible for our senior discount-you get 10% off on this order!” The shopper, aghast, threatens to sue the store. It’s seemingly an empty threat-you can’t sue without being hurt, right? According to a California magistrate judge, that’s not necessarily true-at least in the context of privacy lawsuits. And as the number of privacy suits continue to skyrocket, that means the cost of doing business is about to go up. That commonsense inkling that someone must be injured in some tangible way to pursue a lawsuit (at least, a lawsuit in federal court) is codified in Article III of US Constitution, in a legal doctrine known as “standing.” To show standing, a plaintiff must allege an injury that is (1) “concrete and particularized” and “actual or imminent,” (2) traceable to an action by a defendant, and (3) able to be redressed by a decision of the court. This hurdle has been historically difficult to overcome in privacy suits, where the “injuries” are often nebulous concepts like a “violation of privacy” or “slowing down my computer with cookies.” See, e.g., In Re DoubleClick, Inc. Privacy Litigation, 154 F. Supp. 2d 497 (S.D.N.Y. 2001) (rejecting plaintiffs’ damages theories under the CFAA, holding that the cost of “remediate” cookies and the alleged decreased value of personal information fail to meet the CFAA damages requirement). But times, they are changing. The Ninth Circuit-a hotbed of innovation and the home jurisdiction for many of the tech companies being sued-has decided that in some cases, simply invoking the name of a federal statute and alleging its violation can provide standing.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

Target’s Derivative Lawsuit

March 2, 2014 Administrator Leave a comment Ethics

A new “target” on their backs: Target’s officers and directors face derivative action arising out of data breach (Global Regulatory Enforcement Law Blog, 30 Jan 2014) – In the wake of its massive data breach, Target now faces a shareholder derivative lawsuit, filed January 29, 2014. The suit alleges that Target’s board members and directors breached their fiduciary duties to the company by ignoring warning signs that such a breach could occur, and misleading affected consumers about the scope of the breach after it occurred. Target already faces dozens of consumer class actions filed by those affected by the breach, putative class actions filed by banks, federal and state law enforcement investigations, and congressional inquiries. This derivative action alleges that Target’s board members and directors failed to comply with internal processes related to data security and “participated in the maintenance of inadequate cyber-security controls.” In addition, the suit alleges that Target was likely not in compliance with the Payment Card Industry’s (PCI) Data Security Standards for handling payment card information. The complaint goes on to allege that Target is damaged by having to expend significant resources to: investigate the breach, notify affected customers, provide credit monitoring to affected customers, cooperate with federal and state law enforcement agency investigations, and defend the multitude of class actions. The derivate action also alleges that Target has suffered significant reputational damage that has directly impacted the retailer’s revenue.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

Data Breach Forces Lawsuit

February 28, 2014 Administrator Leave a comment Privacy, Security

A new “target” on their backs: Target’s officers and directors face derivative action arising out of data breach (Global Regulatory Enforcement Law Blog, 30 Jan 2014) – In the wake of its massive data breach, Target now faces a shareholder derivative lawsuit, filed January 29, 2014. The suit alleges that Target’s board members and directors breached their fiduciary duties to the company by ignoring warning signs that such a breach could occur, and misleading affected consumers about the scope of the breach after it occurred. Target already faces dozens of consumer class actions filed by those affected by the breach, putative class actions filed by banks, federal and state law enforcement investigations, and congressional inquiries. This derivative action alleges that Target’s board members and directors failed to comply with internal processes related to data security and “participated in the maintenance of inadequate cyber-security controls.” In addition, the suit alleges that Target was likely not in compliance with the Payment Card Industry’s (PCI) Data Security Standards for handling payment card information. The complaint goes on to allege that Target is damaged by having to expend significant resources to: investigate the breach, notify affected customers, provide credit monitoring to affected customers, cooperate with federal and state law enforcement agency investigations, and defend the multitude of class actions. The derivate action also alleges that Target has suffered significant reputational damage that has directly impacted the retailer’s revenue.

Provided by MERL

Image courtesy of FreeDigitalPhotos.net/Grant Cochran

Domain Names As Contractual Rights In Virginia

February 20, 2014 Administrator Leave a comment In the Law

Federal Court in Virginia court says domain names are not property, but contractual rights (Venkat Balasubramani, 14 Jan 2014) – Following the sex.com case from the Ninth Circuit , it is taken for granted that domain names are property that can be converted, sold, transferred, or subject to a creditor’s collection efforts. Interestingly, a federal district court in Virginia took a contrary view. The case arose out of a bankruptcy of Alexandria Surveys International. Two competing Alexandria surveying companies were trying to buy the assets of ASI and ended up with conflicting claims. The first company, Alexandria Surveys, LLC, acquired the telephone number and web address from Cox Communications, the provider, under the theory that these were executory contracts that could be taken over. However, the estate was reopened at the request of a second company (Alexandria Consulting Group) and in the second go around ACG purchased a bunch of assets from the trustee, including the web address and telephone number. The bankruptcy court ordered the ASL to turn over the web address and telephone number (and servers) to ACG. ASL objected, arguing that the web address and telephone numbers were not “property of the bankruptcy estate.” The district court agrees with ASL on appeal. The court largely relies on the Virginia Supreme Court’s decision in Network Solutions v. Umbro : “a domain name registrant acquires the contractual right to use a unique domain name for a specified period of time . . . ‘a domain name is not personal property but rather’ the product of a contract for services.” ACG tried to distinguish Umbro on the basis that it involved a garnishment proceeding, but the court says that the key part of the holding-that a domain name is a “contractual right”-applies regardless. The court says that because ASI did not have a property interest in the website and phone number at most it had a contractual interest and since the trustee did not assume it, there was nothing to be sold to ACG.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/jscreationzs.

Non-GPS Cell Tracking- Fact Or Fiction?

February 19, 2014 Administrator Leave a comment Tech for Lawyers

Scientific fact or junk science? Tracking a cell phone without GPS (ABA Judge’s Journal, Judge Herbert Dixon, 30 Jan 2014) – Increasingly, competing experts are offering opposing opinions on the reliability of determining the approximate location of a cell phone. In this article, Judge Dixon highlights the significant arguments by both sides and discusses the technology on which these arguments are based.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/sippakorn.

What Your IT Needs To Know About Data Security

February 18, 2014 Administrator Leave a comment Security

Five things your IT department wants [the GC] to know about data security (Thomson Reuters, 30 Jan 2014) – The year 2013 was pretty terrifying when it comes to data security. Amid the fears created by the breaches at Adobe and Target, plus the knowledge that big brother really has been watching us through the NSA, every corporate counsel ought to be concerned about data security at their organization. However, as the senior manager of IT Operations for Serengeti, a SaaS (software as a service) e-billing and matter management company, Anne-Marie Scollay explains that there is no “silver bullet that provides an impervious layer of security around data.” Anne-Marie frequently collaborates with legal departments and their IT teams as they evaluate Serengeti’s cloud solution and shares insights regarding data security.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.