breach notifications

Data Breach Standing Goes Nationwide; Sixth Circuit Says Plaintiffs Have Standing to Sue

Data Breach Class Action Standing Galaria et al. v. Nationwide Mutual Insurance Company Sixth Circuit opinion

The Sixth Circuit joined the growing trend of appellate courts holding that plaintiffs had demonstrated standing for data breach class actions in Galaria et al. v. Nationwide Mutual Insurance Company.  In a recent order, the Sixth Circuit highlighted yet another fact that supports standing, that clients should consider in their post-breach response efforts:  a recommendation that consumers set up fraud alerts and place security freezes on credit reports, without an accompanying offer to pay for the security freeze itself.

READ MORE

The FCC’s Proposed Privacy Regulations: What They Mean for ISPs and Those That Do Business with Them

Internet Service Providers

The Federal Communications Commission (“FCC”) recently issued a proposed set of privacy regulations that, if passed, will have broad implications for broadband providers, as well as for the companies that collect or receive information from them.  We recently authored an article in Law360 that outlines the key elements of the FCC’s Notice of Proposed Rulemaking (“NPRM”), includes some of the questions that the FCC is seeking comment on regarding the proposed regulations, and identifies how the regulations may impact business models and practices for companies that are not Internet Service Providers.

READ MORE

7th Circuit Revives P.F. Chang’s Data Breach Class Action Suit

data breach

Last week, the Seventh Circuit revived a data breach class action against P.F. Chang’s restaurant in an important opinion that continues a plaintiff-friendly trend that began with the court’s opinion in the Neiman Marcus case that we previously reported on here.  The court used statements that P.F. Chang’s made in response to the breach and protective remediation measures it implemented to draw inferences that customers were at a risk of identity theft and harm, and then used those inferences to find that plaintiffs had standing to proceed with their litigation.  The case raises new issues that organizations should consider in crafting post-breach communications, and important takeaway lessons that may help increase the likelihood of obtaining dismissal of data breach class actions at the pleadings stage.

READ MORE