Absence of DOJ Regulations Does Not Bar Liability for Failure to Comply with the ADA

In the face of an ever-growing number of lawsuits based upon allegedly non-ADA compliant website designs, defendants have enjoyed little success obtaining dismissal at the pleadings stage of proceedings. One lingering glimmer of hope had been the viability of a due process argument premised upon the “primary jurisdiction” defense, which formed the basis of Judge Otero’s decision dismissing the plaintiff’s complaint in Robles v. Domino’s Pizza, LLC. In short, the defendant argued that the plaintiff’s action must be either stayed or dismissed because the…
Continue reading...

As If 200 Class Action Lawsuits Weren’t Enough…

The Illinois Supreme Court finally made its long awaited ruling on standing to sue under the Illinois Biometric Information Privacy Act (BIPA), siding with the class action representative in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, and allowing persons having suffered no actual injury to maintain a cause of action under BIPA.  BIPA has already given rise to 200+ putative class action lawsuits against businesses nationwide, including those with any measureable operation in Illinois. Businesses have fought back, arguing that BIPA’s private…
Continue reading...

Russian Company Whose Employee Was Charged With Election Meddling Sues Facebook to Have Account Restored

A Russian company known as Federal Agency of News, LLC (FAN), whose accountant was indicted by federal prosecutors for her alleged role in “Project Lakhta” – a Russian interference operation in political and electoral systems targeting populations in, among other places, the United States – has sued Facebook alleging it is a legitimate news outlet whose Facebook account must be restored. On November 20, 2018, FAN and its sole shareholder, Evgeniy Zubarev, commenced suit against Facebook in the United States District Court, Northern District of
Continue reading...

Sixth Circuit Uses Every Tool in the Box To Build Case for Coverage for Defrauded Policyholder

July 12, 2018, we reported on the Medidata decision handed down by the Second Circuit in which the court found coverage for a claim resulting from social engineering fraud. We suggested the ruling in Medidata lacks persuasive power due to its unusual factual circumstances and atypical policy language. The Sixth Circuit’s decision in American Tooling Center, Inc. v. Travelers Casualty & Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), will have more persuasive power, but due to…
Continue reading...

Second Circuit’s Decision Upholding Social Engineering Fraud Coverage Likely a Paper Tiger

In a case closely monitored by the insurance industry, the Second Circuit upheld in a non-precedential summary order a New York federal district court’s summary judgment finding coverage under the computer fraud coverage of a commercial crime policy. Medidata Solutions, Inc. v. Fed. Ins. Co., No. 17-2492, 2018 WL 3339245 (2d Cir. 2018). Although the policyholders are apt to tout the decision as a seismic victory, the atypical policy language and factual circumstances should greatly limit its persuasive value. As background, the insured, Medidata…
Continue reading...

Fifth Circuit Shops for Implicit Allegations Wrongdoing Against Liquor Store Chain To Avoid Policy Exclusion

The Fifth Circuit Court of Appeals in Spec’s Family Partners, Ltd. v. Hanover Insurance Co. (No. 17-20263, Jun. 25, 2018), afforded a contractual liability exclusion a narrow interpretation to deny an insurer judgment in its favor.  The coverage litigation resulted from Hanover Insurance Company’s (Insurer) refusal to pay Spec’s Family Partners’ (Spec’s) litigation costs in connection with a payment card industry (PCI) liability dispute between Spec’s and First Data Merchant Services, LLC (First Data) following a data breach. The Spec’s credit card network had been…
Continue reading...

Eleventh Circuit Vacates FTC Order against LabMD as Lacking Specificity Necessary to Protect Due Process Rights

The Court of Appeals for the Eleventh Circuit has overturned an FTC cease and desist order enjoining LabMD to install a reasonable data-security program, issued in response to the disclosure of a single computer file containing personal information regarding 9,300 customers. Agreeing with arguments from the now-defunct LabMD, the court determined “that the order is unenforceable because it does not direct LabMD to cease committing an unfair act or practice within the meaning of Section 5(a)” of the Federal Trade Commission Act (15 U.S.C. §…
Continue reading...

No More Chits to Call In: Computer Crime Policy Does Not Cover Fraudulent Transaction

In Interactive Communications International, Inc. v. Great American Insurance Company, a lawsuit closely monitored by those in the cyberinsurance space, the Eleventh Circuit affirmed a Georgia federal court’s decision, finding an insurance policy’s “Computer Fraud” coverage did not extend to certain losses caused by fraudsters. The decision comports with other recent decisions finding that social engineering fraud schemes do not satisfy the policy’s requirement of losses resulting directly from the use of a computer. Here, the devil was in the details. InComm operated a…
Continue reading...

FTC Settles False Representation Claim Against Mobile Phone Manufacturer

The Federal Trade Commission (FTC) has settled with BLU Products, Inc. over allegations that the unlocked mobile phone manufacturer allowed a third-party provider to collect detailed personal information about its consumers without their knowledge or consent. In 2016, BLU Products admitted that a third-party app called “Wireless Update” has been “collecting unauthorized personal data in the form of text messages, call logs and contacts from customers” on some devices. The FTC alleged that BLU Products, its co-owner, and president falsely claimed that only information needed…
Continue reading...

Despite Recent High-Profile Dismissals, Wendy’s Shareholders Try Again with Cybersecurity-Related Derivative Lawsuit

The resilient plaintiff’s bar is not backing down from their quest to hold directors and officers personally liable for corporate misconduct that leads to cybersecurity breaches. Taking guidance from the failures which resulted in a string of dismissals of high-profile cybersecurity-related shareholder derivative lawsuits, a shareholder of the fast food-chain The Wendy’s Company is taking another shot to impose liability on corporate leadership for failing to take precautions against cyber-attacks. To be clear, these derivative cases are trying to hold the directors and officers liable…
Continue reading...