Apple Accused of Unlawfully Disclosing Users’ iTunes Data

Drawing on public criticism of Apple Inc.’s (Apple) privacy practices, in a class action complaint filed in the Northern District of California on May 24, 2016, several Apple users have accused Apple of selling its customers’ personal information and iTunes listening history to third-parties in an effort to “supplement its revenues and enhance the formidability of its brand[.]” The named plaintiffs in the proposed class action are Leigh Wheaton, a resident of Rhode Island, and Jean and Trevor Paul, residents of Michigan. Each have alleged…
Continue reading...

Employees’ Claim Under the Illinois Biometric Information Protection Act Escapes Arbitration Provision in Employment Agreement

A recent decision by an Illinois appellate court analyzed whether employees’ privacy violation claims fall within their employment agreements’ arbitration provision. At issue was an employer’s use of biometric information collected from its employees and the consequences of doing so in a manner that was allegedly inconsistent with applicable law, and whether those claims are subject to arbitration, rather than litigation in a court of law.  The Illinois Biometric Information Act As the court noted, the Illinois Biometric Information Protection Act was enacted in 2008…
Continue reading...

Absence of DOJ Regulations Does Not Bar Liability for Failure to Comply with the ADA

In the face of an ever-growing number of lawsuits based upon allegedly non-ADA compliant website designs, defendants have enjoyed little success obtaining dismissal at the pleadings stage of proceedings. One lingering glimmer of hope had been the viability of a due process argument premised upon the “primary jurisdiction” defense, which formed the basis of Judge Otero’s decision dismissing the plaintiff’s complaint in Robles v. Domino’s Pizza, LLC. In short, the defendant argued that the plaintiff’s action must be either stayed or dismissed because the…
Continue reading...

As If 200 Class Action Lawsuits Weren’t Enough…

The Illinois Supreme Court finally made its long awaited ruling on standing to sue under the Illinois Biometric Information Privacy Act (BIPA), siding with the class action representative in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, and allowing persons having suffered no actual injury to maintain a cause of action under BIPA.  BIPA has already given rise to 200+ putative class action lawsuits against businesses nationwide, including those with any measureable operation in Illinois. Businesses have fought back, arguing that BIPA’s private…
Continue reading...

Russian Company Whose Employee Was Charged With Election Meddling Sues Facebook to Have Account Restored

A Russian company known as Federal Agency of News, LLC (FAN), whose accountant was indicted by federal prosecutors for her alleged role in “Project Lakhta” – a Russian interference operation in political and electoral systems targeting populations in, among other places, the United States – has sued Facebook alleging it is a legitimate news outlet whose Facebook account must be restored. On November 20, 2018, FAN and its sole shareholder, Evgeniy Zubarev, commenced suit against Facebook in the United States District Court, Northern District of
Continue reading...

Sixth Circuit Uses Every Tool in the Box To Build Case for Coverage for Defrauded Policyholder

July 12, 2018, we reported on the Medidata decision handed down by the Second Circuit in which the court found coverage for a claim resulting from social engineering fraud. We suggested the ruling in Medidata lacks persuasive power due to its unusual factual circumstances and atypical policy language. The Sixth Circuit’s decision in American Tooling Center, Inc. v. Travelers Casualty & Surety Co. of America, No. 17-2014, 2018 WL 3404708 (6th Cir. July 13, 2018), will have more persuasive power, but due to…
Continue reading...

Second Circuit’s Decision Upholding Social Engineering Fraud Coverage Likely a Paper Tiger

In a case closely monitored by the insurance industry, the Second Circuit upheld in a non-precedential summary order a New York federal district court’s summary judgment finding coverage under the computer fraud coverage of a commercial crime policy. Medidata Solutions, Inc. v. Fed. Ins. Co., No. 17-2492, 2018 WL 3339245 (2d Cir. 2018). Although the policyholders are apt to tout the decision as a seismic victory, the atypical policy language and factual circumstances should greatly limit its persuasive value. As background, the insured, Medidata…
Continue reading...

Fifth Circuit Shops for Implicit Allegations Wrongdoing Against Liquor Store Chain To Avoid Policy Exclusion

The Fifth Circuit Court of Appeals in Spec’s Family Partners, Ltd. v. Hanover Insurance Co. (No. 17-20263, Jun. 25, 2018), afforded a contractual liability exclusion a narrow interpretation to deny an insurer judgment in its favor.  The coverage litigation resulted from Hanover Insurance Company’s (Insurer) refusal to pay Spec’s Family Partners’ (Spec’s) litigation costs in connection with a payment card industry (PCI) liability dispute between Spec’s and First Data Merchant Services, LLC (First Data) following a data breach. The Spec’s credit card network had been…
Continue reading...

Eleventh Circuit Vacates FTC Order against LabMD as Lacking Specificity Necessary to Protect Due Process Rights

The Court of Appeals for the Eleventh Circuit has overturned an FTC cease and desist order enjoining LabMD to install a reasonable data-security program, issued in response to the disclosure of a single computer file containing personal information regarding 9,300 customers. Agreeing with arguments from the now-defunct LabMD, the court determined “that the order is unenforceable because it does not direct LabMD to cease committing an unfair act or practice within the meaning of Section 5(a)” of the Federal Trade Commission Act (15 U.S.C. §…
Continue reading...

No More Chits to Call In: Computer Crime Policy Does Not Cover Fraudulent Transaction

In Interactive Communications International, Inc. v. Great American Insurance Company, a lawsuit closely monitored by those in the cyberinsurance space, the Eleventh Circuit affirmed a Georgia federal court’s decision, finding an insurance policy’s “Computer Fraud” coverage did not extend to certain losses caused by fraudsters. The decision comports with other recent decisions finding that social engineering fraud schemes do not satisfy the policy’s requirement of losses resulting directly from the use of a computer. Here, the devil was in the details. InComm operated a…
Continue reading...