Privacy & Cybersecurity Litigation

Anthem Settles Data Breach Litigation for Record-Setting $115M

June 27, 2017 By Andrew Liebler

Health insurance giant Anthem, Inc. agreed to the largest data breach settlement to-date last week, ending multi-district consumer litigation over a 2015 data breach for $115 million. The data breach, which resulted from a hacker-orchestrated cyberattack following the theft of an employee password, exposed personally identifiable information (“PII”) and protected health information (“PHI”) of nearly […]

Northern District of Illinois Dismisses Barnes & Noble Data Breach Lawsuit

June 19, 2017 By Gavin Reinke

Earlier this month, the United States District Court for the Northern District of Illinois entered an order dismissing with prejudice a putative class action concerning a security breach affecting PIN pad devices at numerous Barnes & Noble locations. The lawsuit, In re Barnes & Noble Pin Pad Litigation, No. 12-cv-8617 (N.D. Ill.), was brought by […]

Data Monetization and State Privacy Laws

June 15, 2017 By Privacy, Cyber & Data Strategy Team

On June 8, magazine publisher Trusted Media Brands, Inc. settled a class action lawsuit for $8.2 million after purportedly disclosing the personal information and magazine choices of customers to third parties. The lawsuit, Taylor v. Trusted Media Brands, Inc., No. 7:16-cv-01812 (S.D.N.Y. June 8, 2017), alleged that the publisher’s actions violated Michigan’s Video Rental Privacy […]

France adopts new regime for privacy class actions

December 13, 2016 By Privacy, Cyber & Data Strategy Team

A few weeks ago, France passed the Digital Republic Act which significantly enhances French citizens’ rights to privacy by offering new avenues to exercise rights and granting new powers to the French data protection authority. A recent amendment to the Data Protection Act, adopted November 18, 2016, goes a mile farther and introduces a new […]

ECJ Declares IP Addresses are Personal Data

October 19, 2016 By Daniel Felz

Today, the European Court of Justice (ECJ) issued its long-awaited decision in Breyer v. Germany. Breyer addresses the question of whether IP addresses are “personal data” for purposes of EU data protection law. As is widely known, personal data is any information that would permit a particular individual to be identified, whether directly or in […]