The Supreme Court has issued its much anticipated opinion in Spokeo Inc. v. Robins, No. 13-1339, 578 U.S. ___ (2016) (click here for a prior post detailing the procedural history and case background). The Supreme Court granted certiarori in Spokeo to determine whether a bare violation of a statute – the Fair Credit Reporting Act […]
Litigation
FTC and Wyndham Settle Data Security Allegations
On December 9, 2015, the Federal Trade Commission announced that Wyndham Worldwide Corp., Wyndham Hotel Group LLC, Wyndham Hotels and Resorts, LLC, and Wyndham Hotel Management, Inc. (“Wyndham”) had agreed to settle FTC charges that the company’s security practices unfairly exposed the payment card information of consumers to hackers in three separate data breaches between […]
FTC’s Ability to Regulate Data Security Potentially Limited in FTC v. LabMD
A November 13, 2015 decision from the Federal Trade Commission’s Chief Administrative Law Judge, D. Michael Chappell, calls into question FTC enforcement in the data privacy space. The case began when the FTC filed a complaint on August 28, 2013 after an employee of LabMD, a cancer detection laboratory, downloaded peer-to-peer (“P2P”) software that exposed patient […]
Third Circuit Affirms FTC’s Authority to Regulate Data Security
On August 24, 2015, the Third Circuit affirmed U.S. District Court Judge Esther Salas’ April 2014 ruling in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) that the FTC has the authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act. (Prior blog posts on this case can be found here […]
Target, MasterCard Settlement Allowed to Proceed
The court in In re: Target Corporation Customer Data Security Breach Litigation (D. Minn. MDL No. 14-2522) today entered an order denying the plaintiffs’ motion to enjoin a settlement between MasterCard and Target stemming from the 2013 security breach of Target’s systems. The parties had agreed that Target would pay MasterCard $19 million for damages […]