Litigation

Subscribe to Litigation via RSS
money-7923867_1280

An increasingly aggressive plaintiffs’ bar has brought purported class action suits based on the nearly ubiquitous use of tracking technologies used for website analytics. Although any actual harm to the plaintiffs is difficult to articulate, the health care industry has been plagued by a series of these cases. Now the plaintiffs may be moving to financial services with the potential for statutory penalties of hundreds of dollars per user when a duty of confidentiality can be credibly implicated. 

The tracking tags, pixels and similar website analytics technologies are nothing new. Rather, the technologies at issue in such complaints are widely used on websites and mobile applications across industries, including by government entities, to collect information about user behaviors and interactions with the online platform where they are embedded. That information is then sent to a third party for analytics used to enhance user experience on the platform. Many of these technologies are integral to an organization’s ability to ensure its websites and applications are functioning properly, among other things providing crash reports when users encounter issues. Additionally, many consumer-facing businesses contract with third parties to provide session replay scripts, a software that monitors and records web-user activity such as keystrokes, clicks, and scrolling.  Despite the pervasiveness of these technologies, plaintiffs have seized on ambiguities in the California state wiretap act, known as the California Information Privacy Act, as well as federal wiretap law as the basis for exceptionally large damage demands.Continue Reading Pixel Litigation Risk at Financial Institutions

lady-justice-2388500_1280

The U.S. Department of Justice (DOJ) announced last Wednesday that settlements and judgments under the False Claims Act (FCA) exceeded $2.9 billion in fiscal year 2024—up approximately 5% from last year. DOJ’s announcement underscores its commitment to FCA enforcement, particularly in the healthcare industry and now with increased activity in the areas of pandemic

24_1742_12 Days of Data_Graphic_1029

Data breaches made headlines throughout 2024, affecting governments, health care groups, and telecoms. Follow-on litigation has kept pace. Nearly 4,000 class actions involving data privacy issues are estimated to be filed in federal courts by the end of this year.

Growth in litigation meant that 2024 saw legal developments in several areas including standing to sue and web video suits. Increased attention on cybersecurity and privacy incidents unsurprisingly corresponded with active SEC enforcement and derivative suits related to inadequate data security.Continue Reading Unwrapping 2024’s Key Trends in Data Privacy Litigation

kirk-shannon-capone

On this episode of the R&G Tech Studio podcast, managing principal and global head of advanced E-Discovery and A.I. strategy Shannon Capone Kirk sits down with data, privacy & cybersecurity partner Fran Faircloth to discuss how new and ever-evolving technology is impacting her clients, particularly generative AI, and the challenges that arise in litigation and

Following up on announcements of sweeps from late January, last week California Attorney General Rob Bonta announced a settlement with the popular food delivery service DoorDash related to allegations that DoorDash breached the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). The announcement doubles down on the Attorney General’s reiteration that privacy will continue to be priority for his office, while the new California Privacy Protection Agency (CPPA) is getting up to speed.Continue Reading DoorDash and California Attorney General Reach Settlement Over Privacy Allegations

Looking back on 2023, the trend of privacy-based class actions has only increased, and it doesn’t seem poised to halt or even slow down in the new year. Businesses are feeling acutely the threat of future litigation. At the end of 2022, the hundreds of cross-industry respondents to the Annual Litigation Trends Survey cited cybersecurity, data protection, and data privacy as the second-highest ranked area of future concern for class actions, and their concerns turned out to be justified. From peeved Pixel plaintiffs to data breach defendants, class actions abounded this year.Continue Reading Dashing Through 2023’s Privacy Litigation Trends

On this episode of the R&G Tech Studio, litigation & enforcement partner Ama Adams, who’s also the managing partner of Ropes & Gray’s Washington, D.C. office, sits down with data, privacy & cybersecurity partner Fran Faircloth to discuss how she helps clients bridge the gap between ongoing national security concerns and the rapidly evolving

Illinois continues to be a hotbed of privacy litigation, in large part due to Illinois’s landmark Biometric Information Privacy Act (BIPA), which was enacted in 2008. Despite the flood of cases in the wake of Rosenbach v. Six Flags Ent. Corp., 2019 IL 123186, 129 N.E.3d 1197 (Ill. 2019), this is only the first BIPA class action lawsuit to proceed to trial. On October 12, 2022, in Richard Rogers v. BNSF Railway Company (Case No. 19-C-3083, N.D. Ill.), a federal jury in Chicago found in favor of a class of more than 44,000 truck drivers who alleged that BNSF Railway Company (BNSF) violated BIPA by unlawfully scanning employee fingerprints for identity verification purposes without giving notice and obtaining their prior written permission. U.S. District Judge Kennelly entered a judgment against BNSF for $228M in damages. This case highlights many important considerations for organizations deploying biometric technologies in Illinois, including the potential for vicarious liability for a vendor’s actions, and provides valuable insight into how damages in BIPA cases are calculated. This decision from the Illinois court demonstrates that defendants can face significant civil liability in BIPA litigation, and companies using or collecting biometric information should be aware of these risks.Continue Reading First-Ever BIPA Trial – Jury Awards Staggering $228M in Damages

LEGAL_supreme court_SS_33353323_XL_rgb copy

On June 24, 2022, the U.S. Supreme Court issued its ruling in Dobbs v. Jackson Women’s Health Organization, overturning Roe v. Wade and holding that there is no constitutionally protected right to abortion. The significance of the decision cannot be overstated. Dobbs not only rolled back the Court’s prior protection of reproductive rights, it also raised still-unanswered questions about the privacy of digital data and could lead to the overturning of other previous Court opinions that are similarly grounded in privacy interests. In sparking such questions, Dobbs appears to have reinvigorated a national conversation regarding the protection of personal information and, more generally, the need for stronger data privacy safeguards in the United States.Continue Reading Four Months after Dobbs, Privacy Concerns Remain in the Spotlight

On October 5, 2022, Joe Sullivan, Uber’s former Chief Security Officer, was convicted of “obstruction of the proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of a 2016 hack at Uber.” He faces up to eight years in prison. The conviction marks the first time that an individual company executive has faced criminal charges related to an information security breach.Continue Reading Former Chief Security Officer of Uber Convicted for Mishandling 2016 Data Breach