Article III

2023 was another busy year in the realm of data event and cybersecurity litigations, with several noteworthy developments in the realm of disputes and regulator activity.  Privacy World has been tracking these developments throughout the year.  Read on for key trends and what to expect going into the 2024.

Growth in Data Events Leads to Accompanying Increase in Claims

The number of reportable data events in the U.S. in 2023 reached an all-time high, surpassing the prior record set in 2021.  At bottom, threat actors continued to target entities across industries, with litigation frequently following disclosure of data events.  On the dispute front, 2023 saw several notable cybersecurity consumer class actions concerning the alleged unauthorized disclosure of sensitive personal information, including healthcare, genetic, and banking information.  Large putative class actions in these areas included, among others, lawsuits against the hospital system HCA Healthcare (estimated 11 million individuals involved in the underlying data event), DNA testing provider 23andMe (estimated 6.9 million individuals involved in the underlying data event), and mortgage business Mr. Cooper (estimated 14.6 million individuals involved in the underlying data event). Continue Reading 2023 Cybersecurity Year In Review

As courts throughout the country wrestle with Article III standing in Session Replay Code cases alleging violations of wiretapping laws, consumer protection statutes and privacy torts, another federal court from the Eastern District of Missouri has joined those recently holding that a plaintiff must allege the sharing of some type of personal or sensitive information on the website in question in order to adequately alleged a concrete harm supporting Article III standing. Where the plaintiff failed to do so, the Court found Plaintiff failed adequately allege a concrete harm and dismissed her putative class action complaint for lack of standing in Adams v. PSP Group, LLC, No. 4:22-CV-1210 RLW, 2023 WL 5951784, — F. Supp.3d —- (E.D. Mo. September 13, 2023).Continue Reading Missouri Federal Court Declines to Transfer Case to Join Session Replay Class Actions in Washington and Dismisses Case for Plaintiff’s Failure to Allege Standing

2022 was another year of high activity and significant developments in the realm of artificial intelligence (“AI”) and biometric privacy related matters, including in regard to issues arising under the Illinois Biometric Information Privacy Act (“BIPA”) and others.  This continues to be one of the most frequently litigated areas of privacy law, with several notable rulings and emerging patterns of new activity by the plaintiffs’ bar.  Following up on Privacy World’s Q2 and Q3 2022 Artificial Intelligence & Biometric Privacy Quarterly Newsletters, be sure to read on for a recap of key developments and insight as to where 2023 may be headed.
Continue Reading Privacy World 2022 Year in Review: Biometrics and AI

CPW’s Kristin Bryan, a 2022 Law360 Privacy & Cybersecurity MVP as well as a featured subject matter expert for LexisNexisChristina Lamoureux, and Margaret Booz have co-authored a new chapter of Lexis Practical Guidance titled “Biometric Privacy and Artificial Intelligence Legal Developments.” In this practice note, they explore emerging legal issues concerning the collection, use, and disclosure of biometric data and artificial intelligence (AI). This includes a discussion of the legal regimes often implicated in lawsuit trends that are likely a harbinger of future litigation, recent developments concerning Article III standing, damages, and class certification and settlement, among other considerations.
Continue Reading Available Now: CPW’s Kristin Bryan, Christina Lamoureux, and Margaret Booz Co-Author Lexis Practice Note on Biometric Privacy and Artificial Intelligence Legal Developments

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Passage of Federal Privacy Bill Remains Possible This Year, Remains a Continued Priority | Consumer Privacy World

Webinar Registration

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CPW’s Shea Leitch and Kyle Dull to Speak at ACC South Florida’s 12th Annual CLE Conference

CPW’s David Oberly

CPW’s Kristin Bryan, a 2022 Law360 Privacy & Cybersecurity MVP as well as a featured subject matter expert for LexisNexis, Jesse Taylor and Shing Tse teamed up to co-author a chapter of the Lexis Practical Guidance titled “Privacy, Cybersecurity and Data Breach Litigation: Key Laws and Considerations. In this practice

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Speaker Pelosi Expresses Concerns With Federal Privacy Bill’s Preemption Provision | Consumer Privacy World

The Cookie Crumbles – Lessons

A Seventh Circuit district court recently clarified that a Fair Debt Collection Practice (“FDCPA”) plaintiff may not satisfy Article III’s injury-in-fact requirement by alleging confusion and aggravation, even where a complaint generally alleges actual damages.

In Suxstorf v. Portfolio Recovery Assocs. LLC, Plaintiff brought claims under the FDCPA, 15 U.S.C. § 1692e against Defendant, Portfolio Recovery Associates LLC, a debt collector. In connection with an outstanding debt, Defendant sent Plaintiff a “permanent hardship” letter, in which Defendant offered to pause or cease its collection efforts upon a showing of permanent hardship. Defendant attached to the letter a “Permanent Hardship Request Form,” in which it requested certain consumer information to evidence permanent hardship, including: the consumer’s date of birth, the last four digits of the consumer’s Social Security number, the consumer’s employment status, whether the consumer is receiving unemployment benefits, whether the consumer is receiving Social Security benefits or any other financial assistance from the government, any other sources of income and a description of any financial hardship and the duration of that hardship.

Plaintiff alleged that Defendant’s request for such information was under false pretenses and that the actual purpose of requesting the information was to determine whether to bring suit against the consumer based on the information obtained from the permanent hardship letter. Plaintiff alleged that this practice violated, among other statutes, the FDCPA, 15 U.S.C. § 1692e(10), which prohibits a debt collector from using “any false representation or deceptive means to collect or attempt to collect any debt or to obtain information concerning a consumer.” 15 U.S.C. § 1692e(10). Plaintiff alleges that he was confused and misled by the letter and that he was required to spend time and money investigating the letter and the consequences of his response.  Continue Reading Federal Court Clarifies the Article III Standing Requirement for FDCPA Violations