Recently, the United States Court of Appeals for the Seventh Circuit, in a unanimous decision, prevented plaintiffs from imposing massive liability on a company accused of violating the Illinois Biometric Information Privacy Act (“BIPA”) and held that Illinois’ 2024 amendment decreasing BIPA damages applies retroactively.
Continue Reading Seventh Circuit Holds Amendment Decreasing BIPA Exposure Applies Retroactively
Mass arbitrations—where a plaintiffs’ firm brings dozens, hundreds, or thousands of identical claims against a business—is a mechanism increasingly relied upon by the plaintiffs’ bar in the past few years. This is because mass arbitrations enable a plaintiffs’ firm to create settlement pressure by leveraging unavoidable arbitration fees borne by a business regardless of the merits of the claims filed. Further powered by litigation funding, plaintiffs’ firms have used the mass arbitration device to bring vexatious claims and escape review of the merits or any downside risk.
Continue Reading 2025 Mass Arbitration Year in Review
In early October, a federal court in the Northern District of Illinois refused to dismiss a privacy litigation brought against a healthcare website operator for claims under the Electronic Communications Privacy Act (ECPA). The court held that the plaintiff plausibly alleged that Defendant violated the Health Insurance Portability and Accountability Act (HIPAA) by revealing to a third party that she clicked on the login button to the healthcare provider’s patient portal, and, as a result, disclosed her individually identifiable healthcare information—even though no third-party data collection tools were installed on the patient portal itself. Hartley v. Univ. of Chi. Med. Ctr., Case No. 22-cv-5891, 2025 WL 2802317 (N.D. Ill. Oct. 1, 2025). However, at the same time, the court dismissed certain claims arising out of Plaintiff’s use of a “find-a-physician feature,” rejecting the full scope of Plaintiff’s theories. On the balance, this decision unfortunately broadens the scope of potential liability under the ECPA and will likely result in ECPA suits being brought against website operators in the healthcare sector.
Continue Reading Federal Court Holds That Button-Click Data From Public Website Can Disclose Patient Status in Violation of the ECPA
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
2024 Data Privacy Thought Leadership Series
The Trade Practitioner Blog Features Post on Key Takeaways from the Proposed August 2024
SPB’s Gabrielle Martin authored a piece on the recently passed Illinois HB 3773. The bill amends the Illinois Human Rights Act to protect employees against discrimination from, and require transparency about, the use of AI in employment-related decisions. Head over to Employment Law Worldview, for an in-depth discussion of the bill, including a contrast
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Australian Privacy Regulator Commences Penalty Proceedings Against Medibank | Privacy World
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Singapore Publishes Generative AI Model Governance Framework | Privacy World
FCC Chair Proposes Investigation of Potential Disclosure Requirements for AI-Generated
Last week, the Illinois House of Representatives joined the Illinois Senate in passing amendments to the state’s Biometric Information Privacy Act (“BIPA”) to limit the scope of possible damages for violations of BIPA. As covered extensively here on PW, last year in Cothron v. White Castle, the Illinois Supreme Court held that an individual person accrues a separate statutory claim each time a defendant collects or discloses the individual’s biometric information in violation of BIPA. While the dissent in Cothron accurately observed that the combination of statutory damages and “per-scan” accrual meant that businesses could face “punitive, crippling liability . . . wildly exceeding any remotely reasonable estimate of harm,” the Cothron majority determined that “concerns about potentially excessive damage awards under the Act are best addressed by the legislature.”
Continue Reading Illinois Legislature to Amend BIPA to Overrule Illinois Supreme Court Damages Decision
The Illinois Genetic Information Privacy Act, 410 ILCS 513/1, et seq. (“GIPA”), which was passed in 1998 and amended in 2008, had until recently received little attention from the plaintiffs’ bar. That changed last August, after a court granted certification in a federal GIPA class action involving alleged unauthorized disclosure of consumers’ genetic information to unknown third-party developers by a website that sold DNA analysis reports. See Melvin v. Sequencing, LLC, 344 F.R.D. 231, 233 (N.D. Ill. 2023). Over 50 GIPA cases were filed in 2023 alone in the wake of that ruling, with many more now pending in Illinois state and federal courts. As this litigation trend continues almost a year following the granting of class certification in Melvin, companies are asking: what is GIPA, are we subject to it, and what should we do to mitigate litigation risk? Employers, insurance companies, and others that collect health- and genetic-related information should read on to learn more.
Continue Reading Employers and Insurance Companies Continue To Be Targeted with Deluge of Claims Under the Illinois Genetic Information Privacy Act
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Notes from the Asia Pacific Region, December 2023 | Privacy World