New York

New 2023 Legislative Proposals Could Reshape the Biometric Privacy Landscape

By Kyle Fath, Kristin Bryan, David Oberly & Caroline Dzeba on February 18, 2023

Posted in Biometric, Biometric data, Biometric Information Privacy Act (BIPA), Biometric Privacy Act, BIPA, BIPA, General, New York, Privacy, US

New Year, New Bills

As Privacy World reported, 2022 saw a plethora of class action litigation stemming from alleged non-compliance with the well-known Illinois Biometric Information Privacy Act (“BIPA”). At the same time, due to concerns about companies using biometrics in a safe and responsible manner, lawmakers from coast to coast also attempted (albeit…

Madison Square Garden’s Use of Facial Recognition Software to Create “Enemy Ban” For Adverse Attorneys Draws Scrutiny, Reflects Changing Uses of Biometric Software

By Kristin Bryan, Christina Lamoureux, David Oberly & Lauryn Durham on February 1, 2023

Posted in Biometric, Biometric data, Biometric Privacy Act, Cybersecurity, Data Privacy, General, New York, New York, Privacy, US, US

While Madison Square Garden might normally make headlines for musical artists or sporting events, the venue’s parent company, MSG Entertainment, has been in the spotlight following media and regulator attention regarding its use of facial recognition technology to ban certain individuals from its venues. Read on to learn more and its implications for other uses…

Xavier Balderas Cejudo, Unsplash

BREAKING: Former Uber CSO Convicted of Criminal Obstruction and Concealment of a Felony for 2016 Data Breach Cover Up

By Kristin Bryan & Sasha Kiosse on October 5, 2022

Posted in Attorney General, California, CCPA, Class Action, Cloud, Colorado, Compliance, Connecticut, Cyber Insurance, Cybersecurity, Cybersecurity, Data Breach, Data Breach, Data Privacy, Data Privacy, Florida, FTC, General, Illinois, Litigation, Massachusetts, New York, New York, Ohio, Oklahoma, Pennsylvania, Privacy Litigation, Privacy Litigation, Ransomware, SEC, Texas, US, Utah, Virgina, Washington, Wisconsin

After several days of deliberating, a jury today convicted Uber Technologies Inc.’s (“Uber’s”) former chief security officer (the “Former CSO”) of criminal obstruction and concealing the theft of personal data of fifty million Uber customers and seven million Uber drivers from the Federal Trade Commission (“FTC”).

Recall that back in 2016, two hackers stole data…

CPW Week in Review

By Kristin Bryan on September 19, 2022

Posted in AI, American Data Privacy and Protection Act (ADPPA), Arbitration, Article III, Artificial Intelligence, Biometric, BIPA, California, California Attorney General, California Invasion of Privacy Act, California Privacy Protection Agency, California Privacy Rights Act, California Privacy Rights Act (CPRA), Capture or Use of Biometric Identifier Act (CUBI), CCPA, Colorado, Colorado Privacy Act, Compliance, Connecticut, Connecticut Privacy Act (CTPA), Consumer Protection, Cyber Insurance, Cybersecurity, Cybersecurity, Data Breach, Data Breach, Data Privacy, Data Privacy, Delaware, Digital Advertising, Digital Markets, Digital Markets Act, Digital Technology, Discovery, DPO, DPPA, Events, FCC, FDCPA, Federal Communications Commission, Federal Question, Florida, FTC, GDPR, HIPAA, ICO, ICO, Idaho, Illinois, Injury in Fact, Litigation, Multidistrict Litigation, New York, Ohio, Privacy Litigation, Ransomware, SEC, Settlement, Standing, TCPA, Team News, Texas, UK, US, Utah Consumer Privacy Act (UCPA), Virginia Consumer Data Protection Act (VCDPA), Virtual Try-On (VTO), Washington, Webinar, Wisconsin, Women in Data

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CPW’s Shea Leitch and Kyle Dull to Speak at ACC South Florida’s 12th Annual CLE Conference

CPW’s David Oberly…

No Injury = No Article III Standing in Data Breach Class Action

By Amy Doolittle on August 5, 2022

Posted in Article III, Class Action, Data Breach, Litigation, New York, Standing

As we have discussed here at CPW, one of the biggest challenges facing a plaintiff in a data breach class action is to establish an injury from the alleged data breach. Earlier this week, in David De Midicis v. Ally Bank & Ally Fin., Inc., 2022 U.S. Dist. LEXIS 137337 (S.D.N.Y. Aug. 2, 2022), the …

New York Department of Financial Services Slaps Robinhood Crypto with $30 Million Fine for Cyber Compliance Failures

By Shea Leitch & Gicel Tomimbang on August 3, 2022

Posted in California, Colorado, Connecticut, Cybersecurity, Cybersecurity, Litigation, New York, Virgina

On August 1, the New York State Department of Financial Services (“NYDFS” or “DFS”) announced a Consent Order and $30 million fine against Robinhood Crypto, LLC (“RHC”), the wholly-owned cryptocurrency trading unit of the popular investing app by Robinhood Financial LLC. In the Order, NYDFS alleges RHC failed to comply with NYDFS rules pertaining to…

T-Mobile Agrees in MDL to Record Setting $350 Million Data Breach Settlement to Resolve CCPA and Other Privacy Claims

By Kristin Bryan on July 27, 2022

Posted in Article III, California, California Privacy Rights Act, Class Action, Class Certification, Colorado, Compliance, Connecticut, Consumer Protection, Cyber Insurance, Cybersecurity, Cybersecurity, Data Breach, Data Breach, Data Privacy, Data Privacy, Florida, General, Illinois, Injury in Fact, Litigation, Multidistrict Litigation, New York, Ohio, Oklahoma, Pennsylvania, Privacy Litigation, Privacy Litigation, Removal, Settlement, Standing, US, Utah, Virgina, Washington

In a record-setting proposed settlement filed last week, T-Mobile has agreed to pay $350 million and boost its data security by $150 million over the next two years to resolve multidistrict litigation brought by T-Mobile customers whose data was allegedly exposed in a 2021 data breach. Read on for the terms of the settlement, which may serve as a model in other high stakes data security cases going forward.

Recall that in August 2021, T-Mobile disclosed that it had been the victim of a cyberattack that resulted in the compromise of some current, former and prospective customers’ SSN, name, address, date of birth and driver’s license/ID information the “Data Event”). By T-Mobile’s account, no “customer financial information, credit card information, debit or other payment information” was exposed in the attack. Nevertheless, over 40 putative class action claims were filed seeking damages for the improper disclosure of Plaintiffs’ personal information. In December 2021, the Judicial Panel on Multidistrict Litigation transferred and centralized the putative class actions into the MDL standing before the Western District of Missouri.…

Continue Reading T-Mobile Agrees in MDL to Record Setting $350 Million Data Breach Settlement to Resolve CCPA and Other Privacy Claims

Carnival Cruise Line and 46 State Attorneys General Reach $6 Million Dollar Settlement Over 2019 Data Breach

By Kristin Bryan on July 27, 2022

Posted in California, Class Action, Colorado, Compliance, Connecticut, Cybersecurity, Data Breach, Data Privacy, Florida, Illinois, Litigation, New York, Ohio, Oklahoma, Pennsylvania, Privacy Litigation, Privacy Litigation, Settlement, US, Virgina, Washington

Special thanks to our Summer Associate, Nyet Abraha, for her work on this blog.

Carnival Cruise Line, one of the largest international cruise lines, has agreed to pay $6 million to resolve claims brought by state attorneys general in response to a 2019 data breach. In March 2020, Carnival reported a data breach that compromised…