Internet Privacy Class Actions

In today’s cyberworld, operating in online and social media can put companies in a special class. Unfortunately, that class could mean a class action lawsuit. Websites and social media provide search engines, website operators, and advertisers powerful ways to obtain and monetize data about users. Jimmy Nguyen explores how this power has triggered public and governmental concern about consumers’ online privacy, even leading to a Wall Street Journal investigative report in August 2010 and a wave of class action lawsuits. To read more, click here.

So When Did Protecting Privacy Become Unconstitutional?

Posted by Thomas Jeffry

The clash between privacy advocates and those companies who make millions of dollars collecting and selling data about pharmaceutical prescription patterns was perhaps inevitable. When the State of New Hampshire passed the Prescription Confidentiality Act last year, leading health information brokers were quick to challenge the law which prohibited prescription information records which contain identifiable data about a patient or prescriber from being transferred, licensed, sold, or used for most commercial purposes. The Act specifically precluded the use of prescriber-identifiable data for "physician detailing" used by pharmaceutical companies to track the prescribing-habits of physicians in order to target individual sales pitches to such physicians.

Continue Reading...

California's Constitutional Right to Privacy is Limited by Statutory Litigation Privilege

By Rory Eastburg

On April 5, 2007, a unanimous state Supreme Court ruled that California’s litigation privilege extends to claims based on the state’s constitutional right to privacy.  While conceding that the statutory privilege would have to yield to the constitutional privacy right if the two conflicted, the court concluded that “the statutory and constitutional provisions are not in conflict; they can and do coexist.”

Continue Reading...

Red Hook: Not Just a Micro-Brewery in the Pacific Northwest Any Longer

Posted by Kaustuv M. Das

On Tuesday, Oct. 3, 2006, the Electronic Freedom Foundation’s FLAG project filed a Freedom of Information Act (FOIA) action Freedom of Information Act (FOIA) action, in the United States District Court for the District of Columbia, seeking release of information from the FBI on its DCS-3000 and Red Hook tools. DCS-3000 and Red Hook appear to be successors to the FBI’s less politically correctly named Carnivore program, which the agency began in 2000.

According to the DOJ’s Office of Inspector General’s (OIG) report entitled “The Implementation of the Communications Assistance of Law Enforcement Act” (the CALEA report), the FBI has spent nearly $10 million to develop DCS-3000. “The FBI developed the system as an interim solution to intercept personal communications services delivered via emerging digital technologies used by wireless carriers in advance of any CALEA solutions being deployed. Law enforcement continues to utilize this technology as carriers continue to introduce new features and services.” (CALEA report, Appendix VIII.) The CALEA report also discloses that “[t]he FBI has spent over $1.5 million to develop [the Red Hook] system to collect voice and data calls and then process and display the intercepted information in the absence of a CALEA solution.” Id.

Continue Reading...

Decisions, Decisions: NSA Letters and Apple Blogger Cases Decided

Posted by Bruce Johnson

Last week saw two very important privacy opinions, from opposite sides of the country.

First, on May 23, 2006, the Second Circuit dismissed (without reaching the merits) two appeals involving so-called "National Security Letters" -- unilateral notices from the United States Government demanding certain information from internet service providers, librarians, and others and commanding the recipient not to communicate the fact of the NSL to "any person" -- in Doe v. Gonzales, because of the effect of recent amendments to the USA Patriot Act. (The changes specified that an NSL may now be reviewed by a court and explicitly allowed those who receive the letters to inform their lawyers about them -- and, so, the cases were sent back to the trial courts for further proceedings.)

Continue Reading...

The Risks of Using Service Providers to Store Confidential Information

Posted by Kraig Baker

Declan McCullagh reports that the FTC issued a subpoena to Google for all contents of a user's Gmail account, including deleted e-mails. The subpoena relates to a fraud claim. As more and more small businesses and independent contractors choose to use Google products to save money and to facilitate portability, few of them are thinking about the privacy and security implications of turning over control of these materials to Google -- who may have markedly different interests when responding to the government or a party in litigation. It seems inevitable that we will continue to see subpoenas for not only search results and web-surfing results -- issues where the user is using a third party provider to facilitate the use and, therefore, seems potentially public -- but also for e-mail and stored files which feel different in kind to most people and, therefore, for which users will have a higher expectation of privacy.

NH Court: Right of Access Trumps Personal Privacy

Posted by Brian Bennett

The New Hampshire Supreme Court recently held that financial information a person discloses in divorce cases is not subject to privacy law protection. The court held that there is a constitutional right of access to court records including financial affidavits filed in domestic relations cases, and that this public right arises from "the need to maintain the integrity and accountability of the judiciary."

Continue Reading...

Merchant Bank May be Liable for Costs to Replace Hacked Visa Cards

Posted by Randy Gainer

The United States District Court for the Middle District of Pennsylvania ruled on October 18, 2005, that the bank that processed credit and debit card transactions for BJ's Wholesale Club, Inc. may be liable for the costs that a credit union incurred to replace compromised cards. The ruling came in a lawsuit filed by the Pennsylvania State Employees Credit Union against Fifth Third Bank and BJ's after data thieves hacked into BJ's computers and downloaded credit and debit card data that BJs obtained when it processed card used at its stores. The thieves used the stolen data to create fraudulent cards and used the cards to make purchases. The credit union replaced the cards after cardholders and Visa notified the credit union of the fraudulent charges. The credit union spent about $100,000 to replace more than 20,000 cards.

Continue Reading...

Seventh Circuit Breaks with Other Appeals Courts to Find Federal Jurisdiction for Consumer Junk Fax Suits

Posted by Ronald London

The U.S. Court of Appeals for the Seventh Circuit, which sits in Chicago and encompasses Illinois, Indiana and Wisconsin, recently issued a decision in Brill v. Countrywide Home Loans, Inc., No. 05-8024, holding that federal courts may hear lawsuits arising out of consumer claims for redress under the Telephone Consumer Protection Act ("TCPA"), which regulates unsolicited commercial faxes and phone calls. The Seventh Circuit breaks with six other federal courts of appeal that have held jurisdiction over such consumer claims lies exclusively in state court and cannot be lodged in or removed to federal court. The Seventh Circuit decision is significant in that it creates the kind of "split" among circuits that often forms the basis for the Supreme Court to exercise discretionary review, and because it is the first federal appeals court TCPA decision that post-dates the Class Action Fairness Act of 2005.

Continue Reading...

California Court Orders Discovery To Determine Whether Visa and MasterCard Fall Under California's Data Breach Notification Statute

Posted by Min Lee

San Francisco Superior Court Judge Richard Kramer has ordered Visa and MasterCard to disclose the nature of their relationship with CardSystems, the payment processor whose computer systems were breached sometime between August 2004 and May of this year, exposing about 40 million credit and debit accounts to potential abuse. The Judge explained that the information would clarify whether the two credit card companies are subject to the individual notification requirements of California's data breach statute, California Civil Code ㋔ 1798.82, which obligates "[a]ny person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, [to] disclose any breach of the security of the system following discovery ... to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person." Cal. Civ. Code ㋔ 1798.82(a).

Continue Reading...

California Court Rules that Personal Notification Not Required in CardSystems Data Breach Case

Posted by K.M. Das

In one of the first tests of the notice provisions of California's data breach statute — Senate Bill 1386 (codified at California Civil Code § 1798.82) — San Francisco Superior Court Judge Richard Kramer ruled that Visa and MasterCard do not have to send individual notices to thousands of their customers in California based on the CardSystems data breach that occurred between August 2004 and May of this year.

Continue Reading...

Wireless Provider Sues Telemarketing Firms

What can a wireless provider do to stop telemarketers from illegally soliciting their customers? By bringing suit against the telemarking firms for an injunction and monetary damages in the Superior Court in Sacramento, CA and the Superior Court in Somerville, NJ, Verizon Wireless claims that it is "standing up once again for customer privacy rights".

Continue Reading...

Divided Fourth Circuit Upholds FTC Do-Not-Call Rules for Telefunders

Last Friday, the United States Court of Appeals for the Fourth Circuit in Richmond, Va., issued a split 2-1 decision in National Federation of the Blind v. FTC that affirmed a Maryland federal court decision upholding the Federal Trade Commission's rules applicable to calls by for-hire telemarketers on behalf of non-profit entities. The National Federation of the Blind and Special Olympics of Maryland had challenged the rules on constitutional and other grounds, including that they violate the First Amendment and exceed the FTC's statutory authority.

Continue Reading...

Wifi Hijacking Conviction

In the first case of its kind in the UK, a man has been prosecuted for hijacking a wireless broadband connection and has been fined 500 pounds and sentenced to twelve months's conditional discharge. While there have been several convictions for theft of credit card information over wireless networks, this case involved the theft of wifi signals for something as pedestrian as browsing the Internet. Considering the fact that in the United States there are millions of wifi users and that it is relatively easy to use a neighbor's signal even for users who have virtually no technical expertise, it may only be a matter of time before a litany of cases like this appear in U.S. courts.

Posted by Steve Chung

Court Upholds Use of Spam-Blocking Software

Yesterday, August 2nd, the U.S. Court of Appeals for the Fifth Circuit issued a decision in the case of White Buffalo Ventures, Inc. v. University of Texas at Austin, holding that the University of Texas didn't violate the constitutional rights of an online dating service when it applied UT's general anti-solicitation policy and blocked thousands of unsolicited emails.

Continue Reading...

Damages Still Required for Data Breach Litigation

With the continuing escalation of data breaches, many believe that private litigation in this area will explode over the coming months. In a recent decision in New York, however, a federal judge ruled that JetBlue Airlines passengers will not be able to recover based on the Airlines' unauthorized disclosure of passenger data to companies working on a federally-funded study of aviation security. The court held that, even though JetBlue violated its own privacy policy, passengers would still be required to show that they suffered harm as a result of the breach . . . and in this case they could not, the court concluded.

Posted by Merrill Baumann