Photo of Brian J. Willett

While the United States Supreme Court’s ruling in Spokeo v. Robins, 136 S. Ct. 1540 (2016), has garnered much attention after being cited by numerous courts as a means to dismiss data privacy class actions, defendants should never count out any potential avenues for exiting such a suit; in Pennsylvania (and in many other states following the same legal principle), the economic loss doctrine can also provide summary relief.  As demonstrated in Longenecker-Wells, et al. v. Benecard Services, Inc., et al., No. 15-3538, 2016 WL 4474701 (3d Cir. Aug. 25, 2016), even in data breach suits where actual harm exists and plaintiffs have standing, a quick dismissal is still possible.

The Benecard suit was initiated by former employees and customer members of Benecard Services Inc., which provides medical and vision supply services to public and private organizations.  Plaintiffs sued after unknown third parties breached Benecard’s computer system and accessed plaintiffs’ personal and confidential information.  The hackers then used that information to file fraudulent tax returns, which caused the IRS to issue tax refunds to the third parties rather than to the plaintiffs. 
Continue Reading Third Circuit Dismissal Affirmance Based on Economic Loss Doctrine Shows Spokeo Shouldn’t Be Your Only Data Breach Class Action Exit Strategy

In a case demonstrating the difficulties of applying long-established but arguably outdated legal principles to modern technology, the United States Court of Appeals for the Third Circuit last week reversed itself to permit a Philadelphia firefighter’s defamation and false light claims to go forward, based on the inclusion of his photograph in an online article describing a sex scandal. The court concluded upon considering the firefighter’s arguments for the second time that, in the context of an online article accompanied by pictures, specifically naming and showing an individual was sufficient to establish that an article was “of or concerning” that individual for purposes of a defamation or false light claim.  However, the Third Circuit affirmed its prior dismissal of the plaintiff’s intentional infliction of emotional distress claim, finding that being implicated in a sex scandal did not rise to the level of being “extreme or outrageous.”

Central to the claims in the case was an article published on the New York Daily News website describing a sex scandal in which “dozens of firefighters were accused of scandalous behavior.”  The text of the article appeared on the right column, while the left column contained two pictures readers could toggle between; one was a silhouette of an unnamed firefighter, while the other was of plaintiff and stated, “Philadelphia firefighter Francis Cheney holds a flag at a 9/11 ceremony in 2006.”  This was the only reference to a specific firefighter in that article and on the following day, the Daily News published an additional article regarding the scandal but did not include the Cheney photograph.
Continue Reading Third Circuit Finds Photo Placement Sufficient to Permit Defamation, False Light Claims to Go Forward in Suit Alleging Harm from Firefighter Sex Scandal Story

In an instructive opinion on how intangible harms can cause injuries sufficient to confer standing on plaintiffs—and a rare example of the U.S. Supreme Court’s latest ruling on standing aiding plaintiffs—a West Virginia federal court ruled June 30 that computer-dialed telemarketing calls caused concrete, particularized privacy invasions such that plaintiff’s Telephone Consumer Protection Act (“TCPA”) putative class action claim could move forward.

The ruling in Mey v. Got Warranty, Inc., et al., No. 5:15-cv-00101 (N.D. W.Va. June 30, 2016) provides a contrast to the growing number of dismissals issued by courts across the country finding that, after the U.S. Supreme Court’s opinion in Spokeo v. Robins, 136 S. Ct. 1540 (2016), plaintiffs in various cases failed to allege concrete, particularized injuries sufficient for Article III standing.1   Because of this, it may provide guidance for plaintiffs—particularly in the area of technology-related statutes and data breaches, where standing is often an issue—on how to avoid summary dismissal of their claims.  Given the court’s detailed opinion, the import of the holding may extend well beyond the context of the case, in which plaintiff alleged she received numerous robocalls in violation of TCPA provisions barring autodialed, prerecorded messages and calls to those on the National Do Not Call Registry.Continue Reading Federal Court Finds Intangible Harm Caused by Robocalls Sufficient for Post-Spokeo Standing in TCPA Claim Alleging Privacy Invasion

In a sign of the continuing significance of the U.S. Supreme Court’s recent ruling in Spokeo v. Robins, 136 S. Ct. 1540 (May 24, 2016), another federal court has cited that ruling in dismissing claims for lack of Article III standing. In Gubula v. Time Warner Cable, Inc., No. 15-cv-1078 (E.D. Wis. June

In an encouraging development for data breach defendants, the Superior Court of Pennsylvania recently affirmed a trial court decision rejecting class certification in a suit filed against two Medicare programs for losing a flash drive containing personal information of 286,000 subscribers. The appellate court found that since the Philadelphia Court of Common Pleas “carefully considered the numerosity, typicality, adequacy of representation, and fair and efficient method of adjudication requirements for class certification,” it had not abused its discretion by denying class certification in March 2015.  More broadly, the decision (Baum v. Keystone Mercy Health Plan, et al., No. 1250 EDA 2015 (Pa. Super. April 26, 2016)) indicates a resistance to permitting class claims to move forward where members have not suffered an ascertainable loss and where individual issues predominate, which may be the case in many data breach suits.
Continue Reading Superior Court of Pennsylvania Denies Data Breach Class Certification

In a decision that underscores the importance of carefully considering company computer-use policies and permissions, the United States District Court for the Middle District of Florida held last month that a company could not maintain a Computer Fraud and Abuse Act (“CFAA”) claim against a former employee because the company had given the employee “unfettered

In a favorable decision for defendants in data breach litigation, the Pennsylvania Court of Common Pleas of Allegheny County held that the economic loss doctrine prevented the negligence claim of a group of former and current UPMC employees from going forward in their suit arising out of the theft of information from UPMC’s computer systems.