Photo of Mark S. Melodia

A panel of the Seventh Circuit Court of Appeals (Wood, C.J., Kanne, J. and Tinder, J.) has reversed the dismissal of a data security breach class action lawsuit against luxury department store Neiman Marcus.

This lawsuit stemmed from a hacking incident in which “350,000 cards were potentially exposed; and 9,200 of those 350,000 cards were known to have been used fraudulently.” The company provided notices to consumers and a year of free credit monitoring. A number of class action lawsuits were brought by consumers, consolidated into the lawsuit Hilary Remijas v. Neiman Marcus Group, LLC. “The plaintiffs point to several kinds of injury they have suffered: 1) lost time and money resolving the fraudulent charges, 2) lost time and money protecting themselves against future identity theft, 3) the financial loss of buying items at Neiman Marcus that they would not have purchased had they known of the store’s careless approach to cybersecurity, and 4) lost control over the value of their personal information.”

The trial court dismissed the case for lack of Article III standing under Rule 12(b)(1) and declined to rule on defendant’s Rule 12(b)(6) argument. The Seventh Circuit found that at least some of plaintiffs’ alleged injuries passed Constitutional muster, even under the standards set forth in cases like Clapper v. Amnesty International USA.
Continue Reading Seventh Circuit Revives Data Security Breach Class Action Against Neiman Marcus: Finds Article III Standing In Class Expenses “Resolving Fraudulent Charges and Protecting…Against Future Identity Theft.”

An artist photographed his neighbors through their windows, allegedly without their knowledge.  When the neighbors sued, a New York state court dismissed the case for failure to state a claim.  Now the New York Supreme Court, Appellate Division has affirmed that ruling.  Martha G. Foster, et al. v. Arne Svenson, index number 651826/13, in

The Federal Aviation Administration (FAA) has long been studying the promise and perils of small unmanned aircraft systems (“UAS”), a.k.a. drones. The commercial potential of UAS technology is clear. Businesses are eager to use UAS to do everything from covering traffic accidents to taking real estate and wedding photos to delivering small parcels. However, the

On February 11, Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) announced that they would introduce legislation intended to address the data privacy and security vulnerabilities with Internet-connected cars. The legislation, if passed, would require manufacturers to adhere to a number of security and privacy standards, including the following:

  • Requirement that all wireless access points

Last week, New York Attorney General Eric Schneiderman announced that he would propose a new data security law in his state that would require companies to take increased safeguards for the protection of personal information. The bill, if passed, would broaden the scope of information that companies would be responsible for protecting, and would require

During recent terms, the U.S. Supreme Court has repeatedly embraced mandatory arbitration and class action waivers contained in a wide variety of consumer contracts.  The Court has sided with corporate defendants and elevated the requirements of the Federal Arbitration Act above other legal and policy interests advanced by would-be class representatives and their class action

On 31 July, the chief judge of the Southern District of New York delivered the latest in a series of controversial judgments stemming from a test case brought by Microsoft in an extra-territorial warrant issued under the U.S. Stored Communications Act. In the third ruling on the matter, the court found in favour of the

The British Columbia Supreme Court recently certified a class action against Facebook in connection with its Sponsored Stories program.  Under that program, advertisers paid Facebook for Sponsored Stories, which would in turn generate ads featuring a user’s name and profile picture based on which products and companies the user “liked.”  We previously analyzed a California

In the week commencing 12 May, members of the Global Privacy Enforcement Network (GPEN) will conduct an online privacy sweep, focusing on the transparency with which mobile apps collect personal data.

GPEN is an informal network of 27 Data Protection Authorities (“DPAs”) that was established in 2007. Its members include the UK’s ICO, France’s CNIL,

Last week, the Northern District of California denied a motion for class certification in a multidistrict litigation brought against Google over its alleged practice of scanning Gmail messages in order to serve content-based advertising. In re: Google Inc. Gmail Litigation, 5:13-md-02430 (N.D. Cal.). In sum, the court found that questions relating to whether class