Mooting Class Actions by Offer of Judgment – Episode 2: The Ninth Circuit Strikes Back

In Campbell-Ewald v. Gomez, 136 S. Ct. 663 (Jan. 20, 2016), the Supreme Court resolved a split among courts and held that an unaccepted settlement offer of complete individual relief does not moot the plaintiff’s lawsuit.  However, the Court expressly left open the question of “whether the result would be different if a defendant deposits the full amount of the plaintiff’s individual claim in an account payable to the plaintiff, and then the court enters judgment for the plaintiff in that amount.”  136 S. Ct. at 672.  Continue Reading

Back at it Again (with the Standing Opinions): Seventh Circuit Reiterates Article III Standing in Data Breach Class Actions

On July 20, 2015, the Seventh Circuit issued its opinion in Remijas v. Neiman Marcus Group, 794 F. 3d 688 (7th Circ. 2015), which immediately became the low-water mark for Article III standing in data breach cases.  In short, Remijas became the first Circuit decision to expressly and expansively recognize that risk of future injury and time and money spent protecting against identity theft as a result of a data breach were sufficient to confer Article III standing.

Continue Reading

Mooting Plaintiff’s Class Action Even After Plaintiff Refuses An Offer Of Judgment

For years, litigants have battled over whether a defendant’s offer of judgment, which completely satisfies the plaintiff’s individual claim, can moot a class action. In Campbell-Ewald v. Gomez, 136 S. Ct. 663 (2016), the U.S. Supreme Court recently held that no case is mooted when a plaintiff refuses to accept an offer of judgment.  The Supreme Court, however, left open the question of what happens when a defendant follows through with its offer by tendering complete individual relief, depositing the monetary relief with the court, and moving for entry of judgment. Continue Reading

Be Alert: Ransomware Attacks on the Rise

Big name companies, government agencies and individuals are all falling victim to “ransomware” attacks in record and still-rising numbers. Recently, Hollywood Presbyterian Hospital’s communications capabilities were disabled for 10 days before the hospital paid a ransom of 40 bitcoins – about $17,000 – and regained access to its system. And this week Medstar Health, a system of ten major hospitals in the Washington, DC area, reportedly suffered a similar attack. All this activity has led experts to label 2016 as “the year of ransomware.”  And this new form of cyberattack requires a different approach to cybersecurity and incident recovery than your data breach prevention plan. Continue Reading

EU-US Privacy Shield: Brace Yourself . . . or Maybe Not

On February 29, 2016, the European Commission and United States released the terms of the much-anticipated renewed framework for the transfer, sharing, and processing of European individuals’ data to the United States. The framework replaces the “Safe Harbour” mechanism, which enabled U.S. companies to transfer data from the EU to the United States by self-certifying that their practices ensured an adequate level of protection for personal data under the EU Data Protection Directive. In October, the “Safe Harbour” framework was declared invalid by the European Court of Justice in the Schrems decision covered earlier in this blog. Continue Reading

To Share or Not to Share (with the Government)? That is the Question: DHS Announces Interim Guidelines for Sharing Cyber Threat Indicators

On February 16, 2016, Secretary of Homeland Security Jeh Johnson announced interim guidelines and procedures for sharing cyber threat indicators under the Cybersecurity Information Sharing Act of 2015 (“CISA”). Because the guidelines are voluntary, the next question is, Should your company share information with the Government? Continue Reading

EU-US Privacy Shield: Still Awaiting Certainty

The European Perspective

Privacy activists across Europe raised their data protection banner following the announcement by EU Commissioner for Justice, Consumers and Gender Equality Věra Jourová on Tuesday 2 February 2016 that a political agreement had been reached between the EU and the US on a new framework for handling transatlantic data flows. This does not bode well, especially because the exact content of the new agreement which will replace the “Safe Harbour” mechanism is still unknown. We will expand on the indications provided by the Commissioner on some of the negotiated protection mechanisms. More importantly, we will highlight the risks that over 4.000 companies, mainly US tech companies, still face and the measures they should put in place to ensure compliance with EU data protection rules. Continue Reading

Tag, You’re It: Biometric Information Privacy Act Class Action Against Shutterfly Moves Past 12(b)(6)

Over the last six months, at least four putative class actions have been filed under the Biometric Information Privacy Act (“BIPA”)—an obscure Illinois statute passed about seven years ago to regulate the collection and use of consumers’ biometric information.  In relevant part, the BIPA requires entities in possession of biometric information (i.e., retina scans, fingerprints, voiceprints, etc.) to retain a specific written policy governing data retention and to collect written consent from consumers before collecting biometric information. Continue Reading

Not Taking “Yes” For An Answer: U.S. Supreme Court Rules That Unaccepted Offer Of Complete Individual Relief Does Not Moot Plaintiff’s Individual Or Class Action Claim

On January 20, 2016, in a highly anticipated decision (see October 27, 2015 blog) that will have implications for class action practice nationwide, the U.S. Supreme Court ruled that an unaccepted offer of judgment sufficient to completely satisfy an individual claim does not moot that claim or any class claim. The Supreme Court’s decision partially resolves a vigorously contested question of constitutional law that has been the subject of great dispute among federal Courts of Appeals for the last decade—whether a Rule 68 offer of judgment for complete relief deprives a court of Article III jurisdiction to hear only a “case or controversy.”  In a 6-3 decision, the Supreme Court held that a live case and controversy still exists when a plaintiff refuses to accept an offer of judgment.  In so holding, however, the Supreme Court suggested that it might reach a different decision if a defendant deposits funds sufficient to satisfy the plaintiff’s individual claims, and then obtains a judgment from the trial court in this amount.        Continue Reading

Government Forces Awaken: The Rise of Cyber Regulators in 2016

As the sun sets on 2015, but before it rises again in the New Year, we predict that, in the realm of cyber and data security, 2016 will become known as the “Rise of the Regulators.” Regulators across numerous industries and virtually all levels of government will be brandishing their cyber enforcement and regulatory badges and announcing: “We’re from the Government and we’re here to help.” Continue Reading

LexBlog