Privacy & Security

This is the latest opinion in the ongoing litigation arising out of a massive data breach suffered by Hannaford Bros. grocery stores. In re Hannaford Bros. Privacy Litigation, __F. Supp. 2d __, Case No. 2:08-MD-1954-DBH, 2013 WL 1182733 (D. Me. Mar. 20, 2013).

On April 3, 2013, the New York Times published an article about commercial databases that contain reports from retail employers about employees who were accused of stealing from their workplaces.

The U.S. Supreme Court unanimously ruled in Standard Fire Insurance Co. v. Knowles, 568 U.S. __, No. 11-1450, 2013 WL 1104735 (Mar. 19, 2013), that plaintiffs attempting to bring a class action lawsuit cannot escape federal jurisdiction by agreeing to seek less than $5 million in damages.

The Supreme Judicial Court of Massachusetts recently held that collecting a consumer's ZIP code at the point of sale may violate Massachusetts General Laws Chapter 93, Section 105(a) (Section 105(a)), which restricts the ability of retailers to collect personal identification information (PII) from consumers in connection with a credit card transaction.

A federal judge in the Northern District of California recently added to the growing list of cases rejecting attempts to recover damages resulting from data breaches.  In In re LinkedIn User Privacy Litigation, Case no. 5:12-CV-03088 EJD (March 6, 2013), the court dismissed a lawsuit brought by LinkedIn users who were upset over the June 2012 posting of 6.5 million stolen LinkedIn user passwords.

The California Supreme Court recently issued a landmark ruling in Apple Inc. v. Superior Court (formerly Krescent v. Apple Inc. in trial court proceedings), a case with wide-reaching implications for consumer privacy in e-commerce. The issue before the Court was whether California’s Song-Beverly Credit Card Act (the Act), which generally prohibits retailers from collecting or requesting personal identification information (PII) as a condition of accepting credit card payments, should apply to online retailers.