Category: Privacy & Information Security

1
Eighth Circuit Requires Further Review of Data Breach Settlement Involving Class Members Who Have No Loss
2
Court Rejects TCPA Claims Based on Theory of Third-Party Liability
3
TRUMP’S CAMPAIGN TO GO IT ALONE ON FIRST AMENDMENT CHALLENGE TO THE TCPA
4
As Campaign Draws to a Close, Trump’s First Amendment Challenge to the TCPA Continues On
5
FinCEN Looks to Financial Institutions to File SARs Regarding Cyber-Events
6
Cracking the Code: Cybersecurity for Tomorrow
7
Hold On, You Didn’t Overpay for That: Courts Address New “Overpayment” Theory from Plaintiffs in Data Breach Cases
8
Bank of England Launches FinTech Accelerator
9
Heard at the 2016 SIFMA Conference
10
Treasury Department Issues Cybersecurity Checklist for Financial Institutions: What Might Apply to Your Financial Services Company?

Eighth Circuit Requires Further Review of Data Breach Settlement Involving Class Members Who Have No Loss

By Andrew C. Glass, Matthew N. Lowe, and Brandon R. Dillman

In a decision that could affect the resolution of future data breach class actions, the Eighth Circuit recently set aside the settlement in the Target Corp. data breach litigation. See In re Target Corp. Customer Data Security Breach Litig., No. 15-3909, — F.3d —, 2017 WL 429261 (8th Cir. Feb. 1, 2017). The litigation arose from claims that in 2013, hackers compromised credit and debit card data of up to 110 million Target customers. The parties ultimately agreed to a settle on a class basis. According to the settlement agreement, Target agreed to establish a $10 million settlement fund, which would be allocated first to class members with documented losses and then to members with asserted, but undocumented, losses. Members who had “suffered no loss from the security breach [would] receive nothing from the settlement fund,” but would still be “bound under the settlement to release Target from liability for any claims” that may someday arise in the future. Id. at *1.

Read More

Court Rejects TCPA Claims Based on Theory of Third-Party Liability

By Andrew C. Glass, Gregory N. Blase, Roger L. Smerage, and Matthew T. Houston

The U.S. District Court for the Northern District of West Virginia recently granted summary judgment for the defendant alarm manufacturers in In re Monitronics International, Inc. Telephone Consumer Protection Act Litigation (“Monitronics”). In doing so, the Monitronics court rejected Telephone Consumer Protection Act (“TCPA”) claims based on alleged liability for acts of vendors, distributors, or other third parties. The court also expressly overruled its own earlier, contrary opinion rendered in Mey v. Monitronics International, Inc., which matter was consolidated into Monitronics as part of a multidistrict litigation (“MDL”). Thus, the court joined a growing number of jurisdictions that have questioned the ability of plaintiffs to prove vicarious liability in connection with TCPA claims.

To read the full alert, click here.

TRUMP’S CAMPAIGN TO GO IT ALONE ON FIRST AMENDMENT CHALLENGE TO THE TCPA

By Andrew C. Glass, Gregory N. Blase, Christopher J. Valente, and Michael R. Creta

On Monday, the U.S. Department of Justice (“DOJ”) declined to intervene in Thorne v. Donald J. Trump for President, Inc., 1:16-cv-04603 (N.D. Ill.). As previously discussed here, a class of plaintiffs sued President-Elect Trump’s campaign alleging violations of the Telephone Consumer Protection Act (“TCPA”) in connection with text messages sent during the campaign. In seeking dismissal of the suit, the campaign argued that the TCPA does not pass muster under the First Amendment. Specifically, the campaign asserted that Congress’s November 2015 exemption of calls relating to government debt constitutes “preferential treatment” and qualifies as a “blatant and egregious form of content discrimination.”

The DOJ did not provide a reason for declining to intervene, and the campaign is now faced with the prospect of going it alone in its First Amendment challenge to the TCPA.

As Campaign Draws to a Close, Trump’s First Amendment Challenge to the TCPA Continues On

By Andrew C. Glass, Gregory N. Blase, Christopher J. Valente, and Michael R. Creta

Donald Trump’s presidential campaign recently moved to dismiss a Telephone Consumer Protection Act (“TCPA”) claim on First Amendment grounds. Thorne v. Donald J. Trump for President, Inc., 1:16-cv-04603 (N.D. Ill.). The class-action complaint alleged that the campaign violated the TCPA by sending text messages without permission. In response, the campaign argued that the TCPA’s prohibition on the use of automatic telephone dialing systems (“ATDS”) for calls or text messages placed to cellular telephones, 47 U.S. Code § 227(b)(1)(A)(iii) (the “cell phone ban”), improperly regulates speech on the basis of content. Specifically, the campaign asserted that the ban cannot withstand strict scrutiny because it does not “further[] a compelling interest” and is not “narrowly tailored to achieve that interest.” Arizona Free Enterprise Club’s Freedom Club PAC v. Bennett, 564 U.S. 721, 734 (2011).

Read More

FinCEN Looks to Financial Institutions to File SARs Regarding Cyber-Events

By Mark A. Rush, Stanley V. Ragalevsky, Rebecca H. Laird, and Samuel P. Reger

On October 25, 2016, the Financial Crimes Enforcement Network (“FinCEN”) issued an advisory (the “Advisory”) explaining the obligations a “financial institution” might have under the Bank Secrecy Act (“BSA”) regarding “cyber-events and cyber-enabled crime.” The Advisory states that even if an actual financial transaction did not take place as result of a cyber-event, a financial institution may still be required to file a Suspicious Activity Report (“SAR”) in certain circumstances. Because of this, a covered financial institution should reconsider its obligations under the BSA after a cyber-event.

To read the full alert, click here.

Cracking the Code: Cybersecurity for Tomorrow

Please join K&L Gates and Carnegie Mellon University for a complimentary one-day program focusing on the prevention of, response to and investigation of cyber threats.

Date/time: Thursday, November 10, 8:00 am – 5:15 pm

Location: This event will be presented live at K&L Gates Pittsburgh and video broadcast to K&L Gates offices in Boston, Charleston, Charlotte, Harrisburg, Newark, New York, Raleigh, Research Triangle Park, and Washington, D.C.

Click here for more information and registration details.

Hold On, You Didn’t Overpay for That: Courts Address New “Overpayment” Theory from Plaintiffs in Data Breach Cases

By Andrew C. Glass, David D. Christensen and Matthew N. Lowe

With the ever-increasing amount of personal information stored online, it is unsurprising that data breach litigation has become increasingly common. A critical issue in nearly all data breach litigation is whether a plaintiff has standing to pursue claims—especially where there is no evidence of actual fraud or identity theft resulting from the purported data breach. The plaintiffs’ bar has pursued a litany of legal theories in the attempt to clear the standing hurdle, including the recent theory of “overpayment” (a/k/a “benefit of the bargain” theory). Under this theory, the plaintiff alleges that the price for the purchased product or service—whether sneakers, restaurant meals, or health insurance—included some indeterminate amount allocated to data security. Depending on how the theory is framed, the purported “injury” is either that the plaintiff “overpaid” for the product or service, or that the plaintiff did not receive the “benefit of the bargain,” because the defendant did not appropriately use the indeterminate amount to provide adequate data security. Despite plaintiffs’ attempts to establish standing through this novel theory, courts have limited its applicability in a variety of ways discussed in this alert.

To read the full alert, click here.

Bank of England Launches FinTech Accelerator

By Jonathan Lawrence

On 17 June 2016 the Governor of the Bank of England announced that the Bank is launching a FinTech Accelerator to work in partnership with FinTech firms to harness innovations for its own requirements as a central bank. In return, it will offer firms the chance to demonstrate their solutions for issues facing policymakers. The Accelerator will deploy innovative technologies on issues that matter to the Bank’s mission and operations. The Accelerator will appoint FinTech firms to run short Proof of Concept (POC) projects in a number of priority areas.

Read More

Heard at the 2016 SIFMA Conference

By Stephen G. Topetzes, Jon Eisenberg, Stavroula E. Lambrakopoulos, Shanda N. Hastings, Erin Ardale Koeppel, Nicole A. Baker, Andrew Edwin Porter and Ted Kornobis

Recently, attorneys from K&L Gates’ Government Enforcement practice group attended the Securities Industry and Financial Markets Association’s (“SIFMA”) Compliance and Legal Society Annual Seminar. We wanted to share with you a summary of the highlights of what we “heard at the SIFMA conference” from various regulators about key enforcement issues.

To read the full alert, click here.

Treasury Department Issues Cybersecurity Checklist for Financial Institutions: What Might Apply to Your Financial Services Company?

By: Mark A. RushThomas C. RyanJoseph A. ValentiSamuel P. Reger

On November 17, 2015, Deputy Treasury Secretary Sarah Bloom Raskin devoted her remarks at the Clearing House Annual Conference to financial sector cybersecurity. She concluded with a list of recommendations for handling cybersecurity at financial institutions. In light of them, prudent in-house counsel, compliance officers, and security personnel may want to review their company’s cybersecurity plan to determine which of the deputy secretary’s recommendations are applicable. This Alert recounts Deputy Secretary Raskin’s “to-do list” and provides step-by-step suggestions regarding cybersecurity response plans in light of it.

To read the full alert, click here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.