The latest wrinkle in the ever-changing world of data privacy litigation is the recent surge in state wiretap claims. What began as a trickle over the summer of 2020 has grown into a clear wave as plaintiffs have filed dozens of lawsuits against prominent tech, eCommerce, entertainment, and retail companies under state wiretap laws.  These lawsuits seek statutory damages for the alleged interception of consumers’ electronic communications through the defendant’s use of various website analytic…

After a pandemic-related hiatus in 2020, a number of U.S. states have proposed new data privacy laws in 2021 – and several are very close to passage.  Virginia’s proposed data privacy law appears to be the closest and is likely to be signed into law by Governor Northam in the near future.  Washington and Florida’s legislatures also have privacy bills that are making their way through the legislative process, with a good likelihood of becoming…

The new year began with an unusual amount of activity related to the Health Insurance Portability and Accountability Act (HIPAA). Health care providers, health plans, health care clearinghouses, and business associates subject to HIPAA will need to consider three significant developments—one regulatory, one legislative, and one judicial—relating to the Privacy and Security Rules under HIPAA and the related Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH).…

In an opinion that deepens an existing circuit court split, the Eleventh Circuit recently held that the future risk of identity theft is not sufficient to establish Article III standing.…

On February 10, 2021, Phil Yannella, Chair of Ballard’s Privacy & Data Security Group, will join Ankura for a webinar, “2020 Cyber Year in Review”, which will recap cybersecurity events for 2020. Panel members will also offer their predictions for what cybersecurity issues will dominate headlines in 2021. You can register for the event here.…

On January 12, 2021, the federal District Court for the Central District of California dismissed a data breach law suit—including a claim filed under the California Consumer Privacy Act (“CCPA”)—against Marriott International, Inc.  The holding, which dismissed the claims for lack of standing, will likely play a role in a number of CCPA cases that have motions to dismiss pending. The case stems from a cybersecurity breach announced by Marriott on March 31, 2020, in…

The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System (“CM/ECF”) as a result of vulnerabilities associated with SolarWinds Orion products.  The AO noted that it is currently working with the Department of Homeland Security on an audit of security vulnerabilities that may pose a confidentiality risk for non-public documents stored on CM/ECF.  In…