National Cybersecurity Awareness Month (NCSAM) is coming to a close, but diligent cybersecurity efforts must continue. In honor of another successful NCSAM, below we have gathered some of our most popular cybersecurity content you can use as a quick reference for all of your cyber-related interests.

Welcome back to our three-part series providing an overview of CIPA, recent CIPA class actions, and class action defenses. In Part I we provided an overview of CIPA and its recent resurgence in the age of smart speakers.  In Part II we highlighted recent class actions alleging CIPA violations involving the use of smart speakers. Here, we address potential defenses in response to a motion to certify a CIPA class.

Defenses to a CIPA Class Action

These recent lawsuits are good reminders of the real privacy concerns with new developing technologies.  Below is an overview of practice pointers and lessons learned from CIPA lawsuits if you are named in CIPA litigation.
Continue Reading

Welcome back to our three-part series examining CIPA class actions and defenses. In Part I of this series, we provided an overview of CIPA and its recent resurgence in the age of smart speakers. Here, we review recent CIPA class actions and common violations.

CIPA Finds New Life in the Wake of the “Smart” Devices 

According to a recent report, over a quarter of the adult population in the United States owns a smart speaker.[1] As smart speakers gain popularity, privacy litigation risks continue to grow. Recently-filed complaints utilize CIPA to attack the practice of recording and storing communications between a customer and a smart device such as smart phones or smart speakers.[2]  In 2019 alone, we have seen a rise in the number of cases against major technology companies alleging CIPA violations related to smart devices.  Below is an overview of those recent cases.
Continue Reading

Welcome to a three-part series that provides an overview of the California Invasion of Privacy Act (CIPA), examines recent CIPA litigation involving smart speakers, and proposes defenses in response to an alleged violation.

CIPA in the Age of Smart Devices

The California Invasion of Privacy Act (CIPA)[1]—traditionally used by law enforcement and the plaintiffs’ bar to address illegal recording/eavesdropping on phone calls—has seen renewed interest in the age of smart speakers. Smart speakers, such as Amazon’s Alexa, Google Home and Apple’s Siri, are voice-enabled devices where the user utters a “wake word” to activate a “virtual assistant”.  A number of putative class actions have recently been filed over these “virtual assistants” and whether they illegally record individuals without their consent.  This recent spate of lawsuits highlights CIPA-compliance risks associated with these new technologies. This article provides an overview of CIPA’s history and features, addresses recently filed CIPA smart-device cases, and recommends defenses for responding to a smart device CIPA action.
Continue Reading

On April 12, an Oregon federal jury in Wakefield v. Visalus, Case No. 3:15-cv-01857-SI, handed down what may turn out to be the largest Telephone Consumer Protection Act (TCPA) class action verdict ever awarded.

Health supplement marketer ViSalus, a lifestyle products company, was charged with making more than 1.8 million autodialed calls in violation of the TCPA. The court certified a class of 800,000 members. Although the jury did not assess a monetary award, the court will award statutory penalties pursuant to the TCPA, which prescribes up to $500 per violation and $1500 per willful violation. The total penalty could reach almost $1 billion, and if the court finds willfulness, this award could conceivably be tripled.
Continue Reading

The Supreme Court’s decision in Spokeo, Inc. v. Robins continues to have an impact on class actions involving data privacy statutes. Most recently, a federal district court dismissed yet another class action involving claims under the Fair and Accurate Credit Transactions Act (FACTA) in Kirchein v. Pet Supermarket, Inc. for lack of subject matter jurisdiction

Consistent with a growing trend among courts nationwide, the D.C. Circuit Court unanimously held that a group of plaintiffs had cleared a “low bar” to establish constitutional standing for their claims in a data breach case against health insurer CareFirst by alleging potential future harm as a result of the breach. The plaintiffs alleged that

The impact from the recent Petya/NotPetya ransomware attack — or what was reported as a ransomware attack but now appears to be something even more damaging — continues to spread around the globe, with several new companies coming forward as victims, including a prominent law firm.

This attack acts as an unfortunate reminder that