Last week, the U.S. District Court for the Eastern District of Virginia ordered Capital One to produce a forensic investigation report in multidistrict litigation arising out of the cyber incident Capital One announced in July 2019. The court found that the report was not protected by the work product doctrine because Capital One had not shown that “but for” the litigation the report would not have been prepared in substantially the same form. The opinion offers some lessons for companies entering into arrangements with forensic experts in advance of cyber events.
Please join us on Thursday, February 27 for a webinar discussion with Hogan Lovells attorneys Michelle Kisloff, Michael Maddigan, Adam Cooke, and Vassi Iliadis about the CCPA’s litigation impact and strategies for defending your interests.
Join us on Thursday 19 September for the Hogan Lovells Privacy and Cybersecurity KnowledgeShare in London. We will share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection responsibilities within organisations. Our all-day event will cover a lot of ground through incisive quick-fire presentations, Q&A panels and hands-on workshops.
Please join the Hogan Lovells Privacy and Cybersecurity and Litigation teams on July 16th for our webinar, Cyberthreats in the Internet of Things. We will explore some techniques that can be used to exploit potential vulnerabilities in connected devices and how those types of events impact organizations from a regulatory and litigation perspective.
A U.S. court has recently ruled that an EU citizen’s privacy rights and the GDPR do not trump a U.S. litigant’s right to obtain discovery, including video-taped depositions. In d’Amico Dry d.a.c. v. Nikka Finance, Inc., CA 18-0284-KD-MU, Dkt. No. 140 (Adm. S.D. Ala. Oct. 19, 2018), a federal magistrate denied an EU citizen’s motion […]
Hogan Lovells hosted the most recent installment in its Internet of Things Webinar (IoT) Series. Christine Gateau in Paris and Michelle Kisloff in Washington DC, discussed current regulatory actions and cutting-edge IoT litigation debates in the U.S. and Europe, as well as litigation risks to keep in mind when designing IoT products. In this post, we provide a link to the recorded webinar and slide deck.
This post discusses litigation exposure that businesses collecting personal information about California consumers should consider in the wake of the California Legislature’s passage of the California Consumer Privacy Act of 2018 (CCPA). The CCPA creates a limited private right of action for suits arising out of data breaches. At the same time, it also precludes individuals from using it as a basis for a private right of action under any other statute. Both features of the law have potentially far-reaching implications and will garner the attention of an already relentless plaintiffs’ bar when it goes into effect January 1, 2020.
In May, a Florida state court dismissed a plaintiff’s claim that the terms of service for popular mobile game Pokémon GO violated Florida’s Deceptive and Unfair Trade Practices Act. The case illustrates how establishing injury continues to be a key hurdle for plaintiffs in litigation involving online services, and shows that a well-framed choice of law provision can help protect providers of online services.
In Bloomberg BNA’s Privacy and Security Law Report, Hogan Lovells attorneys Des Hogan, Michelle Kisloff, and Chris Wolf have published an article addressing the increased litigation and regulatory risks that companies must address in the evolving privacy and data security landscape. After summarizing recent developments involving class actions and regulatory activities, the article offers guidance on how companies can reduce their financial and reputational exposure.
A recent federal court opinion raises concerns that privacy cases alleging violations of a standard user license agreement may be susceptible to class certification. Last week, the U.S. District Court for the Northern District of Illinois certified a class in a consumer privacy lawsuit against comScore, Inc. Plaintiffs allege that comScore exceeded the scope of the […]
The Supreme Court has granted review in a case under the federal Driver’s Privacy Protection Act (DPPA) where plaintiffs’ lawyers used a state FOIA statute to obtain targets for solicitation to become plaintiffs in a case against car dealers for allegedly excessive fees. The case presents a conflict between the prohibition against obtaining drivers’ records for marketing and the statutory permission to use the records in connection with litigation.
E-mails to an attorney that clearly otherwise would have been privileged were found by the California Court of Appeal not to qualify as a “confidential communication between client and lawyer” because the employee used a company computer to send the e-mails
The Ninth Circuit Court of Appeals has rejected a third party beneficiary claim brought by a spam victim against a registrar of a domain site sending numerous unwanted e-mails.
The Ninth Circuit recently reversed and remanded a district court denial of class certification in a FACTA case, making it easier for class certification even where there was disproportionality between the potential liability and the actual harm suffered, where the potential damages were huge and where defendant engaged in good faith compliance.
A federal court in Hawaii is allowing a tort claim to proceed against a videogame maker for not warning a user that he could become addicted to the videogame and be a “joystick junkie”, notwithstanding the limitation of liability contained in the End User Licensing Agreement. This entry explores the implications of such a tort claim in the context of privacy notices and suggests a way to thwart such claims and at the same time better inform consumers.
A new decision from the French high labor court may provide some grounds for arguing that a party in France can review a French employee’s e-mails and electronically stored information to determine whether the data is relevant to a U.S. litigation.
Knowing what data a company holds is critical to privacy and data security risk management. It also is important as a matter of litigation preparedness. The judge who issued the series of seminal Zubulake opinions which essentially defined electronic document retention and discovery requirements nation-wide, calls for litigants not only to identify key data keepers but to identify key data very early in litigation. The new holdings, described in Hogan & Hartson’s Litigation Alert available in this blog entry, are likely to become as influential as the discovery-altering Zubulake decisions.
Vermont recently issued an ethics opinon on metadata which raises questions for lawyers receiving electronic productions.
Within four days of each other, courts in D.C. and New York issued opinions setting forth the standard necessary to compel the discovery of the identity of anonymous speakers in cases in which the plaintiffs alleged that the anonymous speech defamed them. While they considered identical issues, the courts came to different conclusions regarding the strength […]
On August 19, 2009, the French Official Journal published the French Data Protection Authority’s (‘CNIL’) long-awaited recommendations on the transfer of personal data for U.S. discovery purposes (‘Recommendations’, currently only available in French). The Recommendations were based at least in part on suggestions from a working group composed of representatives from all stakeholders, which was set up by the CNIL in 2008. The […]