On February 4, 2021, the Eleventh Circuit affirmed the dismissal of a customer’s proposed class action lawsuit against a Florida-based fast-food chain, PDQ, over a data breach. The three-judge panel rejected the argument that an increased risk of identity theft was a concrete injury sufficient to confer Article III standing,
Crime (Policy) Does Pay – Sixth Circuit Holds That Endorsement of Crime Policy Covers Losses From Hacker’s Data Breach*
The Sixth Circuit Court of Appeals recently held that a computer fraud rider to a “Blanket Crime Policy” covers losses from a hacker’s theft of customer credit card and checking account data.
Twitter’s Settlement With the FTC Demonstrates that “Reasonable Security” Isn’t Only About Online Commerce
The social networking and micro-blogging service Twitter recently agreed to settle charges with the Federal Trade Commission (FTC) regarding its privacy and data security practices. Similar to settlement terms reached with other online merchants, the settlement bars Twitter for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information. Notably, the agreement also requires Twitter to maintain a comprehensive information security program and submit to audits of the program for 10 years. The settlement agreement does not include a monetary penalty. The FTC alleged that despite Twitter’s promises on its website to protect the personal information of its users, Twitter’s practices failed to provide reasonable and appropriate security. Unlike many of the other companies that the FTC has pursued regarding online security practices, Twitter does not sell goods online or collect financial information from its users.