In May 2011, Michaels Stores reported that “skimmers” using modified PIN pad devices in eighty Michaels stores across twenty states had gained unauthorized access to customers’ debit and credit card information. Lawsuits soon splattered on the specialty arts and crafts retailer, alleging a gallery of claims under the Stored Communications Act (“SCA”), the Illinois Consumer Fraud and Deceptive Business Practices Act (“ICFA”), and for negligence, negligence per se, and breach of implied contract.
Late last month, U.S. District Court Judge Charles Kocoras dismissed some claims, but others survived. The opinion presents a broad-brush survey of potential data security breach claims, with some fine detail and local color particular to this variety of criminal data security breach.

In a decision that will significantly impact the ability of the government to access electronic communications, the United States Court of Appeals for the Sixth Circuit on June 18, 2007, affirmed a district court’s issuance of a preliminary injunction prohibiting governmental entities from obtaining Internet Service Providers’ (“ISP”) subscribers’ e-mail communications unless the subscriber first receives prior notice and an opportunity to be heard.  Warshak v. United States, No. 06-4092 (6th Cir. 2007). The Court found unconstitutional the Stored Communications Act (“SCA”) provisions allowing Government seizure of such communications without prior subscriber notice, because the court order could be issued without a showing of probable cause that the subscriber had committed a crime. The Sixth Circuit found that individuals have an expectation of privacy regarding the contents of emails sent or stored through an Internet Service Provider (ISP).