In connection with a class action lawsuit filed against Michaels
Stores Inc., the United States District Court for the District of
Massachusetts certified to the Supreme Judicial Court of
Massachusetts three questions: (1) whether a ZIP code constitutes
personal identification information; (2) whether, under the
Massachusetts statute prohibiting collection of personal
identification information during a credit card
transaction, a plaintiff may pursue a claim without any
evidence of identity theft; and (3) whether, under the statute a
"credit card transaction form" includes an electronic
transaction form. Earlier this week, the Supreme
Court answered "yes" to all three of these
questions. A copy of the Court's opinion is attached
here. The Supreme Court's decision
will likely open the door to more lawsuits against retailers in
Massachusetts. Plaintiffs may now file actions against
retailers who collect ZIP code information during a credit
card transaction and, consistent with the Supreme Court's
broad interpretation of personal identification information,
plaintiffs may try to expand the definition of personal
identification information even further to include other types
of information. In addition, the Supreme Court's decision
has lowered the bar for plaintiffs who struggle to prove that they
have been injured in these cases. Under the Supreme
Court's ruling, a plaintiff no longer needs to demonstrate that
he or she has suffered identity theft in order to maintain a cause
of action. Significantly, the Court stated that receipt of
unwanted marketing materials or the sale of a consumer's
personal identification information to a third-party can constitute
an injury sufficient to maintain an action. As a result of
the Supreme Court's decision, retailers in Massachusetts should
review and evaluate their data collection practices.
The questions that BYOD policies seek to answer are these: (1) Who owns your device? (2) Who owns the information on your device? (3) What happens if that information (or the device itself) gets lost or stolen?
Orrick Cybersecurity & Data Privacy lawyers Emily Tabatabai and Shea Leitch co-authored an article for the International Association of Privacy Professionals' Privacy Tracker on the continued expansion...
He advises on handling internal data breach investigations; supervising forensic examinations and coordinating with law enforcement in investigations of criminal attacks; and regulatory investigations and enforcement actions by the FTC and HHS/OCR.
Privacy advocates in both the United States and Europe are urging regulators to take a hard look at the privacy ramifications of internet-connected toys, which are often conventional toys augmented by companion mobile applications.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).