On January 24, 2025, the Illinois Supreme Court ruled in Petta v. Christie Business Holding Co., P.C., 2025 IL 130337, that a patient who alleged an increased risk of harm arising from a data breach at a medical clinic did not suffer an injury in fact sufficient to confer standing.
Media & Privacy Risk Report
News, commentary and humor on media, privacy and the law
Blog Authors
Latest from Media & Privacy Risk Report
TCPA Turnstile: Four Scariest Developments (and a Potential Ray of Light Amid the Fright) (TCPA Update Vol. 19)
As we reach the peak of this year’s Spooky Season, we thought it would be helpful to revisit some of the scariest recent developments in the realm of TCPA litigation and compliance. The conventional wisdom is that some of the new rules and regulations coming into play around the TCPA are going to lead to…
E-Tailer Beware: The Seventh Circuit Clarifies the Framework for Enforceability of Digital E-Commerce Agreements
Does your company have website terms of use, or e-commerce terms?
If so, it’s important to know whether those terms are enforceable.
In Domer v. Menard, Inc., Domer wanted to recover a $1.40 pickup service fee for a can of paint she bought on the Menards’ website. In her suit, Domer alleged that Menards…
NetChoice Succeeds in Striking Down Utah Social Media Law Under First Amendment
A federal court last week sustained a First Amendment challenge to a Utah law aimed at addressing the use of social media platforms by minors, holding that the law’s proponents failed to demonstrate that the law served a compelling interest or was narrowly tailored.…
Texas Attorney General Challenges General Motors’s Collection and Sale of Driving Data
On August 13, 2024, the Texas Attorney General’s Office (Texas AGO) filed a claim under Texas’s Deceptive Trade Practices-Consumer Protection Act challenging General Motors’ collection and use of data collected from consumers regarding their driving history. The Texas AGO’s complaint implicates thorny issues regarding how companies prepare and roll out privacy disclosures to consumers. The…
BIPA Bellwether: Governor signs BIPA reform bill
In May, we told you about proposed revisions to the Illinois Biometric Information Privacy Act (“BIPA”) that should provide some welcome relief for defendants. Governor J.B. Pritzker has now signed that reform legislation into law.…
Texas and Meta Settle Biometric Data Litigation for $1.4 Billion
On July 30, 2024, the Texas Attorney General’s Office announced a $1.4 billion settlement of biometric privacy claims brought against Meta arising from Meta’s historical use of facial recognition technology on photographs posted to Facebook’s social media platform.…
BIPA Bellwether: General Assembly provides relief from “per scan” damages
In a welcome change for defendants, a recent amendment to the Biometric Information Privacy Act (“BIPA”) is expected to significantly curtail potential damages under the statute. SB 2979, which passed the General Assembly on May 16, 2024, clarifies that damages are per individual, rather than per violation, for violations of the collection provision under Section…
SEC Joins Chorus of Regulators Requiring Data Breach Notifications
Last week, the U.S. Securities and Exchange Commission (“SEC”) became the latest federal regulator to implement a data breach notification law. The commissioners unanimously voted to approve amendments to Regulation S-P (the “Final Rule”)—the regulation governing the use of consumers’ personal information and records—to require certain financial institutions to adopt and maintain data incident response…
Breach Response: Is 72 hours the new 30 days?
For years, we were able to tell most clients experiencing a potential data security incident that they likely had at least 30 days to notify any third parties about the incident – if they concluded it was a breach. There were, of course, exceptions in certain regulated industries, but most companies fell within the scope…