Learning Center
Plans & pricing Sign in
Sign Out

Emerging Class Action ThreatConsumer g g Personal ... - Strafford


									  Presenting a live 90‐minute webinar with interactive Q&A

     g g
Emerging Class Action Threat: Consumer 
Personal Identification Data Violations
Strategies to Minimize Litigation Risks and Maximize Insurance Coverage

THURSDAY, MAY 26, 2011

1pm Eastern   |   12pm Central | 11am Mountain     |   10am Pacific

                                                                           Today’s f l f
                                                                           T d ’ faculty features:

                                 Donna L. Wilson, Partner, Buckley Sandler, Santa Monica, Calif.
                                      Patrick N. Keegan, Member, Keegan Baker, Carlsbad, Calif.
                                          Linda D. Kornfeld, Partner, Jenner & Block, Los Angeles

The audio portion of the conference may be accessed via the telephone or by using your computer's
speakers. Please refer to the instructions emailed to registrants for additional information. If you
have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.
Conference Materials

If you have not printed the conference materials for this program, please
complete the following steps:
•   Click on the + sign next to “Conference Materials” in the middle of the left-
    hand column on your screen.
•   Click on the tab labeled “Handouts” that appears, and there you will see a
    PDF of the slides for today's program.
•   Double click on the PDF and a separate page will open.
•   Print the slides by clicking on the printer icon.
Continuing Education Credits                                   FOR LIVE EVENT ONLY

For CLE purposes, please let us know how many people are listening at your
location by completing each of the following steps:
•   Close the notification box
•   In the chat box, type (1) your company name and (2) the number of
    attendees at your location
•   Click the blue icon beside the box to send
Tips for Optimal Quality

Sound Quality
S    d Q lit
If you are listening via your computer speakers, please note that the quality of
your sound will vary depending on the speed and quality of your internet

If the sound quality is not satisfactory and you are listening via your computer
speakers, you may listen via the phone: dial 1-866-869-6667 and enter your PIN
       prompted. Otherwise,
when prompted Otherwise please send us a chat or e mail  e-mail immediately so we can address the problem.

If you dialed in and have any difficulties during the call, press *0 for assistance.

Viewing Quality
To maximize your screen, press the F11 key on your keyboard. To exit full screen,
press the F11 key again
                              Emerging Class
                              Action Threat:
                              Consumer Personal
                              Identification Data
                              Violations: Strategies
                              to Minimize Litigation
Legal Counsel to the          Risks and Maximize
Financial Services Industry
                              Insurance Coverage

                                Donna L Wilson
                                D     L. Wil

                                  May 26, 2010
                   THE PRESENTERS

               L.
        Donna L Wilson of BuckleySandler LLP
        with the defense perspective
        dwilson@buckleysandler com
        (424) 203-1010

       Patrick N. Keegan of Keegan & Baker, LLP
          ith the l i tiff       ti
        with th plaintiff perspective
        (858) 558 9400
                        ABOUT DONNA L. WILSON
    Donna L. Wilson is a partner in the Los Angeles office of BuckleySandler LLP, where she
    leads the Firm’s West Coast litigation practice. Ms. Wilson represents all forms of
    traditional and non-traditional financial services providers, including banks, mortgage
    companies, national retailers, franchisors, telecommunications and media companies, in
    a variety of privacy and information security, fair credit and state unfair and deceptive
    trade practice matters. In addition, Ms. Wilson assists corporate and individual
    policyholders in obtaining coverage in disputes ranging from individual directors/officers
    for f                       f             f
    f defense costs, claims for coverage for alleged privacy and data breaches, as well as
    defense and liability costs for mass torts such as lead pigment and asbestos. Regardless
    of the context, Ms. Wilson’s unique experience litigating on behalf of plaintiffs -- including
    class action and corporate plaintiffs – leads to a non-linear litigation approach that offers
    efficiency and creativity.

    Ms. Wilson writes and lectures extensively on class action litigation, privacy and data
    breach issues, and insurance coverage.

    Prior to joining BuckleySandler, Ms. Wilson was th co-chair of the Consumer Financial
    P i t j i i B kl S dl M Wil                     the     h i f th C             Fi   i l
    Services group at Kelley Drye & Warren LLP, and a litigator in its Privacy and Data
    Security Group. She also was a founding partner of that firm’s Insurance Recovery

                        ABOUT PATRICK N. KEEGAN

    Patrick Keegan, the co-founder and managing partner of Keegan & Baker, LLP, has worked on numerous class
    actions in which he acted as lead or co-lead counsel on behalf of a plaintiff class resulting in significant
                                                                        p                       g      g
    recoveries. He has specialized in complex commercial litigation, including securities, antitrust and consumer
    fraud litigation, and has successfully handled numerous complex commercial litigation matters.

    For example, Mr. Keegan was retained as post-trial defense counsel several days after a jury verdict was
    rendered against our client in the amount of approximately $24 million dollars (an $18 million dollar jury award
                                                                dollars,                                      avoid).
    and an attorneys fees motion for approximately $6 million dollars which we were successfully able to avoid)
    The award in that matter, entitled FF Orthotics Corp, Inc., et al. v. Good Feet, et al., Case No. GIC 791494,
    California Superior Court, San Diego County, (Judge Fredric Link) was grounded in antitrust violations,
    franchise law violations and unfair business practices violations. By virtue of the post trial work and the
    subsequent settlement negotiations (which included 11 plaintiffs), we were able to reduce the judgment to
    $4.25 million, paid over time, which allowed the individual defendants/shareholders to retain ownership of the
    defendant corporations and ultimately remove the defendant corporations from receivership. The defendant
                   p                        y                           p                          p
    entities are currently again selling franchises nationwide and are in the process of expanding globally.

    Mr. Keegan has also acted as co-class counsel and co-trial counsel, in a class action entitled Jason A. Park v.
    Cytodyne Technologies, Inc., Case No. GIC 768364, California Superior Court, San Diego County, (Judge
    Ronald L. Styn), asserting false advertising claims under the Unfair Competition Laws (Ca Business and
    Professions Code Sections 17200 and 17500) and the Consumer Legal Remedies Act (Ca Code Civil Section
    1750), brought a successful motion for class certification and obtained a judgment of $12,536,820.00 in
    restitution and additional prohibitive injunctive relief on behalf of the certified class after a 7 week trial in 2003.

    Mr. Keegan has also represented numerous parties in arbitrations before the National Association of Securities
    Dealers and American Arbitration Association.

                  THE SONG-BEVERLY CREDIT
                         CARD ACT

       Cal Civ Code § 1747 08:
        Cal. Civ.      1747.08:
        –   What is the purpose?
        –   What does it forbid?
        –   What is “personal identification information”?
        –                         $1,000
            Civil penalties up to $1 000 per violation: No
            aggregate cap
        –         p
                Bona fide error
                Others


        Enacted in 1971
        Prior to 1991: only prohibited requiring
         cardholder to provide personal identification
         information as a condition to accepting a
         credit card
         –   Did not forbid requesting personal information from a
             credit card user, and the user voluntarily providing the

                         (cont )

        1991 amendment: added language
         prohibiting requesting consumer personal
                                             p g
         information “as a condition to” accepting the
         credit card as payment for goods or services
         –                      g               p            y
             Amendment designed to “clean up” and “clarify” the
             statute, not exponentially expand its reach
         –   Purpose was to clarify that persons “may neither
             require nor request, as a condition to accepting the
             credit card, the taking or recording of personal
             identification information from the cardholder”

                            (cont )
                                       g       y pp y
         Threshold issue: Does Song-Beverly apply to mere
         requests for information, even where the consumer
         is told that the information is not required?
         –        misplaced
             The “misplaced” comma:
                 Plaintiffs contend that the 1991 amendment expanded scope
                  of liability by prohibiting the requiring of information “as a
                  condition to accepting the credit card” AND any and all
                  requests for personal identification information from
                    – Florez v. Linens n’ Things, 108 Cal. App. 4th 447 (2003)
                    – But see the Florez court’s note that nothing prevents a retailer
                      from soliciting a customer’s address and telephone number for
                      a store’s mailing list, if that information is provided voluntarily

                   (cont )
        Plaintiff’s view is contrary to:
           – Legislative history
           – First Amendment rights to free speech and free association
           – Statutory interpretation
        Absher v. AutoZone, Inc., 164 Cal. App. 4th 332 (2008)
        TJX Companies, Inc. v. Sup. Ct., 163 Cal. App. 4th 8 (2008)
        Notably,
         Notably other state statutes prohibit requests for personal
         information only as a condition to credit card transactions.
         For example:
           – DC Code § 47 3153
           – 11 Del. Code § 914
           – Minn. Stat. Ann. § 325F.982

                   CERTAIN KEY DECISIONS
                   UNDER SONG-BEVERLY
             g      jury      (Shabaz v. Polo Ralph Lauren Corp.,
         No right to j y trial (                  p            p,
         586 F. Supp. 2d 1205 (C.D. Cal. 2008))
        No private right of action for injunctive relief (Korn
         v. Polo Ralph Lauren Corp., 644 F. Supp. 2d 1212
         (E.D. Cal. 2008))
                                               the
         Range of penalty could span between “the proverbial
         peppercorn” to the maximum amounts authorized by the
         statute (TJX Companies)
        One year statute of limitations (TJX Companies)
        Does not apply to return or Internet transactions

                            IS A ZIP CODE PII?

        Party City Corp. v. Sup. Ct., 169 Cal. App. 4th 497
         –   ZIP code is “group identifier about location,” not
             “personalized or i di id l id tifi ti i f
             “                                                  ti ithi
                      li d individual identification information within
             the statutory terms”
                                                          pp
         Pineda v. Williams-Sonoma Stores, Inc., 178 Cal. App.
                                             , ,
         4th 714 (2009): Followed Party City
         –   ZIP code is not personal identification information within
             th meaning of § 1747 08(b) even where it i requested
             the       i   f    1747.08(b)          h      is       t d
             for the purpose of reverse data mining to obtain
             customer’s address

                     IS A ZIP CODE PII? (cont.)

                  Williams Sonoma
         Pineda v. Williams-Sonoma Stores, Inc., 51 Cal. 4th
         524 (2011):
         –   A Zip code constitutes PII and, thus, “requesting and
                  di        dh ld ’           d    ith t          i l t ”
             recording a cardholder’s ZIP code, without more, violates”
             § 1747.08
         –   § 1747.08 is remedial, and should be liberally construed
         –   A ZIP code is similar to specified types of PII in §
             1747.08(b) (telephone and address)
         –   Is unnecessary to sales transaction
         –   Construction of §1747.08 is retroactive

                          THE EXPLOSION OF CLASS
                           ACTIONS AFTER PINEDA
     Well over 100 cases filed in California courts since Pineda
           alleging § 1747 08 violations based on ZIP code
                  requests, including actions against:
 -Alin Party Supply Co.   -Crate & Barrel          -Lamps Plus                -Pier 1 Imports         -Tesoro
 -Anna s Linens            Destination
                          -Destination Maternity    Lenscrafters
                                                   -Lenscrafters               Pottery
                                                                              -Pottery Barn            Thrifty
                                                                                                      -Thrifty Oil
 -Anthropologie           -The Dressbarn           -Lids/Hat Zone             -Radio Shack            -Tiffany and Company
 -Avenue                  -Estee Lauder            -Lowe’s                    -REI                    -T.J. Maxx
 -Bath and Body Works     -Eurostar                -Macy’s                    -Redbox                 -Toys “R” Us/Babies “R” Us
 -Bed Bath & Beyond
               y          -ExxonMobil              -Maidenform                -Restoration Hardware   -Trader Joe’s
 -Bedrock Oil             -Fry’s Electronics       -Marshalls                 -Ross Stores            -Urban Outfitters
 -Best Buy                -GNC                     -Michaels Stores           -Sephora                -Victoria’s Secret
 -Big 5 Sporting Goods    -Genesco                 -Nike                      -Shell                  -Vons
 -Big Lots Stores         -Home Depot              -Nordstrom                 -Sport Chalet           -Wal-Mart
 -Body Shop               -Homegoods               -Oakley                    -Sunglass Hut           -Whole Foods Market
 -Brookstone              -IKEA                    -Office Depot              -Sur La Table           -Williams-Sonoma
 -Chevron                 -J.C. Penney Co.         -Officemax                 -Target                 -West Elm
 -Coach                   -Journey                 -Old Navy                  -The Children’s Place   -Wolverine Worldwide
  C l H h
 -Cole Hahn                K   t
                          -Kmart                   -Party A
                                                    P t American/Party City
                                                            i   /P t Cit       Th C t i      St
                                                                              -The Container Store
 -ConocoPhillips          -Kohl’s                  -Paypal                    -The Gap
 -Cost Plus               -Lacoste                 -Pearle Vision             -The Pepboys
                                     AFTER PINEDA

        New actions extend beyond traditional
         person-to-person transactions:
         –    Pay        Pump
             “Pay at the Pump” Machines
                 Flores v. Chevron Corp. et al.
                 Dulce v. Bedrock Oil, Inc. et al.
         –   Self-Service
             Self Service Kiosks
                 Schiff v. Redbox Automated Retail LLC

                          AFTER PINEDA (cont.)

        What about use of Zip codes for anti-fraud
         –   Potential legislative limitation on Pineda:
                 AB 1219 is intended to amend § 1747 08 to “recognize . . .
                                                      1747.08       recognize
                  legitimate business practices designed to address the
                  increased potential for identity theft that results if the
                  cardholder is not present or if the credit card does not
                  function correctly”
                 Would expand the exclusions enumerated in § 1747.08(c) to
                  include when information is used “solely for prevention of
                  fraud, theft, or identity theft”

                                WHAT’S NEXT?

        Does Section 1747.08 apply to e-mail addresses?
         –   See Meherens v. Redbox Automated Retail, LLC., No.
             BC455418 (Sup. Ct. Los Angeles) (alleging defendant
             “requested and/or required Plaintiff to provide his ZIP code and
             e-mail address . . . .”)
        How about to on-line transactions?
         –   Boorstein v. Paypal, Inc. and Boorstein v., Inc.
             (using Pineda to argue § 1747.08 applies to online transactions
             if the retailer requests information “unnecessary to the sales
             transaction” that, alone or together with other data (e.g.,
             cardholder’s name or credit card number) can be used for the
             retailer’s business purposes)
         –   But       Saulic Symantec C
             B t see S li v. S                         F. S              (C D
                                         t Corp., 596 F Supp. 2d 1323 (C.D.
             Cal. 2009) (holding that because, like a refund transaction, an
             “online transaction raises fraud concerns,” online transactions
             are not encompassed within §1747.08)

                       WHAT’S NEXT? (cont.)

        Has Pineda created a colorable claim that reverse data
         mining and similar practices alone constitute an invasion of
         privacy outside of the Song-Beverly context?
        Does a phone look up during a transaction constitute a
         violation of § 1747.08?
        How should a retailer proceed with respect to a loyalty or
         disco nt program?
        What is a transaction and when does it begin and end?
                                                          j
         What can a retailer do to achieve its business objectives and
         minimize its compliance and litigation risks?

Consumer P
C                l Data Vi l ti
         Personal ID D t Violations:
  Class Action Threats—Insurance
                May 26, 2011

                Linda Kornfeld
                Jenner & Block
                (213) 239-5176

                         p                     potentially
     • Critical first step: collect and review p         y
       applicable policies

        – General Liability

        – Errors & Omissions Coverage

        – Directors & Officers Liability

     CGL Policies: Is There a Potential For
                  C         ?

• Most courts that have dealt with coverage for use,
  collection or distribution of “personal information”
  have done so in FACTA context under CGL
• Is the “personal injury” or “advertising injury”
          g potentially triggered?
  coverage p          y gg

                 What is Covered?

• “Oral or written publication, in any manner, of
  material that violates a person’s right of privacy.”
• Does the claim involve some form of “publication”?
• Does the claim involve a “privacy” violation?

                       Publication ?

• What is required to constitute “publication”?
     – Some form of public dissemination?
     – Term not defined in many policies.
     – “in any manner” language allows for broad
       interpretation—courts have concluded that credit card
       receipts provided only to customers constituted

                         Right Privacy ?
         Violation of a “Right of Privacy”?

• “Privacy” often is not defined in CGL policies
• “Where an insurance policy does not define privacy”
   Where                                        privacy
  policy can be broadly interpreted “to include aspects
                       by privacy statutes.
  of privacy protected by…privacy statutes ”
     – Song Beverly intended to protect “privacy” interests
     – In FACTA context “privacy” requirement satisfied even
       though customer voluntarily p
           g                     y provided information.
      Song Beverly Claims Should “Trigger”

• Prima facie, coverage should be triggered
     – “Publication” by making customer ZIP code information
       available both internally and potentially to other
     – Such “publications” allegedly violate customer “privacy
       interests ”
     – Many complaints include an express cause of action for
       invasion of privacy
             “Statutory” Exclusions

• Typically exclude “Personal Injury… arising directly
  or indirectly out of any action or omission that
  violates or is alleged to violate: …any statue,
  ordinance or regulation…that prohibits or limits the
  sending transmitting communicating or distribution
  sending, transmitting, comm nicating distrib tion
  of material or information.”
• Insurers assert as a broad-based excuse to avoid
                        Exclusion, Con t
              Statutory Exclusion Con’t

• Carefully read the underlying complaint
     – What if it solely alleges that you “requested and
       recorded” customer’s zip code information?
     – Does that constitute “sending, transmitting
       communicating or distributing”?
     – What if in addition to alleged statutory violations the
       complaint also contains a common law privacy claims?

      “Knowing” Infliction of Personal or
         Advertising I j    E l i
         Ad ti i Injury Exclusion

• Excludes “personal and advertising injury” “arising
  out of an offense committed by . . . the insured with
  the expectation of inflicting personal and advertising
• Requires a fact-based analysis.
• What level of “expectation” or “intent” is sufficient?
• Argue against impact on payment of defense fees
     Amounts Spent for “Excluded” Claims

• What happens to the duty to defend when the
  complaint includes both covered and excluded
  claims? What if multiple lawsuits are filed and
  some include covered claims and others do not?
• If some claims or complaints are covered and
         y p                   g y
  money spent to address allegedly “excluded” claims
  “benefits” covered claims, you may have coverage
  for all defense fees expended in all actions.
            Errors & Omissions Coverage

• Policyholders should also review E&O policies

     – Cover “claims” for allegations of “professional”

     – Must act within “professional” capacity as defined by
       p y
     – Some cover “damages arising from violation of ‘privacy
                              claim ?
          What constitutes a “claim”?

• Need a demand for “something,” often money.
• Lawsuit clearly meets the standard

        Duty to “advance” defense fees

• “Potentiality” standard
• “Prior to final adjudication”—the “timing” question
   Prior          adjudication the timing

                “Penalty” Exclusions
           p                            p
• Some E&O policies exclude “fines” or “penalties.”
• Review underlying complaint: does it also seek “damages”?
  Attorney’s fees? Pre or post judgment interest?
  Attorney s
• What is the true nature of the claimed “fine” or “penalty”?
• Argue that, in privacy context, statutory damages are not a
  “penalty,” but rather a recognition that damage caused by
  privacy violation is difficult to calculate. Therefore,
  legislature uses statutory damages to act as a proxy.

         Directors & Officers Coverage

• Covers certain claims for “wrongful acts, errors or
  omissions” by company and its executives
• If executives are claimed to have known that there
  was an issue before Pineda court ruled and did not
  modify behavior, coverage may apply
• If executives are not sued, policy must have “entity
  coverage” that applies beyond “securities” claims
     • In light of Pineda and other
       lawsuits is there potential
       exposure requiring notice?
     • Do prior policies have less
       restrictive exclusions?


• Carefully read complaints
• Carefully read all policies
           p y                                      p
• Perform policy audits at time of renewal and attempt
  to negotiate to increase protection


To top