Presenting a live 90‐minute webinar with interactive Q&A
Emerging Class Action Threat: Consumer
Personal Identification Data Violations
Strategies to Minimize Litigation Risks and Maximize Insurance Coverage
THURSDAY, MAY 26, 2011
1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific
Today’s f l f
T d ’ faculty features:
Donna L. Wilson, Partner, Buckley Sandler, Santa Monica, Calif.
Patrick N. Keegan, Member, Keegan Baker, Carlsbad, Calif.
Linda D. Kornfeld, Partner, Jenner & Block, Los Angeles
The audio portion of the conference may be accessed via the telephone or by using your computer's
speakers. Please refer to the instructions emailed to registrants for additional information. If you
have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.
If you have not printed the conference materials for this program, please
complete the following steps:
• Click on the + sign next to “Conference Materials” in the middle of the left-
hand column on your screen.
• Click on the tab labeled “Handouts” that appears, and there you will see a
PDF of the slides for today's program.
• Double click on the PDF and a separate page will open.
• Print the slides by clicking on the printer icon.
Continuing Education Credits FOR LIVE EVENT ONLY
For CLE purposes, please let us know how many people are listening at your
location by completing each of the following steps:
• Close the notification box
• In the chat box, type (1) your company name and (2) the number of
attendees at your location
• Click the blue icon beside the box to send
Tips for Optimal Quality
S d Q lit
If you are listening via your computer speakers, please note that the quality of
your sound will vary depending on the speed and quality of your internet
If the sound quality is not satisfactory and you are listening via your computer
speakers, you may listen via the phone: dial 1-866-869-6667 and enter your PIN
when prompted Otherwise please send us a chat or e mail e-mail
email@example.com immediately so we can address the problem.
If you dialed in and have any difficulties during the call, press *0 for assistance.
To maximize your screen, press the F11 key on your keyboard. To exit full screen,
press the F11 key again
to Minimize Litigation
Legal Counsel to the Risks and Maximize
Financial Services Industry
Donna L Wilson
D L. Wil
May 26, 2010
Donna L Wilson of BuckleySandler LLP
with the defense perspective
Patrick N. Keegan of Keegan & Baker, LLP
ith the l i tiff ti
with th plaintiff perspective
(858) 558 9400
ABOUT DONNA L. WILSON
Donna L. Wilson is a partner in the Los Angeles office of BuckleySandler LLP, where she
leads the Firm’s West Coast litigation practice. Ms. Wilson represents all forms of
traditional and non-traditional financial services providers, including banks, mortgage
companies, national retailers, franchisors, telecommunications and media companies, in
a variety of privacy and information security, fair credit and state unfair and deceptive
trade practice matters. In addition, Ms. Wilson assists corporate and individual
policyholders in obtaining coverage in disputes ranging from individual directors/officers
for f f f
f defense costs, claims for coverage for alleged privacy and data breaches, as well as
defense and liability costs for mass torts such as lead pigment and asbestos. Regardless
of the context, Ms. Wilson’s unique experience litigating on behalf of plaintiffs -- including
class action and corporate plaintiffs – leads to a non-linear litigation approach that offers
efficiency and creativity.
Ms. Wilson writes and lectures extensively on class action litigation, privacy and data
breach issues, and insurance coverage.
Prior to joining BuckleySandler, Ms. Wilson was th co-chair of the Consumer Financial
P i t j i i B kl S dl M Wil the h i f th C Fi i l
Services group at Kelley Drye & Warren LLP, and a litigator in its Privacy and Data
Security Group. She also was a founding partner of that firm’s Insurance Recovery
ABOUT PATRICK N. KEEGAN
Patrick Keegan, the co-founder and managing partner of Keegan & Baker, LLP, has worked on numerous class
actions in which he acted as lead or co-lead counsel on behalf of a plaintiff class resulting in significant
p g g
recoveries. He has specialized in complex commercial litigation, including securities, antitrust and consumer
fraud litigation, and has successfully handled numerous complex commercial litigation matters.
For example, Mr. Keegan was retained as post-trial defense counsel several days after a jury verdict was
rendered against our client in the amount of approximately $24 million dollars (an $18 million dollar jury award
and an attorneys fees motion for approximately $6 million dollars which we were successfully able to avoid)
The award in that matter, entitled FF Orthotics Corp, Inc., et al. v. Good Feet, et al., Case No. GIC 791494,
California Superior Court, San Diego County, (Judge Fredric Link) was grounded in antitrust violations,
franchise law violations and unfair business practices violations. By virtue of the post trial work and the
subsequent settlement negotiations (which included 11 plaintiffs), we were able to reduce the judgment to
$4.25 million, paid over time, which allowed the individual defendants/shareholders to retain ownership of the
defendant corporations and ultimately remove the defendant corporations from receivership. The defendant
p y p p
entities are currently again selling franchises nationwide and are in the process of expanding globally.
Mr. Keegan has also acted as co-class counsel and co-trial counsel, in a class action entitled Jason A. Park v.
Cytodyne Technologies, Inc., Case No. GIC 768364, California Superior Court, San Diego County, (Judge
Ronald L. Styn), asserting false advertising claims under the Unfair Competition Laws (Ca Business and
Professions Code Sections 17200 and 17500) and the Consumer Legal Remedies Act (Ca Code Civil Section
1750), brought a successful motion for class certification and obtained a judgment of $12,536,820.00 in
restitution and additional prohibitive injunctive relief on behalf of the certified class after a 7 week trial in 2003.
Mr. Keegan has also represented numerous parties in arbitrations before the National Association of Securities
Dealers and American Arbitration Association.
THE SONG-BEVERLY CREDIT
Cal Civ Code § 1747 08:
Cal. Civ. 1747.08:
– What is the purpose?
– What does it forbid?
– What is “personal identification information”?
Civil penalties up to $1 000 per violation: No
Bona fide error
EVOLUTION OF SONG-BEVERLY
Enacted in 1971
Prior to 1991: only prohibited requiring
cardholder to provide personal identification
information as a condition to accepting a
– Did not forbid requesting personal information from a
credit card user, and the user voluntarily providing the
EVOLUTION OF SONG-BEVERLY
1991 amendment: added language
prohibiting requesting consumer personal
information “as a condition to” accepting the
credit card as payment for goods or services
– g p y
Amendment designed to “clean up” and “clarify” the
statute, not exponentially expand its reach
– Purpose was to clarify that persons “may neither
require nor request, as a condition to accepting the
credit card, the taking or recording of personal
identification information from the cardholder”
EVOLUTION OF SONG-BEVERLY
g y pp y
Threshold issue: Does Song-Beverly apply to mere
requests for information, even where the consumer
is told that the information is not required?
The “misplaced” comma:
Plaintiffs contend that the 1991 amendment expanded scope
of liability by prohibiting the requiring of information “as a
condition to accepting the credit card” AND any and all
requests for personal identification information from
– Florez v. Linens n’ Things, 108 Cal. App. 4th 447 (2003)
– But see the Florez court’s note that nothing prevents a retailer
from soliciting a customer’s address and telephone number for
a store’s mailing list, if that information is provided voluntarily
EVOLUTION OF SONG-BEVERLY
Plaintiff’s view is contrary to:
– Legislative history
– First Amendment rights to free speech and free association
– Statutory interpretation
Absher v. AutoZone, Inc., 164 Cal. App. 4th 332 (2008)
TJX Companies, Inc. v. Sup. Ct., 163 Cal. App. 4th 8 (2008)
Notably other state statutes prohibit requests for personal
information only as a condition to credit card transactions.
– DC Code § 47 3153
– 11 Del. Code § 914
– Minn. Stat. Ann. § 325F.982
CERTAIN KEY DECISIONS
g jury (Shabaz v. Polo Ralph Lauren Corp.,
No right to j y trial ( p p,
586 F. Supp. 2d 1205 (C.D. Cal. 2008))
No private right of action for injunctive relief (Korn
v. Polo Ralph Lauren Corp., 644 F. Supp. 2d 1212
(E.D. Cal. 2008))
Range of penalty could span between “the proverbial
peppercorn” to the maximum amounts authorized by the
statute (TJX Companies)
One year statute of limitations (TJX Companies)
Does not apply to return or Internet transactions
IS A ZIP CODE PII?
Party City Corp. v. Sup. Ct., 169 Cal. App. 4th 497
– ZIP code is “group identifier about location,” not
“personalized or i di id l id tifi ti i f
“ ti ithi
li d individual identification information within
the statutory terms”
Pineda v. Williams-Sonoma Stores, Inc., 178 Cal. App.
4th 714 (2009): Followed Party City
– ZIP code is not personal identification information within
th meaning of § 1747 08(b) even where it i requested
the i f 1747.08(b) h is t d
for the purpose of reverse data mining to obtain
IS A ZIP CODE PII? (cont.)
Pineda v. Williams-Sonoma Stores, Inc., 51 Cal. 4th
– A Zip code constitutes PII and, thus, “requesting and
di dh ld ’ d ith t i l t ”
recording a cardholder’s ZIP code, without more, violates”
– § 1747.08 is remedial, and should be liberally construed
– A ZIP code is similar to specified types of PII in §
1747.08(b) (telephone and address)
– Is unnecessary to sales transaction
– Construction of §1747.08 is retroactive
THE EXPLOSION OF CLASS
ACTIONS AFTER PINEDA
Well over 100 cases filed in California courts since Pineda
alleging § 1747 08 violations based on ZIP code
requests, including actions against:
-Alin Party Supply Co. -Crate & Barrel -Lamps Plus -Pier 1 Imports -Tesoro
-Anna s Linens Destination
-Destination Maternity Lenscrafters
-Pottery Barn Thrifty
-Anthropologie -The Dressbarn -Lids/Hat Zone -Radio Shack -Tiffany and Company
-Avenue -Estee Lauder -Lowe’s -REI -T.J. Maxx
-Bath and Body Works -Eurostar -Macy’s -Redbox -Toys “R” Us/Babies “R” Us
-Bed Bath & Beyond
y -ExxonMobil -Maidenform -Restoration Hardware -Trader Joe’s
-Bedrock Oil -Fry’s Electronics -Marshalls -Ross Stores -Urban Outfitters
-Best Buy -GNC -Michaels Stores -Sephora -Victoria’s Secret
-Big 5 Sporting Goods -Genesco -Nike -Shell -Vons
-Big Lots Stores -Home Depot -Nordstrom -Sport Chalet -Wal-Mart
-Body Shop -Homegoods -Oakley -Sunglass Hut -Whole Foods Market
-Brookstone -IKEA -Office Depot -Sur La Table -Williams-Sonoma
-Chevron -J.C. Penney Co. -Officemax -Target -West Elm
-Coach -Journey -Old Navy -The Children’s Place -Wolverine Worldwide
C l H h
-Cole Hahn K t
-Kmart -Party A
P t American/Party City
i /P t Cit Th C t i St
-The Container Store
-ConocoPhillips -Kohl’s -Paypal -The Gap
-Cost Plus -Lacoste -Pearle Vision -The Pepboys
New actions extend beyond traditional
– Pay Pump
“Pay at the Pump” Machines
Flores v. Chevron Corp. et al.
Dulce v. Bedrock Oil, Inc. et al.
Self Service Kiosks
Schiff v. Redbox Automated Retail LLC
AFTER PINEDA (cont.)
What about use of Zip codes for anti-fraud
– Potential legislative limitation on Pineda:
AB 1219 is intended to amend § 1747 08 to “recognize . . .
legitimate business practices designed to address the
increased potential for identity theft that results if the
cardholder is not present or if the credit card does not
Would expand the exclusions enumerated in § 1747.08(c) to
include when information is used “solely for prevention of
fraud, theft, or identity theft”
Does Section 1747.08 apply to e-mail addresses?
– See Meherens v. Redbox Automated Retail, LLC., No.
BC455418 (Sup. Ct. Los Angeles) (alleging defendant
“requested and/or required Plaintiff to provide his ZIP code and
e-mail address . . . .”)
How about to on-line transactions?
– Boorstein v. Paypal, Inc. and Boorstein v. Amazon.com, Inc.
(using Pineda to argue § 1747.08 applies to online transactions
if the retailer requests information “unnecessary to the sales
transaction” that, alone or together with other data (e.g.,
cardholder’s name or credit card number) can be used for the
retailer’s business purposes)
– But Saulic Symantec C
B t see S li v. S F. S (C D
t Corp., 596 F Supp. 2d 1323 (C.D.
Cal. 2009) (holding that because, like a refund transaction, an
“online transaction raises fraud concerns,” online transactions
are not encompassed within §1747.08)
WHAT’S NEXT? (cont.)
Has Pineda created a colorable claim that reverse data
mining and similar practices alone constitute an invasion of
privacy outside of the Song-Beverly context?
Does a phone look up during a transaction constitute a
violation of § 1747.08?
How should a retailer proceed with respect to a loyalty or
disco nt program?
What is a transaction and when does it begin and end?
What can a retailer do to achieve its business objectives and
minimize its compliance and litigation risks?
C l Data Vi l ti
Personal ID D t Violations:
Class Action Threats—Insurance
May 26, 2011
Jenner & Block
WHICH POLICIES MAY APPLY?
• Critical first step: collect and review p y
– General Liability
– Errors & Omissions Coverage
– Directors & Officers Liability
CGL Policies: Is There a Potential For
• Most courts that have dealt with coverage for use,
collection or distribution of “personal information”
have done so in FACTA context under CGL
• Is the “personal injury” or “advertising injury”
g potentially triggered?
coverage p y gg
What is Covered?
• “Oral or written publication, in any manner, of
material that violates a person’s right of privacy.”
• Does the claim involve some form of “publication”?
• Does the claim involve a “privacy” violation?
• What is required to constitute “publication”?
– Some form of public dissemination?
– Term not defined in many policies.
– “in any manner” language allows for broad
interpretation—courts have concluded that credit card
receipts provided only to customers constituted
Right Privacy ?
Violation of a “Right of Privacy”?
• “Privacy” often is not defined in CGL policies
• “Where an insurance policy does not define privacy”
policy can be broadly interpreted “to include aspects
by privacy statutes.
of privacy protected by…privacy statutes ”
– Song Beverly intended to protect “privacy” interests
– In FACTA context “privacy” requirement satisfied even
though customer voluntarily p
g y provided information.
Song Beverly Claims Should “Trigger”
• Prima facie, coverage should be triggered
– “Publication” by making customer ZIP code information
available both internally and potentially to other
– Such “publications” allegedly violate customer “privacy
– Many complaints include an express cause of action for
invasion of privacy
CGL POLICY EXCLUSIONS
• Typically exclude “Personal Injury… arising directly
or indirectly out of any action or omission that
violates or is alleged to violate: …any statue,
ordinance or regulation…that prohibits or limits the
sending transmitting communicating or distribution
sending, transmitting, comm nicating distrib tion
of material or information.”
• Insurers assert as a broad-based excuse to avoid
Exclusion, Con t
Statutory Exclusion Con’t
• Carefully read the underlying complaint
– What if it solely alleges that you “requested and
recorded” customer’s zip code information?
– Does that constitute “sending, transmitting
communicating or distributing”?
– What if in addition to alleged statutory violations the
complaint also contains a common law privacy claims?
“Knowing” Infliction of Personal or
Advertising I j E l i
Ad ti i Injury Exclusion
• Excludes “personal and advertising injury” “arising
out of an offense committed by . . . the insured with
the expectation of inflicting personal and advertising
• Requires a fact-based analysis.
• What level of “expectation” or “intent” is sufficient?
• Argue against impact on payment of defense fees
Amounts Spent for “Excluded” Claims
• What happens to the duty to defend when the
complaint includes both covered and excluded
claims? What if multiple lawsuits are filed and
some include covered claims and others do not?
• If some claims or complaints are covered and
y p g y
money spent to address allegedly “excluded” claims
“benefits” covered claims, you may have coverage
for all defense fees expended in all actions.
Errors & Omissions Coverage
• Policyholders should also review E&O policies
– Cover “claims” for allegations of “professional”
– Must act within “professional” capacity as defined by
– Some cover “damages arising from violation of ‘privacy
What constitutes a “claim”?
• Need a demand for “something,” often money.
• Lawsuit clearly meets the standard
Duty to “advance” defense fees
• “Potentiality” standard
• “Prior to final adjudication”—the “timing” question
Prior adjudication the timing
• Some E&O policies exclude “fines” or “penalties.”
• Review underlying complaint: does it also seek “damages”?
Attorney’s fees? Pre or post judgment interest?
• What is the true nature of the claimed “fine” or “penalty”?
• Argue that, in privacy context, statutory damages are not a
“penalty,” but rather a recognition that damage caused by
privacy violation is difficult to calculate. Therefore,
legislature uses statutory damages to act as a proxy.
Directors & Officers Coverage
• Covers certain claims for “wrongful acts, errors or
omissions” by company and its executives
• If executives are claimed to have known that there
was an issue before Pineda court ruled and did not
modify behavior, coverage may apply
• If executives are not sued, policy must have “entity
coverage” that applies beyond “securities” claims
• In light of Pineda and other
lawsuits is there potential
exposure requiring notice?
• Do prior policies have less
• Carefully read complaints
• Carefully read all policies
p y p
• Perform policy audits at time of renewal and attempt
to negotiate to increase protection