Posted onJune 3, 2015byHenry Sneath|Comments Off on Pittsburgh Court Rules on Data Breach Class Claims – Denying Cause of Action
Posted By Henry M. Sneath,Chair of the Cybersecurity and Data Breach Prevention and Response Team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C. firstname.lastname@example.org or 412-288-4013
A Pittsburgh, Pennsylvania Judge has ruled at the trial court level that there is no private cause of action for the alleged failure of a major hospital network to secure and protect PII and PHI. Denying Class claims, Judge Wettick has ruled that because the legislature has not created such a right, that only the Pennsylvania Attorney General has the right to bring a claim in this circumstance. See the Legal Intelligencer article here: http://tinyurl.com/nphostc We will get more details on this case and pass them along with our analysis.
Posted By Henry M. Sneath,Chair of the Cybersecurity and Data Breach Prevention and Response Teamat Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C. email@example.com or 412-288-4013
Travelers Indemnity and Insurance released its annual Business Risk Index, which is a survey of the concerns of business leaders and decision makers. Not surprisingly, for 2015, Cyber Risk moved up to the number 2 concern on that list, right behind rising healthcare costs. In some industry sectors it is the number 1 concern. The Banking and Financial Services, Professional Services, and Technology sectors each ranked cyber risks as the main driver of sleepless nights. The chart on page 3 of the survey is very instructional as to the different concerns between small, medium and large businesses. Small businesses have less concern about data breach than larger businesses, but perhaps small businesses are overlooking their vulnerability and attractiveness as targets. If they care less, they will likely protect less, and become easy targets for hackers. It should be a huge concern for all businesses in all industries as no one appears immune. If you data store or deal in Personal Identifiable Information (PII) or Personal Health Information (PHI) as part of your business, then you are a valuable target. If you have financial or credit information, or trade secrets to protect, then perhaps your competitors, foreign governments and political hackers want to look inside your data. Many insurers are now offering Cyber Risk Insurance to provide defense and indemnity against these risks. Every business should have a data breach prevention and response team of employees and outside consultants and lawyers to audit the company’s vulnerability and to set the plan for a response when a breach occurs. See the complete Travelers Business Risk Index at: https://www.travelers.com/prepare-prevent/risk-index/business/index.aspx
Posted By Henry M. Sneath,Chair of the Cybersecurity and Data Breach Prevention and Response Team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C. firstname.lastname@example.org or 412-288-4013
Target Corp. agrees to settle the 2013 data breach class claims prior to argument on class certification. Lead plaintiff’s counsel admitted the uphill battle he faced to obtain class certification due primarily to the difficulty in these consumer data breach cases of proving commonality of claims. This settlement, which still needs court approval for its proposed $10M payout, will not settle claims by commercial entities, but only individual consumer claims. Here is a good article with more detail from the National Law Journal. We will continue to follow this settlement and the handling of the commercial claims as this blog increases our focus on Cybersecurity and Data Breach Prevention and Response issues.
See this link to the NLJ for more info: http://tinyurl.com/kxwjrb9
Posted By Henry M. Sneath,Chair of the Cybersecurity and Data Breach Response team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C. email@example.com or 412-288-4013
Privacy concerns continue to dog the CISA (formerly CISPA) bill, but it easily passed out of the Senate Intelligence Committee yesterday. Pundits claim that the bill pits “big government – NSA, Homeland Security et al allegedly aided by Big Tech Companies” against privacy advocates who want less regulation of data and the internet. I’m not sure if it lines up that neatly however. See this short article with a summary of the committee process from Wired.Com.
Here is an advocacy website piece which supports defeat of he bill.
We will continue to monitor the path of the bill to see if it makes it to the Senate Floor for a vote. For the complete text of the bill, view it at this link.
I attended the Pittsburgh Technology Council’s breakfast briefing this morning and heard a great presentation by Jeffrey Hennion, President of Pittsburgh based Branding Brand: http://www.brandingbrand.com/ Founded by 3 CMU students, the company is now an industry leader in Mobile Commerce website and application development. They serve some of the largest retailers and businesses who are now true believers in the power of mobile commerce and mobile wallet apps – shopping from a phone. Costco (See Image below), Dicks Sporting Goods, Sephora, Ralph Lauren and countless more retailers have large percentages of sales now flowing through Branding Brand platforms. Starbucks is currently the leader in mobile commerce sales with its QR code based “mobile wallet”, which allows purchases from a scan of your phone screen. A next big market for these products is the travel industry. As you ride from the airport to the hotel, you use your phone to check into the hotel, you skip the registration desk, open your room with your phone which has been activated with a mobile key. As Jeff described it – these developments are fascinating, but sometimes a little creepy. The percentage of phone driven ordering, and mobile wallet purchased sales is zooming upward and some companies could face loss of significant market share if they don’t keep up.
By Henry M. Sneath, Esq. – Chair of the Picadio Sneath Miller & Norton, P.C. Intellectual Property Group. Contact him at firstname.lastname@example.org
Last week a Pittsburgh federal court jury found on behalf of local university CMU against hard drive chip maker Marvell (See attached photo) on claims of patent infringement and willfulness. The $1.17 Billion award was huge by any standards and still faces post trial motions which could vacate the verdict or increase it for willfulness, which the jury found. Judge Fischer could grant any number of what will surely be multiple post trial motions including a motion for mistrial, which was made by Marvell counsel during CMU’s closing argument and on which she denied the motion without prejudice to rule on it after the announcement of a verdict. In other words, she could still grant a mistrial and vacate the one month trial and verdict. She could also increase the verdict by as much as threefold based on the willfulness finding. The article attached below indicates that no tech verdict this large has ever stood the test on appeal. Here is one of a number of good descriptions of the case as it has been written about extensively over the last week: http://arstechnica.com/tech-policy/2012/12/jury-slams-marvell-with-mammoth-1-17-billion-patent-verdict/
Here also is an interesting video take on the case. http://www.bloomberg.com/video/david-martin-on-carnegie-mellon-marvell-patent-case-er1U0P~yQXC616MuXqU_Hw.html
On December 17, 2012, U.S. District Judge Koh denied Apple’s request for a permanent injunction against Samsung. As a reminder, a jury awarded Apple $1.05 billion in damages in August after finding that Samsung had copied certain features of Apple’s iPhone and iPad. (See our earlier blog post summarizing this verdict). With respect to the court’s most recent ruling, Judge Koh followed the Federal Circuit’s heightened standard that requires patent-holders to show a direct link between lost market-share and a specific infringing feature of a competitor’s product. In fact, in a previous ruling related to another lawsuit between Apple and Samsung over the patented search technology used in Apple’s Siri feature, the Federal Circuit overturned Jodge Koh’s decision to grant a preliminary injunction against Samsung’s Galaxy Nexus phone. In the present matter, Judge Koh found that Apple’s evidence for injunctive relief fell short of the strict “causal nexus” standard because the lawyers did not prove that the copied features specifically drove consumers to buy Samsung devices.
Some attorneys believe that Apple’s main objective was to block Samsung’s sale of its products and not to obtain a financial remedy. In this regard, attorneys are of the opinion that the record verdict was a mere slap on the wrist to Samsung, which generates approximately $100 billion in annual revenues. Nonetheless, this recent ruling has a significant impact on the parties’ leverage in the mobile patent litigation arena.
On behalf of our firm, I would like to thank The Pittsburgh Technology Council for hosting such a spectacular event last evening. Also, I would like to congratulate all of the award winners who were recognized by the Council as leaders in technology and innovation within the Pittsburgh area.
The Pittsburgh Technology Council holds an annual Tech 50 awards presentation as a way to honor companies that have demonstrated an ability to grow and succeed as technology-oriented companies in Pittsburgh. The event last evening provided an excellent opportunity for business leaders to come together and recognize and celebrate all of the creative contributions made by these companies on a local, national and global stage. The Tech 50 award winners are as follows:
Calgon Carbon Corporation – Advanced Manufacturer of the Year
Epiphany Solar Water Systems, LLC – Innovator of the Year
ERT, formerly invivodata, inc. – Life Sciences Company of the Year
TrueFit – New Media Company of the Year
Summa Technologies – Solution Provider of the Year
Branding Brand – Start-Up of the Year
ANSYS, Inc. – Tech Titan of the Year
Scott Pearson, Aquion Energy, Inc. – CEO of the Year
Again, congratulations! We wish you and all of the other Pittsburgh tech companies the best.
As a follow up to Robert Wagner’s post, “Discovery of Facebook Accounts,” I will take a closer look at the analysis by Judge Wettick in Trail v. Lesko, No. GD-10-0172249 (July 3, 2012) for determining what a party needs to establish before Judge Wettick will order disclosure of non-public Facebook, or other social networking, content. I will also provide an update on whether other courts have relied upon Judge Wettick’s opinion.
At the outset, Judge Wettick notes that no appellate court in Pennsylvania has addressed discovery requests for information contained within an individual’s Facebook profile. He reviews the approach of other trial judges in Pennsylvania to date and concludes that most Pennsylvania “courts recognize the need for a threshold showing of relevance prior to discovery of any kind, and have nearly all required a party seeking discovery in these cases to articulate some facts that suggest relevant information may be contained within the non-public portions of the profile. To this end, the courts have relied on information contained in the publicly available portions of a user’s profile to form a basis for further discovery.”
Judge Wettick also found the decisions of other state and federal courts to be largely in line with Pennsylvania case law. As in Pennsylvania, other courts agree that the content posted by someone on Facebook is not privileged, either because communications with “Friends” are not privileged or because, if the communications were privileged, such privilege was waived by sharing the content with others. On the other hand, the courts disfavor “fishing expeditions” and tend to require some evidence suggesting the existence of relevant information prior to ordering access to a person’s non-public social media information. According to Judge Wettick, courts from other jurisdictions have taken more steps than Pennsylvania courts, however, to require more narrowly tailored discovery orders or have even relied on counsel to review his or her client’s profile for relevant information in the first instance.
Trail v. Lesko was a personal injury case arising from a motor vehicle accident which was allegedly caused by defendant’s drunk driving. Judge Wettick indicated that he was basing his rulings on Pennsylvania Rule of Civil Procedure 4011(b), which provides that “[n]o discovery or deposition shall be permitted which . . . (b) would cause unreasonable annoyance, embarrassment, oppression, burden or expense to the deponent or any person or party . . . .” Judge Wettick reasoned that a court order that gives an opposing party access to another’s non-public Facebook page “is intrusive because the opposing party is likely to gain access to a great deal of information that has nothing to do with the litigation and may cause embarrassment if viewed by persons who are not “Friends.” Because such discovery is intrusive, it is protected by Rule 4011 “where the party seeking discovery has not shown a sufficient likelihood that such discovery will provide relevant evidence, not otherwise available, that will support the case of the party seeking discovery.”
However, Judge Wettick did acknowledge that the level of intrusiveness for a Facebook page, containing information made available to others who have no obligation to keep it confidential, is likely to be low. Therefore, someone seeking to obtain such information will only need to show that the discovery “is reasonably likely to furnish relevant evidence, not available elsewhere, that will have an impact on the outcome of the case.”
Applying this reasoning to the facts of the case before him, Judge Wettick found that neither party had shown sufficient need for discovery of each other’s non-public Facebook pages. Plaintiff was not entitled to the information because defendant had already made admissions in response to requests for admissions that made the request for Facebook content unnecessary, and defendant was not entitled to the information because the photos from plaintiff’s public page did not contain any information that suggested plaintiff’s personal injury claims were called into question.
With this opinion, Judge Wettick is informing litigators that while he is not opposed to permitting discovery of non-public social media, parties need to show that the social media that a person otherwise assumes is directed solely to a limited audience, i.e. their “friends,” is reasonably likely to be relevant to the claims in the case and is not available elsewhere. In short, Judge Wettick attempts to balance a person’s privacy interests with those of a party seeking to prove or defend his or her case.
So far, no other courts have cited Judge Wettick’s opinion. We will continue to watch for Pennsylvania court opinions following or rejecting Judge Wettick’s approach and for any rulings from the Pennsylvania appellate courts on the issue of discovery of social media.
Earlier this week, an interesting story emerged that Bruce Willis was considering suing Apple over whether his children could inherit his iTunes collection after his death. The story turned out to be a hoax, but the questions it raises regarding ownership and rights in this digital age are very interesting.
Decades ago, music, movies, and books were exclusively purchased in a tangible form—records or CDs, videotapes or DVDs, and paperback or hardback books. While these formats are still largely available, more and more people are purchasing this type of content in an intangible digital format through services like Apple’s iTunes and Amazon’s Kindle stores.
In the past, the purchase of a tangible product like a record or book made transferring the product easy. Under the first sale doctrine, one simply could give or sell the record or book to another without any constraints. Thus, inheriting the record or the book did not pose any problems from an intellectual property or legal perspective. (Whether anyone wanted grandma’s or grandpa’s record or book collection is another matter).
When one purchases a song from iTunes or a book for Amazon’s Kindle store, the issue gets more complicated. One is actually purchasing a limited license to listen to the song or read the book on a limited number of devices. No physical, tangible products are purchased. Normally, the license is limited to the purchaser and is arguably valid only during the lifetime of the purchaser (assuming there are no other restrictions, as there sometimes are with video “purchases”). Thus, there is nothing tangible to give to another. Indeed, the licenses often explicitly restrict the giving or selling of the product to another.
Getting back to the situation that Bruce Willis was supposedly concerned about—what would happen to all of the music he purchased after he died? Most of the time, families will likely not be particularly concerned about whether they inherit grandpa’s music collection, but not always. For instance, what if the father or mother dies prematurely, and everything that the family was listening to or watching on a regular basis was purchased through that person’s iTunes account? The shift to a digital medium could have a very real and expensive consequence (in addition to whatever emotional trauma the family has to deal with from the untimely death).
I think a more concerning issue is the potential effect on a family’s photographs and letters, which can be some of the most treasured possessions a family has. With the shift to storing photographs on-line and corresponding through e-mail rather than letters, we are moving some of our most prized possessions and memories from tangible forms that can easily be preserved and given to others to an intangible form that may have unexpected and unanticipated restrictions. For example, if an individual stores all of his or her photographs on-line, what happens when that person dies? Will the account be closed and all the files deleted once the annual payments stop? Even if it is not, who will be allowed to access it, especially if the passwords were never written down or are lost?
We are still in the infancy of the digital age in many respects and questions like these are only beginning to be considered, and many companies’ terms and conditions are simply not designed to deal with circumstances like these. So, what should one do?
Where possible and when the ability to transfer the item to your spouse, children, or others is important, then efforts should be made to make sure the item is in a tangible form or resides on a computer in a way that is accessible regardless of whether you are alive or whether you fail to make an annual payment to a particular cloud service. In the case of pictures, that could mean having them printed out or storing them in a folder on your hard drive (instead of in the cloud). The same is true of e-mails. If there are particularly important e-mails, make sure that they have been saved on your hard drive, instead of leaving them in the cloud, or print them out.
Finally, it is a good practice to leave instructions as to what important on-line accounts you have (e-mail, Facebook, iTunes, cloud storage, banking, etc.) and how to access them so that others can get access to these accounts where appropriate if you are no longer able to. Given the important nature of these accounts, you should only leave this information with people you trust or in a location that is secure (e.g., a bank box).
It will be interesting to see how companies respond to issues like the one that Bruce Willis supposedly raised (even though he didn’t actually). The cloud provides many great conveniences, but as is often true with new technologies and ways of doing things, there are many unexpected issues that emerge. Hopefully, people, companies, and the law will find solutions to preserve those family treasures without too many hassles.
Our Law Firm: Houston Harbaugh in Pittsburgh, Pa. Business Litigation. Pittsburgh Strong.®
Contact our Pittsburgh Intellectual Property, Data Security, Trade Secret, DTSA and Technology Attorneys at Houston Harbaugh, P.C. through IP Section Chair Henry M. Sneath at 412-288-4013 or email@example.com. Some posts herein were published by the law firm Picadio Sneath Miller & Norton, P.C. (PSMN®) which has merged with HoustonHarbaugh, P.C. and are used by permission. DTSALaw® is a federally registered trademark. See Firm Website at: www.hh-law.com