Business Litigation Alert

Business Litigation Alert

Practical Perspectives on Litigation Developments & Trends

The Power of New York’s Borrowing Statute

Posted in General Litigation

On October 11, 2016, the Supreme Court of New York, Appellate Division, First Department, decided 2138747 Ontario, Inc. v. Samsung C&T Corp., et al., which serves as a reminder to attorneys that New York’s borrowing statute applies even where the parties agreed to a New York choice-of-law provision.

The borrowing statute, CPLR 202, provides that, when a non-New York resident sues on a cause of action accruing outside New York, the complaint must be filed timely under the statute of limitations of both New York and the jurisdiction where the cause of action accrued. The statute’s underlying objective is to prevent forum shopping by nonresident plaintiffs.

In Ontario, the plaintiff, a corporation formed under the law of Ontario, Canada, was a creditor of SkyPower Corporation, a bankrupt Canadian renewable energy developer. SkyPower’s bankruptcy trustee assigned to the plaintiff all of its claims against the defendants. The plaintiff then sought damages against the defendants for a breach of a nondisclosure and confidentiality agreement (NDA), which contained a broad New York choice-of-law provision.

Continue Reading

California District Court Dismisses Facebook’s TCCWNA “Website Terms and Conditions” Lawsuit in Light of Valid Choice-of-Law Provision

Posted in Class Action Defense

New Jersey’s Truth-in-Consumer Contract, Warranty, and Notice Act (“TCCWNA”) ushered in a wave of class actions last year, targeting various provisions in retailers’ websites “terms and conditions.” Broadly speaking, the TCCWNA prohibits “consumer contracts” from containing language that violates any “clearly established legal right[s].”

New Jersey courts have not been alone in adjudicating these cases, however, as a number of similar lawsuits have been brought in other jurisdictions, including California federal district courts. For example, on September 7, 2016, the Central District of California dismissed the complaint in Candelario v. Rip Curl, Inc. on standing grounds, holding that because the plaintiff’s “only connection to the Terms and Conditions appears to be her decision to read them” and because her complaint essentially alleged only “bare procedural violation[s]” of the TCCWNA – without more – she could not satisfy “the injury-in-fact requirement of Article III.”

Even more recently, although on different grounds, the Northern District of California dismissed a “website terms and conditions” class action against Facebook. In Palomino v. Facebook, Inc., as in Candelario, the plaintiffs alleged that the social media company’s website terms and conditions violated the TCCWNA because of “provisions that purport to ‘1) disclaim liability for claims brought for Defendant’s negligent, willful, malicious and wanton misconduct; 2) bar claims for personal and economic injury and punitive damages; and 3) bar consumers from asserting claims against Defendant for deceptive and fraudulent conduct,’” among others.

Continue Reading

NY Updates Cybersecurity Requirements for Financial Services Companies

Posted in Data Privacy & Security, E-Discovery

On December 28, 2016, the New York Department of Financial Services (“DFS”) published an updated version of its proposed “Cybersecurity Requirements for Financial Services Companies.” The updated regulations will become effective on March 1, 2017. As previously reported, these regulations are an important step in the ongoing national dialogue about reasonable and necessary cybersecurity standards for all businesses.

The proposed regulations were updated in response to over 150 formal comments received by the DFS from individuals and a variety of entities and trade associations, and were made (according to the DFS) in an effort to make the regulations more flexible and risk-based. The extensive updates include the following key changes:

  • the definition of “Nonpublic Information” has been modified to more closely track the language of other standards, including the breach notification statute;
  • the required Cybersecurity Policy for a Covered Entity is now tied to the entity’s Risk Assessment, and now must also address “asset inventory and device management”;
  • the Chief Information Security Officer for a Covered Entity may be employed by a Third Party Service Provider;
  • the Covered Entity’s obligations with respect to any external service providers that access Information Systems and Nonpublic Information is now based on the Covered Entity’s Risk Assessment as well as an assessment of the risks presented by the service providers;
  • modification of the limited exemptions that may be available for Covered Entities, and a notice of exemption filing requirement; and
  • the addition of Transitional Periods designed to provide outside deadlines for compliance with specific requirements.

Continue Reading

New Jersey Appellate Division Holds Consumer Fraud Act Plaintiffs Can Recoup Attorneys’ Fees for Successfully Defending Against Counterclaims

Posted in General Litigation

In an issue of first impression, the New Jersey Appellate Division held in Garmeaux v. DNV Concepts, Inc. t/a The Bright Acre that a prevailing plaintiff in a Consumer Fraud Act (“CFA”) case is entitled to recover attorneys’ fees expended to defend an “inextricably intertwined” counterclaim. The to-be-published opinion also reaffirmed that New Jersey does not impose a strict proportionality requirement on attorney fee awards.

The Garmeaux plaintiffs sued Bright Acre in connection with services rendered to replace their gas fireplace in 2010. According to the plaintiffs’ testimony, Bright Acre introduced them to co-defendant James Risa, who was to perform the installation services for the new fireplace. At the time, Risa had worked at Bright Acre for approximately 20 years, but also owned and operated his own independent company called Professional Fireplace Services. After complaining about the schedule and quality of Risa’s work, the plaintiffs discovered that Risa performed work on his own company’s behalf and not Bright Acre. The plaintiffs hired another contractor to complete the work and brought suit against Bright Acre and other defendants, alleging, among other things, a violation of the CFA premised on a fraudulent omission. In turn, Bright Acre filed a counterclaim, which sought damages from plaintiffs for fraudulent concealment or alteration of evidence, defamation, and filing a frivolous lawsuit.

Continue Reading

Third Circuit Holds That Challenges to the Validity of a Contract Containing an Arbitration Provision Can Only Be Adjudicated by the Arbitrator

Posted in General Litigation

In a recent precedential decision, South Jersey Sanitation Co., Inc. v. Applied Underwriters Captive Risk Assurance Co., Inc., the Third Circuit held that although arbitration agreements may be invalidated by generally applicable contract defenses, like fraud, in order for the court to decide the issue, the challenge “must focus exclusively on the arbitration provision, rather than on the contract as a whole.” “If the challenge encompasses the contract as a whole, the validity of that contract, like all other disputes arising under the contract, is a matter for the arbitrator to decide.”

In South Jersey Sanitation, the dispute arose after South Jersey refused to pay premiums allegedly owed pursuant to a Reinsurance Placement Agreement (“RPA”), which contained an arbitration provision stating that any disputes arising under the contract will be arbitrated. South Jersey initially filed a complaint in the New Jersey Superior Court, seeking declaratory relief and rescission of the RPA on several grounds, including fraud, intentional misrepresentation, and illegality. In response, Applied Underwriters filed a motion to compel arbitration in accordance with the Federal Arbitration Act (“FAA”). The District Court denied Applied Underwriters’ motion to compel arbitration, on the ground that Nebraska law – the choice of law stipulated in the RPA – rendered unenforceable all arbitration provisions concerning or relating to an insurance policy.

Continue Reading

New Jersey Federal Court Relies on Spokeo to Dismiss FACTA Class Action For Failure to Allege Concrete Harm

Posted in Class Action Defense

The U.S. District Court for the District of New Jersey recently relied on the U.S. Supreme Court’s opinion in Spokeo v. Robins to grant a Rule 12(b)(1) motion to dismiss a statutory violation-based class action complaint for failure to allege a concrete injury. In Kamal v. J. Crew Group Inc., et al. the Court concluded that the plaintiff lacked standing to sue under the Fair and Accurate Credit Transactions Act (“FACTA”) because, as in Spokeo, the claims were based on a purely statutory injury, i.e., the plaintiff did not allege a “concrete and particularized” injury.

The plaintiff brought suit against J. Crew under FACTA by claiming that J. Crew’s credit card receipts improperly truncated his credit card number, as the receipts included the last four digits and first six digits of his account, rather than the last five digits only as permitted under FACTA. J. Crew moved to dismiss for failure to state a claim under Rule 12(b)(6), but the District Court denied the motion and then stayed the action to await the Supreme Court’s decision in Spokeo, which presented the issue of whether a claim of statutory damages is sufficient to confer injury in fact for standing to sue. In Spokeo, the Supreme Court affirmed the “injury-in-fact” requirement for standing, reiterating that an injury must be both “concrete and particularized.” For a thorough discussion of the Court’s holding in Spokeo, please visit our prior blogs here and here.

Continue Reading

11th Circuit’s Stay Suggests that the FTC’s Final Order Against LabMD May Itself be “Unfair” and “Unreasonable”

Posted in Appellate, General Litigation

As reported on this blog on September 27, 2016, the FTC issued a Final Order holding that LabMD’s data security practices were “unreasonable” and constituted an “unfair” business practice in violation of Section 5 of the Federal Trade Commission Act (“FTC Act”), 15 U.S.C. §45(a) and (n). The findings were a clear signal of the FTC’s expanding efforts to regulate data security and to incentivize companies handling sensitive data to implement and maintain strong data security practices. On Thursday, November 10, 2016, the 11th Circuit stayed enforcement of the FTC’s Final Order pending a full hearing and final decision on LabMD’s appeal, and called into question the validity of the FTC’s conclusions as to what may constitute an actionable “privacy harm” following a data security breach.

The FTC’s Final Order was viewed as a significant development in privacy law because the FTC concluded a “substantial injury” existed – and sanctions were appropriate – without any evidence of actual economic harm or physical injury, or any actual health or safety risks as a result of the data security breach. However, according to the 11th Circuit, the FTC’s conclusions raise “a serious legal question” justifying a stay pending resolution of the appeal for several reasons. First, the appeals court stated, “it is not clear that a reasonable interpretation of §45(n) includes intangible harms like those that the FTC found.” Second, it is not clear it was reasonable for the FTC to conclude that the data breach was “likely to cause substantial injury to consumers” in light of the actual scope of the breach and resulting “disclosure”. Third, the court concluded that the costs of complying with the FTC’s Final Order would cause LabMD irreparable injury because, if LabMD ultimately prevailed on appeal, the costs of compliance could not be recovered later given the FTC’s sovereign immunity. Finally, the court concluded that there would be no injury to other parties as a result of the stay.

While the 11th Circuit’s recent opinion is not the final word from the court on the various issues presented by LabMD’s appeal on the merits, it is clear that the court has some doubt as to whether the FTC was within its authority to enforce the FTC Act based upon perceived “intangible harms” and a low likelihood of any future harm. Stay tuned to this blog for future developments.

John T. Wolak is a Director in the Gibbons Business & Commercial Litigation Department.

Believe It or Not: Computer Fraud Coverage May Not Cover Fraud Involving a Computer

Posted in Insurance

Is a commercial policyholder able to get insurance under the terms of its computer fraud coverage (typically offered as part of a crime policy) for a fraud based upon information transmitted by email? Not according to the Fifth Circuit’s recent decision in Apache Corporation v. Great American Insurance Company, which vacated the trial court’s judgment and left the policyholder with a $2.4 million uninsured loss. While the opinion is unpublished and therefore should have limited precedential value, it highlights the importance of reviewing your company’s coverage profile in an effort to close potential gaps in insurance coverage for security breaches and other losses involving computer use.

Apache Corporation (“Apache”) received a phone call from an individual purporting to be a representative of Petrofac, one of Apache’s legitimate vendors. The caller instructed Apache to change the bank account for all future payments to Petrofac but was advised that the change could not be processed without a formal request on Petrofac letterhead. A week later, Apache’s accounts-payable department received an email from an address at “petrofacltd.com” (Petrofac’s authentic email domain was petrofac.com) stating that all Petrofac bank accounts had been changed, and the new account information was effective immediately. The email included as an attachment a signed letter on Petrofac letterhead providing both old bank account information and a new bank account, with instructions to “use the new account with immediate effect.” To verify the requested change, an Apache employee called the telephone number provided on the letterhead and “confirmed” the authenticity of the request. The change was then implemented, and over the next several weeks, Apache transferred approximately $7 million to the “new” account in payment of Petrofac’s legitimate invoices.
Continue Reading

Regulations Proposed by NY Department of Financial Services are a Significant Development for Regulated Entities … and Everyone Else

Posted in Data Privacy & Security, E-Discovery

On September 13, 2016, New York Governor Andrew M. Cuomo announced new first-in-the-nation proposed regulations to protect against the ever growing threat of cyber-attacks in the financial services industry.

The proposed regulations, to be enforced by the New York State Department of Financial Services, would apply only to an entity regulated by the NY Department of Financial Services – from a multi-national bank to a “mom-and-pop” operation. However, the regulations are important for all companies to review and consider, regardless of their location or scope of operations, because the proposal represents an important step in the ongoing national dialogue about reasonable and necessary cybersecurity standards for all businesses.
Continue Reading

Third Circuit Sets Framework for Numerosity Inquiry and Lists Factors to Consider When Determining “Whether Joinder would be Impracticable” Under Rule 23(a)(1)

Posted in Class Action Defense

One of the prerequisites for class certification under Rule 23(a) is that “the class is so numerous that joinder of all members is impracticable,” which is commonly referred to as the “numerosity” requirement. Notably, Rule 23(a)(1) is “conspicuously devoid of any numerical minimum required for class certification.” For the first time, the Third Circuit has “provide[d] a framework for district courts to apply when conducting their numerosity analyses” in a recent precedential opinion. Defendants opposing class certification must be aware of this framework, particularly since numerosity is an often overlooked prerequisite yet may provide ample grounds for defeating certification in certain actions.

In the underlying lawsuit, In re Modafinil Antitrust Litigation, the District Court certified a class of 22 direct purchasers of a pharmaceutical drug who alleged a global conspiracy between the brand manufacturer and generic drug manufacturers in violation of various antitrust laws. In considering whether joinder was “impracticable,” the District Court considered the following factors: “(1) judicial economy, (2) geographic dispersion, (3) financial resources of class members, (4) the claimant’s ability to institute individual suits, and (5) requests for injunctive relief that could affect future class members.”

Continue Reading

Lexblog