Business Litigation Alert Blog

Proper Planning Means You Do Not Need to Shed Tears When Hit with the Likes of WannaCry

Proper Planning Means You Do Not Need to Shed Tears When Hit with the Likes of WannaCry

Since Friday, May 12, over 200,000 companies from over 150 countries have become victims of a massive cyber-attack from the ransomware variant WannaCry (also known as WCry or WanaCryptor). The attackers demanded payment of $300 in Bitcoin from each victim to restore access to files that the ransomware encrypted. The attackers stated that the price of file retrieval would elevate to $600 after a short period of time, and if the company-victim refused to pay, the files would be permanently deleted. Notably, this particular ransomware appears to have been propagated primarily due to a failure to patch a Windows software vulnerability known as EternalBlue, and potentially gave the attackers access to the files they encrypted. Organizations large and small, domestic and international, are among the victims. The WannaCry attack is a stark reminder of the need to have comprehensive information governance and incident response plans in place. Planning for such an attack can be just as important, if not more so, than the response itself, and can block the threat or mitigate the damage, disruption, and liability suffered in the event the organization is a victim of a successful attack. Implement a Written Information Security Program. Knowing how to mitigate the...

California Supreme Court’s McGill Decision Creates Confusion Over the Enforceability of Arbitration Clauses That Limit Public Injunctive Relief

California Supreme Court’s McGill Decision Creates Confusion Over the Enforceability of Arbitration Clauses That Limit Public Injunctive Relief

In McGill v. Citibank, N.A., the California Supreme Court unanimously held that arbitration clauses that waive the right to seek public injunctive relief in any forum are contrary to public policy and therefore unenforceable under California law. The decision is significant, as it potentially limits the type of the relief that is subject to arbitration. It also raises questions regarding the Federal Arbitration Act’s (“FAA”) preemption of California’s so-called Broughton-Cruz rule, which holds that agreements to arbitrate claims for public injunctive relief under the California’s Consumers Legal Remedies Act (“CLRA”), unfair competition law (“UCL”), or the false advertising law are unenforceable in California. Overall, however, the case raises more questions regarding the enforceability of arbitration clauses than it resolves. Plaintiff Sharon McGill (“McGill”) opened a credit card account with Citibank, N.A. (“Citibank”) and purchased a “credit protector” plan (“Plan”) for a monthly premium, which deferred certain credit balances when a qualifying event, such as unemployment, occurred. Although McGill’s original credit card agreement did not contain an arbitration provision, Citibank sent McGill notices in 2001 and 2005 which stated that all claims were subject to arbitration, regardless of the remedy sought, and waived the cardholder’s right to bring any claims on...

Supreme Court to Decide Whether Class Action Plaintiffs Can Ring Their Own “Death Knell” Bell

Supreme Court to Decide Whether Class Action Plaintiffs Can Ring Their Own “Death Knell” Bell

The United States Supreme Court heard oral argument last month on the issue of whether a federal court of appeals has jurisdiction to review an order denying class certification after the named plaintiffs voluntarily dismiss their individual claims with prejudice. The case comes to the Supreme Court from the Ninth Circuit’s decision in Baker v. Microsoft Corp. In Baker, a putative class of owners of Microsoft Corporation’s (Microsoft) Xbox 360® video game console filed suit, alleging that the console suffered from a design defect that gouged game discs. Microsoft opposed Plaintiffs’ motion to certify the class. The District Court denied certification, citing comity considerations and relying on the class certification denial in a similar case. Thereafter, Plaintiffs filed a 23(f) petition for interlocutory appeal with the Ninth Circuit, which was denied. The Plaintiffs then voluntarily dismissed the case with prejudice, with the express purpose of obtaining immediate Ninth Circuit review of the District Court’s denial of class certification. Plaintiffs filed an appeal from the final judgment, challenging the denial of class certification. On appeal, Microsoft argued that the Ninth Circuit lacked jurisdiction because a voluntary dismissal with prejudice does not sufficiently affect the merits of the substantive claims to constitute...

U.S. Supreme Court Requires Schools to Provide a Special Needs Student More Than a “De Minimis” Education

U.S. Supreme Court Requires Schools to Provide a Special Needs Student More Than a “De Minimis” Education

On March 22, 2017, the United States Supreme Court handed down a unanimous ruling in Endrew F., et al. v. Douglas County School District RE-1. In a decision that will have far-reaching implications in the area of special education, the Court held that the Individuals with Disabilities Education Act (“IDEA”) “requires that students with disabilities be provided with an educational program that is reasonably calculated to enable a child to make progress appropriate in light of the child’s circumstances.” In 1982, the Supreme Court determined in Board of Ed. of Hendrick Hudson Central School Dist., Westchester Cty. v. Rowley that the IDEA requires that every child be provided with a free and appropriate public education (“FAPE”). The Rowley Court did not, however, adopt a standard for determining whether a child is receiving a sufficient educational benefit to satisfy this mandate. Rather, the Court stated that a child has received a FAPE if the Individual Education Plan (“IEP”) provides an education program “that is reasonably calculated to enable the child to receive educational benefits,” and otherwise limited its analysis to the facts of the Rowley case. Endrew F., an autistic child, was enrolled in a public school and educated pursuant to...

Another TCCWNA “Website” Terms & Conditions Class Action Dismissed

Another TCCWNA “Website” Terms & Conditions Class Action Dismissed

Over the last year – and as we have previously reported – online retailers have repeatedly been targeted by threatened or filed class actions, premised on their website terms and conditions purportedly containing unlawful terms that violate the New Jersey Truth-in-Consumer Contract, Warranty and Notice Act (“TCCWNA”). Many of these cases have been dismissed by trial courts on state law grounds and, in federal court actions, for failure to demonstrate “injury in fact,” a fundamental requirement for Article III standing. Continuing this trend, the District of New Jersey recently dismissed yet another website terms and conditions class action grounded in the TCCWNA, Hite v. Lush Internet Inc. In Hite – as in so many of these lawsuits – “Plaintiff visited Defendant’s website . . . and purchased one of Defendant’s cosmetic products.” Yet, she “[d]id not allege she has any claim about the product that she purchased, such as fraud, product liability or tort.” Instead, “[h]er quarrel [was] with the provisions of the terms of use of the website” in that she “generally allege[d] that the exculpatory clauses contained in the Terms of Use violate . . . the TCCWNA because they unlawfully disclaim all tort liability.” Chief Judge Simandle dismissed...

Seventh Circuit Affirms Dismissal of Data Privacy Class Action on Article III Standing Grounds

Seventh Circuit Affirms Dismissal of Data Privacy Class Action on Article III Standing Grounds

Since the United States Supreme Court decided Spokeo, Inc. v. Robins in May 2016, lower courts have struggled to consistently determine whether a plaintiff has standing to sue in federal court, which, as the Spokeo court explained, “requires a concrete injury even in the context of a statutory violation.” That is, even when Congress has made something unlawful and authorized an award of statutory damages for the unlawful act, the mere violation of that law is not itself sufficient to confer standing to sue under Article III of the U.S. Constitution. But precisely what is required to demonstrate sufficient “injury” under Article III remains unclear after Spokeo, especially in the data-breach and data-privacy contexts. In Gubala v. Time Warner Cable, Inc., however, a unanimous Seventh Circuit decision, authored by Judge Posner, held that the defendant’s possible failure to comply with a requirement contained in the Cable Communications Policy Act (requiring the destruction of personally identifiable information (“PII”) if the information is no longer necessary for the purpose for which it was collected) did not afford the plaintiff Article III standing to sue for violation of the statute where his personal information was not released or disseminated in any way. The plaintiff...

The Power of New York’s Borrowing Statute

The Power of New York’s Borrowing Statute

On October 11, 2016, the Supreme Court of New York, Appellate Division, First Department, decided 2138747 Ontario, Inc. v. Samsung C&T Corp., et al., which serves as a reminder to attorneys that New York’s borrowing statute applies even where the parties agreed to a New York choice-of-law provision. The borrowing statute, CPLR 202, provides that, when a non-New York resident sues on a cause of action accruing outside New York, the complaint must be filed timely under the statute of limitations of both New York and the jurisdiction where the cause of action accrued. The statute’s underlying objective is to prevent forum shopping by nonresident plaintiffs. In Ontario, the plaintiff, a corporation formed under the law of Ontario, Canada, was a creditor of SkyPower Corporation, a bankrupt Canadian renewable energy developer. SkyPower’s bankruptcy trustee assigned to the plaintiff all of its claims against the defendants. The plaintiff then sought damages against the defendants for a breach of a nondisclosure and confidentiality agreement (NDA), which contained a broad New York choice-of-law provision. The plaintiff’s complaint was untimely under Ontario’s two-year statute of limitations but was timely under New York’s six-year statute of limitations. The trial court found that Ontario’s two-year statute...

California District Court Dismisses Facebook’s TCCWNA “Website Terms and Conditions” Lawsuit in Light of Valid Choice-of-Law Provision

California District Court Dismisses Facebook’s TCCWNA “Website Terms and Conditions” Lawsuit in Light of Valid Choice-of-Law Provision

New Jersey’s Truth-in-Consumer Contract, Warranty, and Notice Act (“TCCWNA”) ushered in a wave of class actions last year, targeting various provisions in retailers’ websites “terms and conditions.” Broadly speaking, the TCCWNA prohibits “consumer contracts” from containing language that violates any “clearly established legal right[s].” New Jersey courts have not been alone in adjudicating these cases, however, as a number of similar lawsuits have been brought in other jurisdictions, including California federal district courts. For example, on September 7, 2016, the Central District of California dismissed the complaint in Candelario v. Rip Curl, Inc. on standing grounds, holding that because the plaintiff’s “only connection to the Terms and Conditions appears to be her decision to read them” and because her complaint essentially alleged only “bare procedural violation[s]” of the TCCWNA – without more – she could not satisfy “the injury-in-fact requirement of Article III.” Even more recently, although on different grounds, the Northern District of California dismissed a “website terms and conditions” class action against Facebook. In Palomino v. Facebook, Inc., as in Candelario, the plaintiffs alleged that the social media company’s website terms and conditions violated the TCCWNA because of “provisions that purport to ‘1) disclaim liability for claims brought for...

NY Updates Cybersecurity Requirements for Financial Services Companies 0

NY Updates Cybersecurity Requirements for Financial Services Companies

On December 28, 2016, the New York Department of Financial Services (“DFS”) published an updated version of its proposed “Cybersecurity Requirements for Financial Services Companies.” The updated regulations will become effective on March 1, 2017. As previously reported, these regulations are an important step in the ongoing national dialogue about reasonable and necessary cybersecurity standards for all businesses.

New Jersey Appellate Division Holds Consumer Fraud Act Plaintiffs Can Recoup Attorneys’ Fees for Successfully Defending Against Counterclaims 0

New Jersey Appellate Division Holds Consumer Fraud Act Plaintiffs Can Recoup Attorneys’ Fees for Successfully Defending Against Counterclaims

In an issue of first impression, the New Jersey Appellate Division held in Garmeaux v. DNV Concepts, Inc. t/a The Bright Acre that a prevailing plaintiff in a Consumer Fraud Act (“CFA”) case is entitled to recover attorneys’ fees expended to defend an “inextricably intertwined” counterclaim. The to-be-published opinion also reaffirmed that New Jersey does not impose a strict proportionality requirement on attorney fee awards.