Litigation following a cyber incident or related to a data collection practice is a critical and increasingly common risk to impacted businesses. Clark Hill attorneys have successfully defended organizations in some of the largest privacy and data breach class actions in the country and brought affirmative litigation to recoup costs and damages related to technology disputes.
Our designated team leverages the experience of seasoned trial attorneys, privacy professionals, and in-house technologists to develop novel approaches to cyber, privacy, and technology litigation. Our strategy is balanced, blending cost-effectiveness with high-impact strategy, and we work with clients across industries to achieve business objectives and successful litigation outcomes.
Cyber Subrogation, Business Interruption, and Third-Party Claims
In cooperation with Clark Hill’s recognized Breach Response team, our litigators represent businesses and individuals in third-party claims that may follow a cyber-attack or data incident. We work with clients to preserve evidence and mitigate the risk of future claims, or to evaluate opportunities for third-party reimbursement of notification costs and other damages where the client was not the direct target of a cyber incident.
We have successfully obtained early resolution of third-party claims relating to breach of duty of care for failure to implement security controls, including encryption, and our litigators have experience with disputed forensic root cause analysis, and contractual defenses such as waiver, indemnification, and limitation clauses. We handle affirmative and defensive cyber subrogation claims in state courts throughout the United States and leverage in-house technology capabilities for cost-effective expert support where possible.
Data Breach Litigation and Regulatory Defense
Where a cyber incident requires reporting to individuals and regulators, the risk of a class action lawsuit or regulatory inquiry is significant. Our attorneys have successfully defended businesses in state and federal data breach class actions alleging failure to protect personal information, failure to comply with security standards (i.e., Payment Card Industry/Data Security Standard (PCI/DSS)), failure to timely notify, and breach of state reporting statutes, and have negotiated no-penalty resolutions with state and federal regulators.
Our attorneys are adept at handling all stages of class action data breach defense, including class discovery and certification. Our successful record includes obtaining dismissals of data breach class actions on Article III and state law standing grounds, litigating issues of risk of future harm and economic loss, and obtaining the denials of class certification.
Members of our team frequently work with regulators, including the Office of Civil Rights – United States Health & Human Services (OCR/HHS), State Attorneys General Officers, New York State Department of Financial Services (NYDFS), and the Federal Trade Commission (FTC), to respond to regulatory inquiries concerning a cyber incident, business data collection, or use practice. We have obtained no-penalty resolutions of regulatory inquiries and negotiated consent decrees or administrative orders for injunctive relief.
Privacy Torts and Consumer Class Actions
We defend business data collection and use practices in privacy lawsuits based on state and federal laws.
Our litigators have deep experience representing businesses and individuals in actions alleging data misuse, wrongful collection, and prohibited data sharing practices, including complaints brought under:
- California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA)
- Illinois Biometric Information Privacy Act (BIPA)
- Right to Publicity Acts (IRPA, MRPA)
- Preservation of Personal Privacy Act (PPPA)
- Video Rental Privacy Act (VRPA)
- Deceptive & Unfair Trade Practices Act
- Telephone Consumer Protection Act (TCPA)
- Fair Credit Reporting Act (FCRA)
Our litigators have handled novel, first-of-their-kind privacy tort claims, including cyberbullying claims, invasion of privacy, and pixel tracking and commercial surveillance claims. We have obtained individual settlements of putative class actions, dismissals, and grants of summary judgment for privacy claims.
Technology Disputes and Internet Claims
We represent clients in business disputes related to the use of technology, including migrating systems and services, performance failures, software disputes, and service interruptions. Our attorneys have a significant understanding of technology deployment and integration, and responsible, accountable, consulted, and informed (RACI) processes and management. We have litigated performance failures of some of the most complex software implementations and technology errors and omissions (E&O) claims.
Our internet claims work includes handling website takedowns and cease and desist demands, domain name disputes, copyright infringements, and internet defamation matters. We also have robust experience defending businesses against website accessibility lawsuits brought under the Americans with Disabilities Act (ADA), and work with clients on remedial efforts.
Our litigation team represents businesses across sectors, including healthcare, banking/financial, global manufacturing, consumer retail, technology providers/SaaS platforms, and others. We have extensive eDiscovery experience, including reconciling production obligations in U.S. lawsuits with applicable international processing restrictions.
Representative Cases
Cyber Subrogation and Data Breach:
- Successfully represented one of Florida’s largest medical groups in consolidated class actions in connection with ransomware attack alleging negligence, negligence per se, breach of express and implied contractual duties, unjust enrichment, invasion of privacy, conversion, and breach of fiduciary duty.
- In case of first impression, obtained complete dismissal of class action complaint in connection with ransomware incident in Oklahoma District Court.
- Represented health care provider, insurer, and consumer brands in defense of nationwide data breach class actions lawsuits alleging failure to safeguard regulated personal information.
- Obtained dismissal on Article III standing grounds of putative class action brought against medial service provider in Western District of New York.
- Represented law firm accounting and financial services company in claims brought by multiple parties in connection with ransomware attack. Achieved favorable settlements with all parties.
- Successfully resolved suit brought against managed IT service provider in Superior Court of California involving claims of fraud, negligent misrepresentation, fraudulent inducement and fraudulent suppression stemming from ransomware attack.
- Defended records management company and obtained favorable settlement in data breach matter involving patient medical records and seeking more than $5 million in damages.
- Represented law firm accounting and financial services company in claims brought by multiple parties in connection with ransomware attack. Achieved favorable settlements with all parties.
- Represented securities corporation in investigation in connection with New York’s first-in-the-nation cybersecurity regulation seeking significant civil monetary penalties.
- Counseled and defended multiple physicians and healthcare providers in data breach and invasion of privacy matters that involved unauthorized access/disclosure of patient records.
- Litigated, mediated, and successfully resolved subrogation matter on behalf of insurance company that was crippled as a result of cyber-attack on its back up provider.
- Settled one of the first ransomware class actions for thousands of potential class members prior to any significant discovery or class certification, saving hundreds of thousands of dollars for the clients in the process.
- Led litigation against vendor and managed public relations after client, a large online retailer with international clients, fell victim to malicious code installed on its website resulting in tens of thousands of individuals’ credit card data impacted.
Privacy and Consumer Claims:
- Represented App Developer in defense of first of its kind nationwide cyber-bulling class action brought by national federation.
- Represented data broker and website publisher in defense of putative multi-state class action alleging that contents of search results pages violated state right-of-publicity statutes (IRPA).
- Represent employer businesses in defense of biometric privacy (BIPA) and wrongful collection claims related to time keeping and access control devices.
- Defended clients in putative class actions for claims arising out of unwanted communications, including those brought under the TCPA, DNC and state telemarketing laws. Obtained early dismissal with prejudice of putative TCPA class action.
- Defended clients in putative class actions for claims arising out of website and mobile apps claiming that websites and mobile apps do not meet ADA website accessibility standards.
- Defended client in copyright infringement action claiming that e-commerce platform included the sale of infringing goods. Received a favorable result for client.
- Defended clients in cases alleging online posts, blogs, or chats constituted internet defamation. Received a favorable result for client.
- Represented timeclock manufacturers/distributors in BIPA litigation in Illinois state court. Successfully resolved matter for percentage of overall BIPA liability exposure and within coverage limits.
- Represented plasma company in a BIPA lawsuit commenced in federal district court. Resolved matter with more than 67,000 class members for less than the per person statutory penalty amount.
- Defended staffing company in a BIPA action and successfully negotiated settlement fund to include reverter provision and other cost-saving provisions.
Technology Disputes:
- Represented ecommerce retail client in lawsuit against vendor who failed to deliver specified ecommerce platform and overcharged, in breach of contract. Received a favorable result for client.
- Brought suit on behalf of ecommerce retailer against third-party vendor who did not live up to technology development standards. Received a favorable result for client.
- Represented business in dispute with e-commerce software platform implementer where implementer failed to develop to platform to its contractual obligations. Received a favorable result for client.
- Represented business victim of fraudulent wire transfer in dispute in recipient bank for allowing release of funds in violation of internal policies and banking regulations.
- Secured an injunction against a tech company to prevent them from holding client’s servers and data hostage for non-payment of invoices where the invoices were in dispute.