Hidden Danger in PA
In McPeak v. Direct Outdoor Products, LLC, 2022 WL 4369966 (E.D. Pa. Sept. 20, 2022), plaintiffs brought a personal injury action against defendants after plaintiff fell twenty feet to the ground when the steel cables attached to defendants’ hunting tree stand broke beneath him. The occurring corrosion of the cables was obstructed by the black polymer coating on the entire exterior of the cable.
The Court found that plaintiffs’ design defect claim survived the consumer expectation test because a factfinder could find that the dangers of the corroded cables breaking were unknowable or unacceptable to the average ordinary consumer, considering the product’s design allowed corrosion to be hidden by the product’s opaque coating. The Court added that the consumer expectation test also does not require proof of an alternate design.
This case stands for the proposition that manufacturers of products must consider feasible solutions like prominent warnings or utilizing anti-corrosive materials to protect their products.
Thanks to Sarah Polacek for her contribution to this post. Please contact Heather Aquino with any questions.
Read MoreTechnology Is Evolving – Data Privacy Laws Are Finally Catching Up
On June 21, 2022, the American Data Privacy and Protection Act (ADPPA) was released by the House Committee on Energy and Commerce. The purpose of the Act is to instill uniformity among members of the privacy community and those impacted by privacy legislation. Because states have enacted their own privacy laws, uniformity among multi-state sectors is long overdue. The Act is the first bipartisan, and bicameral comprehensive privacy and data security proposal. Further, the practical purpose of the bill is as follows: (1) provide consumers with foundational privacy rights – such as requiring affirmative consent to allow companies to share sensitive and private information; (2) create oversight mechanisms to ensure data is properly stored and protected; and (3) to establish meaningful enforcement. While this is not a complete list, this legislation proposes pivotal changes in the following areas: (1) protecting the rights of children and minors by monitoring marketing directed at minors; (2) requiring the Federal Trade Commission to establish a publicly available central registry of data brokers whose principal source of revenue is derived from processing protected data; (3) requiring all non-exempt entities to appoint a Chief Privacy Officer subject to annual executive certifications and biennial audits; and (4) establishing a uniform standard of industry-based terminology such as “sensitive data”. It is no secret that technology evolves faster than legislators create laws, however the American Data Privacy and Protection Act is well overdue to protect consumers, as well as entities, from unfair and invasive data collection practices. Thanks to Paige Baldwin for her contribution to this article. Should you have any questions, please contact Matthew Care.Read MoreData Extraction From LinkedIn, Which Includes Profile Information Permitted
Data analytics companies have the ability to extract data from social media platforms despite the claims from the social media companies that the data collected violated federal hacking laws.
In a recent decision of HiQ Labs, Inc. v. LinkedIn Corporation, the U.S. Court of Appeals for the Ninth Circuit reaffirmed that data analytics company HiQ Labs Inc. has the ability to scrape publicly available data from LinkedIn’s platform despite LinkedIn’s claim that the data collected violated federal hacking laws.
HiQ Labs Inc., founded in 2012, scraped information from public LinkedIn profiles, such as name, job title, work history and skills, then the company combined the collected data with a proprietary predictive algorithm to yield “people analytics,” in order to sell data to its business clients. LinkedIn asserted that HiQ’s abstracting information from public LinkedIn profiles violated LinkedIn’s user agreement, state & federal law- Computer Fraud and Abuse Act (CFAA), the Digital Millennium Copyright Act, California Penal Code §502(c), and the California common law of trespass.
The Ninth Circuit panel stated that CFAA forbids access to a “protected computer” without authorization and public LinkedIn profiles are considered a “computer.” Thus, access to public profiles on LinkedIn are open to the general public and permission is not required.
Thanks to Marium Sulaiman for her contribution to this article. Should you have any questions, please contact Thomas Bracken.
Read MoreGoogle Maps Admitted Into Evidence To Challenge Service Of Process (NY)
Google Maps is often used to get an idea of what a particular piece of property looks like or, for more utility, to gauge the distance between two locations. With respect to the latter, the Civil Court of the City of New York, Bronx County recently took judicial notice, over objection, of information contained in two Google Maps printouts submitted as evidence in a traverse hearing.
In 2437 Valentine Assocs. v. Valverde, et al, 70 Misc. 3d 1216(A) (Civ. Ct. 2021), the defendants moved to vacate a default judgment entered against them in an action for breach of lease. The defendants argued that the Court did not have personal jurisdiction over them, as they were not served with process. The Court set the matter down for a traverse hearing.
The only witness for the plaintiff was the process server. During direct and cross examination, he was questioned about entries made in his logbook which raised questions regarding whether he actually served process at the times and locations alleged. The Court, in its decision, indicated that the process server was simply not credible. Part of that determination was made by using, among other things, exhibits admitted into evidence containing two Google Maps printouts. The Court took judicial notice of only that portion of the maps that indicated the distances between the addresses contained in the process server’s logbook, one being the defendants’ address. Based on that evidence, the Court found that the alleged times of service at those various locations were not credible given the distances between them.
In a footnote, the Court stated, “It is well established that a court can take judicial notice ‘of common and general knowledge, well established and authoritatively settled, not doubtful or uncertain.’” (citing Carter v. Metro N. Assoc., 255 A.D.2d 251, 251 (1st Dep’t 1996)). Continuing, the Court went on to state, “it is well settled that Google Maps accurately depicts distances and locations of nearly everything in the United States.” The Court also observed that “In 2020, Google Maps was used by over 1 billion people every month.”
The Google Maps evidence in that case was admitted into evidence for only a limited purpose. With the proper foundation and authentication, we may see more widespread evidentiary uses of Google Maps moving forward.
Thank you to John Diffley for his contribution to this post. Please e-mail John with any questions.
Read MoreWCM Article on Data Privacy Published in DRI’s “For the Defense”
This past week, For the Defense, a publication of the Defense Research Institute, published What To Expect When You’re Not Expecting a Data Breach written by Brian Gibbons and Lauren Berenbaum. In the digital age, law firms need to be every more mindful of their status as data collectors, and their responsibility to protect the data that maintain. Especially in the “paperless” world that we are trending toward, the protection of PII is a challenge. Law firms – and our clients – need to implement safeguards to protect against potential breaches. No safeguard is full proof, but we need to take reasonable measures. The article outlines recent legislation in Europe and throughout the United States, which will lacks comprehensive federal legislation regarding data privacy. For any attorneys who are (reasonably) intimidated by the cyber-security world, this article offers some guidance on self-protection, which is essential for defense firms who want to adhere to our clients’ guidelines. If you have questions about WCM’s data privacy and cyber-security practice, please email me.Read MoreNew Connecticut Law Provides Tort Protections For Cyber-Savvy Businesses (CT)
On July 6, 2021, Connecticut Governor Ned Lamont signed into law a bill designed to incentivize Connecticut businesses to implement stronger cybersecurity practices to combat the rise in cyber and ransomware attacks. In doing so, the state becomes only one of three states, the others being Ohio and Utah, to adopt an incentive-based approach for businesses to improve cybersecurity best practices. The new law, which will become effective on October 1, 2021, gives statutory protection from punitive damages claims brought under Connecticut law in Connecticut state court to those companies who enact reasonable cybersecurity controls. This includes the adoption of a formal written cybersecurity program that contains “administrative, technical and physical safeguards for the protection of personal or restricted information.” The program must also conform to certain cybersecurity standards set forth in the statute, including those established by the National Institute of Standards and Technology (NIST) and the Payment Card Industry (PCI) Security Standards Council, as well as any applicable regulations relevant to the business (e.g., HIPAA or FISMA). Connecticut businesses which do not have strong cybersecurity protocols in place should strongly consider complying with the new law to avoid potential punitive damages exposure from future cyber losses.
Thanks to Andrew Gibbs for his contribution to this post. Please email Georgia Coats with any questions.
Read More2nd Circuit Clarifies Article III Standing Based on “Increased Risk” of Identity Theft (NY)
Earlier this week, the Second Circuit issued a significant ruling with respect to the unauthorized disclosure of sensitive personal identifiable information (“PII”). Federal circuits have been split with respect to whether an increased risk of identity theft following a data breach, without proof of actual harm, is sufficient to confer Article III standing. The decision in McMorris v. Lopez & Assoc., officially clarifies the issue for the Second Circuit.
Plaintiff-appellant Devonne McMorris commenced a class action lawsuit against defendant-appellees Carlos Lopez & Associates, LLC (“CLA”) in response to an email that a CLA employee inadvertently sent to all of CLA’s employees. This email contained the sensitive PII – i.e., Social Security numbers, home addresses, dates of birth, phone numbers, dates of hire and educational degrees – of about 130 former and current CLA workers, including McMorris. After discovering the breach, CLA emailed its current employees, but did not contact any former employees regarding the inadvertent disclosure or take any other corrective action.
Plaintiffs asserted state law claims of negligence, negligence per se, as well as statutory consumer protection violations on behalf of classes in California, Florida, Texas, Maine, New Jersey and New York. The plaintiffs also claimed CLA “breached its duty to protect and safeguard [their] personal information and to take reasonable steps to contain the damage caused where such information was compromised.” Due to the PII disclosure, plaintiffs asserted they faced an imminent risk of identify theft and becoming victims of “unknown but certainly impending future crimes.” In response to the complaint, CLA moved to dismiss for, inter alia, lack of Article III standing. The United States District Court for the Southern District of New York agreed with CLA and dismissed McMorris’ claims for lack of subject-matter jurisdiction as McMorris failed to allege an injury-in-fact sufficient to confer Article III standing.
McMorris appealed to the 2nd Circuit, asserting that the increased risk of identity theft confers Article III standing. The Second Circuit focused on whether the plaintiffs sufficiently alleged concrete, particularized, and actual or imminent injury. The Court considered three non-exhaustive factors: (1) whether the data at issue was comprised as a result of a targeted attack intended to obtain the plaintiffs’ data; (2) whether the plaintiffs could show some misuse of their compromised data, even if the plaintiffs have not yet experienced theft or fraud; and (3) whether the type of disclosed data subjects plaintiffs to a perpetual risk of identity theft or fraud.
While the Second Circuit recognized the information CLA divulged renders plaintiffs more exposed to future identity theft or fraud, plaintiffs failed to establish “imminent injury.” In addition, the Second Circuit determined the plaintiffs had no standing because they failed to show their PII was subject to a targeted data breach, or that any entity misused their PII.
This decision is significant. Although the Court agreed with the district court’s holding that McMorris failed to establish an injury in fact, the Court held that Article III injury in fact standing only requires proof of a substantial risk of future identity theft or fraud. A substantial risk may be sufficient to establish Article III standing, even if the plaintiff has not been a victim of identity theft or fraud. The 2nd Circuit’s thorough decision gives insight to future litigants regarding the required legal standard in this jurisdiction.
Thanks to Lauren Berenbaum for her contribution to this post. Please email Brian Gibbons with any questions about the ruling, or WCM’s data privacy and cyber-liability practice.
Read MoreDiscoverability of Litigation Funding Information (NY)
Coronado v. Veolia N. Am. Inc., No. 450319/2019 (NY Cty. Sup. Ct. Apr. 5, 2021) is a personal injury case, wherein Plaintiff alleges she was entering an Access-A-Ride when another vehicle collided with it, thereby causing her to fall and sustain injuries. Plaintiff brought suit against the driver of the colliding vehicle and other parties.
The motion before the court involved a discovery dispute, primarily whether Plaintiff was required to respond to Defendant’s demand for disclosure of certain lien/loan information. Defendant moved to strike the complaint, or alternatively, an order precluding Plaintiff from offering such evidence at trial or compelling discovery responses. Defendant’s position was that all defendants are entitled to know the identity of all entities that have or intend to assert a medical lien on any recovery by Plaintiff, and that to the extent any medical provider’s services to Plaintiff are subject to a loan whose collection is contingent on success of the instant action, defendants should be allowed to discover such liens or loans for the purposes of challenging the medical provider’s credibility as to causation and the reasonableness of claimed medical expenses. In opposition, Plaintiff argued that such litigation funding information is not discoverable, pursuant to the jurisprudence of New York trial courts that have addressed this issue. Notably, however, the Appellate Division has yet to rule on either the discoverability or admissibility of such information.
CPLR §3101(a) provides that there shall be “full disclosure of all matter material and necessary in the prosecution or defense of an action.” Notwithstanding the broad disclosure rule, however, trial courts have “wide discretion” in determining what is “material and necessary.” Here, the Coronado court agreed with trial court precedence and concluded the litigation funding in question was not the subject of Plaintiff’s damages claim, was not a collateral source pursuant to CPLR § 4545, and thus was not material or necessary to the defense of the action. Thus, the Coronado defendants were not entitled to the discovery of the subject litigation funding information, including such information being provided by Plaintiff’s treating physicians.
The main takeaways from Coronado are twofold: (1) trial courts retain broad discretion in resolving discovery disputes and the scope of discoverable information, pursuant to CPLR § 3101(a); and (2) until the Appellate Division addresses the admissibility and discoverability of litigation funding information, the trend in New York County trial courts is that such information is not material and necessary to a party’s defense – and thus, undiscoverable. Should this issue arise, and you believe certain litigation funding information is material and necessary to your client’s defense, it may be wise to advise the client that a discovery motion may be unsuccessful and appellate review will ultimately follow.
Thanks to John Amato for his contribution to this post. If you have any questions or comments, please contact Colleen Hayes.
Read MorePennsylvania Supreme Court Upends Consumer Protection Laws, Now Sharply Favoring Plaintiffs (PA)
The Pennsylvania Supreme Court recently overturned decades of established law in the consumer protection area, resulting in increased exposure to defendants in consumer transactions. The 4-3 decision in Gregg v. Ameriprise Financial, Inc. overturned decades of precedent which formerly required a plaintiff to show the state of mind of the actor with respect to a false or misleading representation. Specifically, the Pennsylvania Supreme Court authoritatively opined upon Pennsylvania’s Unfair Trade Practices and Consumer Protection Law (“CPL”). The CPL is a “valuable” claim as it allows for treble damages as well as attorneys fees.
At issue here is the “catch-all” provision, 73 P.S. § 201-2(4)(xxi). This section, prohibits anyone who advertises, sells, or distributes good or services from “[e]ngaging in any . . . fraudulent or deceptive conduct which creates a likelihood of confusion or misunderstanding” during a transaction. Prior to this decision, Pennsylvania required a showing of common law fraud or proof of the actor’s state of mind (e.g., an intent to deceive). See, e.g., Hammer v. Nikol, 659 A.2d 617, 619 (Pa. Cmwlth. 1995) (“To be actionable under the catchall provision, however, the ‘confusion or misunderstanding’ created must be fraudulent.”). Pennsylvania no longer requires any showing of duplicitous intent and instead has made a violation of the CPL a strict liability statute. The Pennsylvania Supreme Court approvingly cited the intermediate appellate court indicating that strict liability was the appropriate standard for CPL cases:
“[A]ny deceptive conduct, ‘which creates a likelihood of confusion or of misunderstanding,’ is actionable under 73 P.S. § 201-2(4)(xxi), whether committed intentionally (as in a fraudulent misrepresentation), carelessly (as in a negligent misrepresentation), or with the utmost care (as in strict liability). Whether a vendor’s ‘conduct has the tendency or capacity to deceive . . . is a lesser, more relaxed standard than that for fraud or negligent misrepresentation.’ TAP, 36 A.3d at 1253. The only thing more relaxed than negligence––regarding a consumer’s burden of proof––is strict liability.” Gregg, 195 A.3d at 939.
The Gregg Court further stated that “strict liability for such violations is consistent with the legislative mandate to eradicate the use of unfair and deceptive conduct.” To emphasize the increased liability and exposure, in Gregg, the jury returned a defense verdict on the fraud, misrepresentation and negligent misrepresentation claims, but the Judge ruled in favor of the plaintiff on the CPL claim, despite the fact the jury determined that no intent to deceive or confuse was present in the commercial transaction.
Defendants and their insurers should be aware of this new case law and be prepared to defend the CPL under a strict liability regime.
Thanks to Matt Care for his contribution to this post. If you have any questions or comments, please contact Colleen Hayes.
Read MoreNew Jersey Opens Door to Treble Damages in Products Claims (NJ)
New Jersey’s Supreme Court troublingly opened the door to avaricious plaintiffs, potentially allowing plaintiffs to simultaneously allege product liability actions and actions under the Consumer Fraud Act. The Consumer Fraud Act allows for the potential of treble damages, attorneys fees, and costs to successful plaintiffs. Until recently, the Product Liability Act, which governs the strict product liability regime in New Jersey, subsumed almost every cause of action into a products claim, if the thrust of the claim was that of a defective product or warning.
In Sun Chemical Corp. v. Fike Corp., 243 N.J. 319 (2020), a fire occurred that resulted in property damage and bodily injury. Relevant here, Sun had purchased a fire suppression system, and alleged that the fire suppression system manufacturer materially misrepresented that the “(1) the Suppression System would prevent explosions; (2) the Suppression System would have an audible alarm; (3) the Suppression System complied with industry standards; and (4) the System had never failed.” The Consumer Fraud Act broadly prohibits deceptive or misleading conduct or practices, including in the sale of goods. Typically, the CFA prohibits material misrepresentations or omissions. However, as relevant here, the CFA typically “punishes” express or affirmative misrepresentations more so than omissions or unintended deceptive conduct. Sun alleged affirmative and express material misrepresentations under the CFA.
The New Jersey Supreme Court declared that the more serious “sins” of material affirmative and express material misrepresentations under the CFA were not subsumed under the PLA. Therefore, plaintiffs can now allege simultaneous product liability cases and violations of the CFA.
Accordingly, we expect plaintiffs to allege CFA claims pursuant to written or verbal warranties, warnings, and representations, in order to obtain leverage with respect to the treble damages and attorneys fees under the CFA going forward.
Thanks to Matt Care for his contribution to this post. If you have any questions or comments, please contact Colleen Hayes.
Read More