Skip Repeated Content

In just a few decades, the collection and sharing of consumer data has become an integral part of most businesses’ day–to-day operations, not simply those of technology companies. Established and emerging businesses rely on data collection and analysis to reach new customers, grow their existing customer base, and drive internal performance. Harnessing consumer data to drive innovation offers tremendous opportunity, but also entails significant risk. We invest in understanding our client’s business and the latest trends in data acquisition and utilization as we recognize the litigation risk that arises out of a rapidly changing legal landscape, as well as the data security threats from outside actors.

BCLP’s Data Privacy, TCPA & FCRA Litigation Team focuses on the ever-increasing litigation risk relating to data privacy and security, and works closely with BCLP’s global Data Privacy & Security Team to help companies mitigate their risk and limit their financial exposure We defend clients in all industries, including health care, financial services, retail, education, technology and information services, against data breach and consumer privacy class actions under state and federal law, as well as novel claims under biometric data collection laws, including Illinois’ Biometric Information Privacy Act (BIPA).

We also routinely litigate persistent legal issues involving the use of both traditional technologies, such as telephones and fax machines, and computer/internet technology, for credit reporting, marketing and debt collection under various state and federal statutes. We defend our clients against claims brought under the Telephone Consumer Protection Act (TCPA), Fair Credit Reporting Act (FCRA), CAN-SPAM Act, FTC Telemarketing Sales Rule, Fair Debt Collection Practices Act (FDCPA), and state-level “Do Not Call” and debt collection statutes.

Data privacy litigation is a constantly evolving landscape. We help our clients stay up to date on the latest statutory and regulatory requirements, advise clients regarding leading risk mitigation strategies from cyber-insurance to litigation finance, and monitor federal and state-level customer complaints for clients. This allows us to identify issues and potential exposure at the earliest possible stage. For example, we have a dedicated FCRA team that is deeply invested in understanding the industry, and as a result, we help our clients learn from litigation to improve their business process. We also have relationships with leading cyber-insurance brokers and litigation finance firms to help clients prepare for the inevitable and reduce litigation exposure.

Representative Experience

Data Privacy/Consumer Privacy

  • Defended putative class action lawsuit in Missouri alleging class members were injured after their personally identifiable information was purportedly exposed as part of a data security breach.
  • Defended putative class action alleging violations of the California Consumer Privacy Act (CCPA), the California Constitutional Right of Privacy and Unfair Competition Law in the collection of data concerning retail product returns.
  • Defended putative class action in the courts of North Carolina and Wisconsin alleging violations of state unfair practices laws and common law in connection with data breach resulting from criminal hacking of payment card data.
  • Defended putative class action alleging violations of the California Medical Information Act, the Unfair Competition Law and the data breach notification law in connection with ransomware attack on data hosting provider.
  • Defended putative class action in California alleging improper collection of consumer data by use of product registration form in violation of Song-Beverly Consumer Warranty Act, Consumer Legal Remedies Act and Unfair Competition Law.
  • Defended putative class action lawsuit alleging improper collection and use of personal information in violation of privacy policy, held in Circuit Court, Pope County, Arkansas, and removed to U.S. District Court.
  • Obtained settlement prior to class certification of a complaint in San Francisco Superior Court against an American chain of luxury department stores alleging violation of the Song-Beverly Credit Card Act, a California statute prohibiting the collection of personal information in connection with credit card transactions.
  • Obtained order denying motion for class certification and settled individual action related to a complaint in California alleging improper disclosure of PII in violation of the Fair and Accurate Transactions Act.
  • Obtained dismissal of a class action lawsuit complaint in San Francisco Superior Court alleging violations of California Civil Code sect. 1747.08, Invasion of Privacy and Unlawful Intrusion related to personal information collected by cashiers at point of sale.
  • Defended class action involving claims for violation of a California statute prohibiting merchants from requesting personal identification information in connection with credit card transactions. Settled on terms advantageous to the client.
  • Defended class action complaint in California alleging violation of statute prohibiting the collection of personal information in connection with credit card transactions. Settled prior to class certification.
  • Defended retailer against class action in California alleging improper collection of PII at point of sale. Settled on terms favorable to client.
  • Defended class action in Oklahoma alleging that an American tax preparation company improperly disclosed plaintiff’s Social Security number, thereby breaching the privacy policy stating that it protects personal information. Dismissed for lack of personal jurisdiction.
  • Defended a statewide putative class of several million individuals based on alleged violations of the federal Driver’s Privacy Protection Act, held in Florida. Obtained dismissal for client and case proceeded against remaining defendants.

Telephone Consumer Protection Act (TCPA)

  • Represented an American media conglomerate as defendant in a class action lawsuit alleging breach of contract, violations of the TCPA and violations of Illinois Prizes and Gift Act related to prize text message marketing practices.
  • Represented a health care apparel retailer in a class action lawsuit alleging violations of the TCPA and the Illinois Consumer Fraud Act related to unsolicited advertisements sent via telephone facsimile machines.
  • Defended internet media client in class action in California alleging that SMS messages violated the TCPA.
  • Defended multiple clients in different industries in TPCA class actions in Illinois alleging that unsolicited advertisements were sent via facsimile.
  • Represented publishing company defendant in class action in Missouri alleging defendant violated TCPA relative to advertising of goods or services offered.
  • Represented client in challenge in Illinois to SMS messages regarding gift cards.
  • Defended client in Missouri against class action alleging fax messages violated the TCPA.
  • Defended retailer in Missouri against claims that pre-recorded calls violated the TCPA.
  • Defended client in Florida against putative class action alleging that calls to debtor references violated the TCPA.

Fair Credit Reporting Act (FCRA)

  • Represented one of the largest mortgage servicers in the United States as defendant in connection with a class action lawsuit alleging FCRA violations, unlawful trespass and violations of the Kansas Consumer Protection Act.
  • Defended client in a Maryland class action litigation alleging FCRA violations.
  • Obtained dismissal of a class action lawsuit on behalf of a leading non-bank mortgage servicing company and its subsidiaries in claims for violation of the Fair Credit Reporting Act, as well as California’s Consumer Credit Reporting Agencies Act and Unfair Competition Law.

Biometric and Facial Recognition (BIPA)

  • Defended multiple clients against class actions alleging that they required employees and contractors to provide fingerprints for clocking in and out of work without obtaining a written release or providing required notice as to how their data is stored or destroyed, in violation of Illinois Biometric Information Privacy Act.
  • Defended client against class action in California alleging that defendant required employees and contractors to provide fingerprints for clocking in and out of work without obtaining a written release or providing required notice as to how their data is stored or destroyed, in violation of Illinois Biometric Information Privacy Act.