Archive for June, 2008

Hannaford Suits Centralized in Federal District Court in Maine

Wednesday, June 25th, 2008

As of early June, at least 24 civil cases had been filed against Hannaford, in states as diverse as Florida, Pennsylvania and Maine. On June 9th the Judicial Panel on Multidistrict Litigation “centralized” these cases (and any that might be filed later) in the Federal District Court for the District of Maine. In theory, this will simplify pre-trial proceedings: discovery will take place under the oversight of one judge, and will be consolidated to avoid duplication. The cases will then be sent back to their courts of origin for trial, at least in theory. In practice, it rarely works out that way, and the “pretrial” court ends up resolving the case, either through settlements, summary judgment rulings, or rulings on class certification.

Following on the heels of last year’s settlements in the TJX litigation, this is the case to watch as this area of law evolves. Hannaford is the second “mega” security breach in the United States (there have been hundreds of relatively minor breaches), and we can expect substantial legal and judicial resources to go into this litigation.

The Hannaford breach was announced on Monday, March 17, 2008, but at least a couple of law firms let no grass grow under their feet. The first lawsuit was filed in Maine two days later. A copy of the complaint is below.

Doherty v HannafordUpload a Document to Scribd
Read this document on Scribd: Doherty v Hannaford

Posted in News | No Comments »

Welcome to DataSecurityLegal.org

Tuesday, June 24th, 2008
Today, it is the rare business that does not keep private and personal information of some sort about others. Companies are regularly entrusted with maintaining the confidentiality of customers’ banking and credit account information, employees’ social security numbers, patients’ health information, and myriad other categories of personal data. Often, that information is stored electronically. Frequently, it resides on equipment connected to the Internet.When sensitive personal data is lost or exposed, an immediate response is required. Deciding what to do next can be daunting. There is no unified federal law covering this issue; individual states are left to address it themselves. To date, 39 states, the District of Columbia and Puerto Rico each have their own statute specifically imposing obligations on organizations that have suffered a data security breach. And each one is different. Since most breaches involve data from multiple jurisdictions, numerous inconsistent laws are often at issue. In addition, a data security breach also presents unique technical and public relations challenges.This site is intended as a resource for businesses and the people who represent them, to give them insight into this complex and developing area. The site is sponsored by Gesmer Updegrove LLP, a law firm that has represented clients on intellectual property, privacy and technology matters since before the birth of the Internet. It has advised clients who have suffered data security breaches, and counseled others about preventing them. Among the firm’s clients is the Payment Card Industry (PCI) Security Standards Council, the organization responsible for establishing data security standards for the credit card industry.

We hope to provide you with a lawyer’s-eye-view of data security, but this web site should not be confused with legal advice. Particuarly in an area as complex and evolving as this, you should consult with a qualified legal professional before making any decisions about minimizing risk and exposure before a breach, or addressing legal responsibilities and liability afterwards. Should you wish to reach an attorney at Gesmer Updegrove LLP for assistance, you can find contact information here.

Tags: , ,
Posted in News | No Comments »