Recent class action lawsuits against MAPCO Express, a convenience store chain, and Schnuck Markets, Inc., a St. Louis-based grocery store chain, illustrate a growing trend in lawsuits against retailers for failure to adequately protect consumer credit card information. In the case of MAPCO Express, according to a press release issued by the company on May 6, 2013, hackers used malware to access its payment card processing systems throughout periods in March and April, 2013. All 377 of the MAPCO Express convenience stores are said to have possibly been affected. Three class action suits were commenced in the wake of the security breach, alleging millions in damages. Schnuck Markets is also in litigation as a result of its network being attached by a computer code designed to secure payment card details. These lawsuits were brought on behalf of consumers but it is expected that banks may soon join the mix as well to recover the substantial costs in remedying fraudulent transactions for their customers. Banks feel retailers are not doing enough to protect cardholder information, according to one recent blog post found on BankSecurityInfo.com. (http://www.bankinfosecurity.com/interviews/more-litigation-against-retailers-expected-i-2009 ).
The industry standard for data security appears to be the Payment Card Industry Data Security Standard (“PCI”) set forth by the Security Standards Council. According to the Security Standards Council’s website, the PCI provides a framework for creating a data security process to prevent and detect incidents. In order to participate in the PCI program, the Security Standards Council requires a fee of $3,500, which gets you the minimum participation. The fees only increase from there, quickly totaling in the tens of thousands for added certifications and encryption programs.
For more information about the PCI and the Security Standards Council go tohttp://www.pcisecuritystandards.org.
For information regarding the MAPCO Express or Schnuck’s Market lawsuits, visit:
Perez & Morris welcomes Julian Heinrich to its Columbus office. Julian comes to P&M with extensive experience relating to leases, contracts, shopping center law, landlord-tenant law, and real estate among other things. See Julian’s full bio under the “attorneys” tab.
In a case against JCPenney pending in federal District Court in Pennsylvania, the court ruled that retailer telephone systems that have the ability to automatically dial and send text messages violate the Telephone Consumer Protection Act (the “Act”). The Act prohibits the use of telephone systems that use automated dialers to randomly dial telephone numbers, except for emergency purposes. U.S. District Judge Irma E. Gonzalez opining that the Act states an automatic telephone dialing system “need not actually store, produce or call randomly or sequentially generated telephone numbers. It need only have the capacity to do it.” This decision stands to expose retailers to potential liability if their telephone equipment has thecapacity to randomly or sequentially dial telephone numbers, regardless of whether such a feature is actually used. In this case, the customer actually gave her cell phone number to JCPenney and agreed to be contacted by JCPenney at that number. Still, the court allowed the case to survive JCPenney’s motion to dismiss based on the Act.
Other retailers like Papa Johns and WalMart has been similarly subjected to litigation surrounding their use of customer telephone numbers, however, in those cases the issue was whether the customer gave knowing consent to the use of his or her telephone number and whether that consent extended to text messages; not whether their telephone systems violated the Act.
For more information, visit:
The Massachusetts Supreme Court recently determined customer zip codes are “personal identification information” and that retailers are prohibited from collecting this information during credit card transactions. Retailers collecting customer zip codes and selling the information or using the information to send unsolicited marketing materials are particularly vulnerable. The class action lawsuit before the Massachusetts Supreme Court was against Michaels Stores, Inc. (“Michaels”). The plaintiff (and other class members) alleged Michaels used her name and zip code to find her address and telephone number and sent unsolicited marketing materials. Massachusetts law prohibits retailers from collecting any “personal identification information” in credit card transactions beyond that which is required by the credit card issuer. (See Massachusetts General Laws Ch. 93, Sec. 105(a)). The court found that the purpose of the law is to protect against invasion into consumer privacy by merchants and operates to bar retailers from collecting personal identification information, which now includes zip codes.
This decision has already led to lawsuits against Williams Sonoma and Restoration Hardware in Massachusetts. The Supreme Court of California similarly held in 2011 that retailers are barred from collecting customer zip codes in credit card transactions. For more information about California’s law visit:http://articles.latimes.com/2011/feb/11/business/la-fi-0211-privacy-20110211.
Plaintiff filed a slip and fall action against a hospital and housekeeping contractor and allegedly suffered serious injuries.
The hospital claims that plaintiff’s public Facebook page contained post-incident pictures undermining the seriousness of her injuries. Plaintiff contended the pictures were taken before the incident.
The Pennsylvania state court ordered that a “neutral expert” download and review plaintiff’s private Facebook account for a 17-day period after the alleged fall to determine whether the pictures or other evidence shed light on the seriousness of the injury. Defendants had to pay the expert.
This approach is similar to an in camera inspection that is typically employed by judges. But it is a good, balanced approach to allow discovery while protecting a party’s confidences.