Skip to main content

Data & Privacy Litigation and Investigations

  • Represented a large automotive group in Massachusetts concerning an extortionate threat made by a former employee who had access to confidential customer information. We conducted an investigation in this cyber/privacy case regarding the client’s duty to disclose (or not disclose). After determining that no disclosure was required, the case resolved with a satisfactory result for our client.
  • Represented a leading food retailing group in connection with access to customers' credit card information from stores in Rhode Island. We worked with the FBI and Secret Service and handled regulatory notifications and customer interactions. We successfully avoided regulatory enforcement and litigation.
  • Represented a major American newspaper in the loss of hundreds of thousands of subscriber's personal information. We negotiated a multi-state and FTC resolution with no enforcement action and assisted in setting up call centers and preparing breach notices related to subscriber personal information. We avoided any state or federal regulatory and enforcement action against our client.
  • Represented a hospital in connection with a data breach involving loss of medical and financial records of approximately 850,000 patients, employees, doctors and staff. Defended hospital against federal and state regulatory enforcement actions, class actions and pursuit of affirmative litigation against companies responsible for loss of the data. Interacted with multiple state attorneys general offices, the HHS Office for Civil Rights, litigation in the aftermath, and managed review and updates to the hospital's risk assessment to ensure ongoing compliance with HIPAA and HITECH.
  • Represented a Fortune 100 company in a multi-state data breach and obtained a dismissal of purported class action claims in which credit card, debit card and check information was accessed by unauthorized computer hackers.
  • Represented a mobile app developer in a suit involving California's Cellular Communications Interception Act, California's Invasion of Privacy Act, the California Constitution, and a claim for Intrusion Upon Seclusion, in which Plaintiff alleged that an app acted as a tracking device. Succeeded on a Motion to Dismiss all claims.
  • Advised a multinational financial services corporation on certain complex aspects and implications of Massachusetts' data breach statute as applied to potential unauthorized intrusions into customer accounts where no evidence protected personal data was ex-filtrated.
  • Represented an international host/provider of e-commerce websites for multiple global retail merchants in connection with credit card company and payment card industry investigations of potential data breaches involving blunt force attacks and various hacker intrusions. We managed all aspects of companies' response, forensic investigation, remediation, crisis communications and collateral consequences.
Case Study
A Mintz attorney advised the publisher of a major American newspaper regarding a data breach involving 200,000 subscribers' personal information. Mintz helped the client set up call centers, notify subscribers, and negotiate a multistate and Federal Trade Commission resolution without enforcement actions.
Case Study
A Mintz attorney assisted a Fortune 500 company with a multistate investigation of a data breach involving credit, debit card, and check information. The client avoided government enforcement action and obtained complete dismissal of a class action. Mintz counseled the company on risk management and response.
Case Study
Mintz defended a major Massachusetts hospital against federal and state regulatory enforcement actions and class actions following a breach that affected 800,000 people. Mintz also litigated against companies responsible for the loss of data and managed risk assessments under HIPAA and HITECH.
Case Study
When data belonging to one of the client's large customers was exposed, Mintz helped the client develop a timely response and limit its exposure. The firm's Certified Privacy Professionals have helped companies manage data security incidents for over 15 years.