ZeroPoint Risk Research, LLC

John Graham, an assistant vice president and senior technology specialist with the Chubb Group of Insurance Companies, is one of a series of guest posters on the ZeroPoint blog.


We’ve all seen the news reports about the latest data breach and the ensuing class action litigation. But a new trend is emerging. There are a growing number of class action lawsuits for violation of privacy due to how businesses use or collect data.

These class action lawsuits include allegations such as failure to abide by promises made in a privacy statement, failure to honor a consumer’s choice about data usage/collection or failure to provide enough clarity around a company’s data practices.

I like to think that we can all learn from others’ mistakes. Here are a few areas that may have tripped up some companies in the recent past, making them a potential class action target:

1)    First adopters of the newest web marketing technology.

Web commerce is fertile ground for developing new ways of tracking and acquiring customers, and new methods to do so have emerged at a fast pace. When you’re on the cutting edge of a new marketing method, the rewards can be high but the risk can be high as well. Often the legal and privacy consequences are not fully imagined nor adequately anticipated.

2)    Reliance upon third party developers without adequate oversight.

In the past year, much has been written about how some Web marketing providers were using “persistent cookies” or “flash cookies” in the software code they gave to their customers. These are cookies that “come back to life” after the consumer has deleted them. In many cases, some large corporations that hired these marketing providers were not even aware that these types of cookies were being used on their own websites, violating their privacy policies.

 3)    Data collection or usage practices that invite scrutiny & publicity because they seem unusual.

This is related to the two points mentioned above. Whether it’s a newspaper story or a complaint that gains the attention of the FTC or a member of Congress, any type of adverse publicity about data practices can potentially invite litigation when it appears to violate someone’s privacy.

It behooves businesses to tread carefully in the area of privacy. When in doubt, seek the advice of an expert, such as your attorney or a risk management professional.

One Response to “Don’t Become Another Privacy Class Action Statistic”

  1. Ellen


    I think you did a fine job of identifying and analyzing the trending in Privacy class action suits. I think one solution of many would be a complete risk assessment of new products before they are rolled out to customers and/or employees. This way the possible risks are raised in advance and mitigated through contracting liability, amending the Privacy Policy or actual tweaks to the product by the developer.

    Thanks for this interesting piece to consider.

Leave a Reply

Proudly powered by WordPress. Theme developed with WordPress Theme Generator.
Copyright © ZeroPoint Risk Research, LLC. All rights reserved.