Privacy Class Action Defense


From automatic dialing, text messaging, and call recording, to biometrics, data collection and sharing, consumer class actions are on the rise in any industry that interfaces with consumers and collects and handles consumer data for business purposes.

Heightened concern regarding compliance and liability in consumer data handling and communications has led to an increased demand for experienced defense attorneys with a proven track record of swift resolution and across-the-board victories on complex and novel issues in an ever-changing legal landscape.

To this end, Blank Rome maintains a dedicated Privacy Class Action Defense team comprising a deep bench of experienced litigators and privacy and marketing attorneys. We are frequently retained to litigate high-exposure, “bet-the-company” class action litigation and have a track record of achieving superior results for our clients in even the most demanding cases.

Led by several seasoned privacy litigators with well over a decade of experience in the field, our Privacy Class Action Defense team achieves results through leveraging their reputation and relationships in the field, and implementing novel strategies uniquely tailored to each case and client. We focus on early factual investigation, negotiation and dismissal, summary judgment (without class discovery), defeating class certification at the earliest practicable time, and leveraging favorable settlements that make business sense and ward off future claims. We also work with our clients to structure business practices that reduce risk without affecting the bottom line.

Winning in and out of court is our fundamental priority. With 13 U.S.-based offices, we defend clients in state and federal courts across the nation against claims alleging violations of federal and state consumer privacy, publicity, and communications laws, as well as related and ancillary claims such as false advertising and fraud. Our interdisciplinary approach—combined with our regulatory knowledge and strong relationships with various federal agencies, attorneys’ general offices, privacy consultants and experts, class action administrators, plaintiffs’ counsel, and the courts—has led to national recognition of the comprehensive service we provide to our clients.

How We Can Help

Our Privacy Class Action Defense team has decades of experience defending a wide assortment of consumer-facing businesses in multi-district, nationwide state and federal lawsuits alleging violation of various consumer protection laws such as:

  • Illinois Biometric Information Privacy Act (“BIPA”)
  • Video Privacy Protection Act (“VPPA”)
  • Telephone Consumer Protection Act (“TCPA”)
  • Florida Telephone Solicitation Act (“FTSA”)
  • California Invasion of Privacy Act (“CIPA”)
  • California Consumer Privacy Act of 2018 (“CCPA”)
  • California Confidentiality of Medical Information Act (“CMIA”)
  • Fair and Accurate Credit Transactions Act (“FACTA”)
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM”) 

Consumer Protection Claims

Privacy class actions arising under states’ consumer protection laws have been one of the hottest areas of class litigation. In the last decade alone, consumer protection privacy class actions have nearly tripled.

Data Privacy & Cybersecurity

Consumer data has become the world’s most valuable resource. Commonly referred to as the “new oil”—such data provides tremendous benefits to companies of all shapes and sizes. Data is a central tool and powers many of the businesses that drive the world economy. At the same time, companies utilizing consumer data in their business operations or storing sensitive information in the cloud subject to ransomware have become a prime target for class action lawsuits.

Blank Rome’s Privacy Class Action Defense team is skilled in representing and defending companies that handle data in an ever-increasing legal landscape. This includes suits stemming from alleged improper use/disclosure of personal data, as well as litigation that inevitably follows a data breach. In addition, our team also has experience in litigating class actions brought under industry-specific laws that include a data privacy or data security component. Among the industries in which we excel:

  • Retail, E-Commerce, and Consumer Goods
  • Software and Technology
  • Healthcare
  • Human Resources
  • Finance and Banking
  • Sports and Media
  • Higher Education

CCPA and Related State-Laws Class Action Defense

The CCPA is a first-of-its kind law, giving consumers a broad range of rights over how their personal data is collected, used, and sold by business entities. The CCPA also provides consumers with the ability to pursue class action litigation where their personal data has been compromised because of a data breach event. If successful, a consumer can recover between $100 and $750/per incident in statutory or actual damages, whichever is greater. While this damages figure may seem small at first blush, a class of just 5,000 consumers would subject a business to an attendant $3.25 million in potential exposure.

Working closely with our privacy and cybersecurity team—which has substantial experience counseling and advising clients on CCPA and California Privacy Rights Act of 2020 (“CPRA”) compliance matters—Blank Rome has formed and developed a dedicated CCPA/CPRA class action defense team to assist clients in defending against and defeating class actions. Combining our extensive class action litigation experience and our privacy attorneys’ deep subject matter knowledge (in setting up compliance programs, table-top exercises as well as publishing extensively in the space), we are well-positioned to assist clients with developing creative, effective strategies to successfully defend and defeat CCPA class claims.

Biometric Privacy Class Action Defense

The last few years have seen significant developments in biometric privacy, the most notable being Illinois’ highest court ruling that plaintiffs can pursue BIPA claims even in the absence of any actual harm. This ruling has exposed companies to significant potential liability for technical failures to fully comply with BIPA, as prevailing parties are entitled to $1,000 per negligent violation, and $5,000 per willful violation (or actual damages, whichever is greater) as well as attorney’s fees and expert costs. And because BIPA applies to any company using, collecting, or storing biometric information in Illinois—or that has customers who access the company’s goods/services in Illinois—the impact has been felt nationwide. At the same time, legislators outside Illinois are becoming more aggressive in enacting their own biometric privacy laws to place similar requirements and limitations on the collection and use of biometric data.

To support the rapidly evolving needs of our clients, Blank Rome has developed a robust biometric privacy class action defense team whose attorneys serve as counsel in the defense of high-stakes biometric data class litigation. In addition to litigation experience, our members are also thought leaders in this space—having extensively published and presented on litigation strategy, compliance, and emerging legal trends involving BIPA, as well as similar state biometric laws around the country.

Telemarketing Litigation

The U.S. Supreme Court’s decision in Duguid v. Facebook, which narrowly interpreted Automatic Telephone Dialing Systems (“ATDS”), fundamentally altered TCPA-related litigation. While our team has previously won on the issues of the use of an ATDS and prior express consent for clients, including retailers, restaurants, and healthcare companies, the primary focus of TCPA-related litigation has shifted to the use of prerecorded messages and artificial voice calls; ringless voicemail; and calls to phone numbers on the National Do Not Call Registry and internal do-not-call lists. As to the latter, claims rooted in a company’s alleged failure to honor “STOP” or other opt-out requests, or the failure to maintain internal do-not-call policies and training, are asserted under the TCPA’s do-not-call provisions.

Florida’s Telephone Solicitation Act (“FTSA”) has also been the subject of increased litigation in Florida state and federal courts, primarily arising out of mobile marketing and text messaging. Blank Rome has been at the forefront of FTSA litigation, utilizing our past experience with Florida’s related Telemarketing Act. Our attorneys are defending claims brought under the FTSA as they pertain to mobile marketing and related issues on behalf of gyms, schools, automotive dealerships, transportation companies, major retailers, e-commerce platforms, and others.

Our Privacy Class Action Defense team has appeared before the U.S. Supreme Court, various federal appellate and district courts, and state courts, securing favorable orders and judgments on myriad issues under these telemarketing statutes.


Distinguished Track Record of Success

  • Obtained complete dismissal of a putative nationwide TCPA class action filed in the Eastern District of New York for our healthcare client involving allegations that consumers received a single unsolicited text message sent without prior express permission, which was later affirmed by the Second Circuit Court of Appeals.
  • Obtained complete, pre-discovery dismissal of a putative nationwide TCPA class action for a healthcare publishing client involving allegations that they sent a single fax in violation of the TCPA. Although the Fourth Circuit Court of Appeals vacated and remanded the district court’s opinion, we successfully petitioned the U.S. Supreme Court to grant certiorari (Case No. 17-1705). On June 20, 2019, the U.S. Supreme Court voted to unanimously (9-0) vacate and remand the Fourth Circuit’s opinion back to the appellate court where the case is currently pending.
  • Currently representing national food producer in putative BIPA class action involving allegations of the improper collection, use and storage of employees’ fingerprints in connection with use of a biometric timeclock.
  • Currently representing the largest group of hospital facilities in Central California in the first insurance coverage lawsuit of its kind filed in the United States involving a dispute over coverage under a data-breach-specific insurance for one of California’s largest data breaches to date, which resulted in multimillion-dollar exposure for the client.
  • Secured multiple favorable settlements in class actions involving the invasion of consumer privacy rights and statutory violations for the recording of telephone calls.
  • Secured pre-discovery dismissal of putative nationwide TCPA class action against a national restaurant chain on the ground that the third-party system used to send text messages was not an automatic telephone dialing system.

News & Views

See all News and Views