Privacy Class Action Defense


From autodialing, texting, voicemail drops, faxing, and call recording, to biometrics, data breaches, and data collection and sharing, class actions are on the rise in any industry that interfaces with consumers and collects and handles consumer data. Heightened concern regarding compliance and liability in consumer data handling and communications has led to an increased demand for experienced defense attorneys with a proven track record of swift resolution and across-the-board victories on complex and novel issues in an ever-changing legal landscape.

To this end, Blank Rome maintains a dedicated privacy class action defense team comprising a deep bench of experienced litigators and privacy attorneys. We are frequently retained to litigate high exposure, “bet-the-company” class action litigation and have a track record of achieving superior results for our clients in even the most demanding cases.

Led by a seasoned privacy litigator with well over a decade of experience in the field, our privacy class action defense attorneys achieve results through novel strategies uniquely tailored to each case and client. We focus on early negotiation and dismissal, summary judgment (without class discovery), defeating class certification at the earliest practicable time, and leveraging favorable settlements that make business sense and ward off future claims. We also work with our clients to structure business practices that reduce risk without affecting the bottom line.

Winning in and out of court is our fundamental priority. With 13 U.S.-based offices, we defend clients in state and federal courts across the nation against claims alleging violations of federal and state statutory and common law consumer privacy, communications, and other related laws such as negligence and fraud. Our interdisciplinary approach—combined with our regulatory knowledge and strong relationships with the Federal Communications Commission, the Federal Trade Commission, class action administrators, plaintiffs’ counsel, and the courts—has led to national recognition of the comprehensive service we provide to our clients.

How We Can Help

Consumer Protection Claims

Privacy class actions arising under consumer protection laws have been one of the hottest areas of class litigation. In the last decade alone, consumer protection privacy class actions have nearly tripled.

Our privacy class action defense team has decades of experience defending a wide assortment of consumer-facing businesses in multi-district, nationwide state and federal lawsuits alleging violation of various consumer protection laws such as:

  • Telephone Consumer Protection Act (“TCPA”)
  • Fair Credit Reporting Act (“FCRA”)
  • Fair and Accurate Credit Transactions Act (“FACTA”)
  • Electronic Funds Transfer Act (“EFTA”)
  • Stored Communications Act (“SCA”)
  • California’s Invasion of Privacy Act (“CIPA”)
  • Video Privacy Protection Act (“VPPA”)
  • California Song-Beverly Credit Card Act (“Song-Beverly”)
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM”) 

Data Privacy & Cybersecurity

Consumer data has become the world’s most valuable resource. It is now commonly referred to as the “new oil”—providing tremendous benefits to companies of all shapes and sizes. Data is a central tool and powers many of the businesses that drive the world economy. At the same time, companies utilizing consumer data in their business operations have become a prime target for class action lawsuits.

Blank Rome’s privacy class action team is skilled in representing and defending companies that handle data in ever-increasing data privacy and cyber-related class actions. This includes suits stemming from alleged improper use/disclosure of personal data, as well as litigation that inevitably follows a data breach. In addition, our team also has experience in litigating class actions brought under industry-specific laws that include a data privacy or data security component. A representative list of such laws includes:

  • Illinois Biometric Information Privacy Act (“BIPA”)
  • California Consumer Privacy Act (“CCPA”)
  • Other state-specific data breach statutes
  • Health Insurance Portability and Accountability Act (“HIPAA”)
CCPA Class Action Defense

The California Consumer Privacy Act of 2018 (“CCPA”) is a first-of-its kind law, giving consumers a broad range of rights over how their personal data is collected, used, and sold by business entities. The CCPA also provides consumers with the ability to pursue class action litigation where their personal data has been compromised because of a data breach event. If successful, a consumer can recover between $100 and $750/per incident in statutory or actual damages, whichever is greater. While this damages figure may seem small at first blush, a class of just 5,000 consumers would subject a business to an attendant $3.25 million in potential exposure.

Working closely with our privacy and cybersecurity team—which has substantial experience counseling and advising clients on CCPA compliance matters—Blank Rome has formed and developed a dedicated CCPA class action defense team to assist clients in defending against and defeating CCPA class actions. Combining our extensive class action litigation experience and our privacy attorneys’ deep subject matter knowledge (in setting up compliance programs as well as publishing extensively in the space), we are well-positioned to assist clients with developing creative, effective strategies to successfully defend and defeat CCPA class claims.

Biometric Privacy Class Action Defense

The last few years have seen significant developments in biometric privacy, the most notable being Illinois’ highest court ruling that plaintiffs can pursue Illinois Biometric Information Privacy Act (“BIPA”) claims even in the absence of any actual harm. This ruling has exposed companies to significant potential liability for technical failures to fully comply with BIPA, as prevailing parties are entitled to $1,000 per negligent violation, and $5,000 per willful violation (or actual damages, whichever is greater) as well as attorney’s fees. And because BIPA applies to any company using, collecting, or storing biometric information in Illinois—or that has customers who access the company’s goods/services in Illinois—the impact has been felt nationwide. At the same time, legislators outside Illinois are becoming more aggressive in enacting their own biometric privacy laws to place similar requirements and limitations on the collection and use of biometric data.

To support the rapidly evolving needs of our clients, Blank Rome has developed a robust biometric privacy class action defense team whose attorneys serve as counsel in the defense of high-stakes biometric data class litigation. In addition to our litigation experience, the members of our biometric privacy class action defense team are also thought leaders in this space—having extensively published and presented on litigation strategy, compliance, and emerging legal trends involving BIPA, as well as similar state biometric laws around the country.

Industry Experience

Our clients represent every regulated industry subject to data/consumer privacy regulation, including:

  • Manufacturing and retail
  • Software and cloud services
  • E-Commerce
  • Banking and financial institutions
  • Sports and online gambling
  • Security, cable, and media companies
  • Entertainment and media
  • Healthcare
  • Residential and commercial real estate
  • Automobile
  • Food and beverage


Our attorneys also possess unique perspective and have partnered with clients to structure marketing campaigns and communications practices to achieve their business objectives in a statutorily-compliant manner. We work through the details, right alongside our clients, in developing marketing strategies and campaigns; drafting and revising training manuals, online privacy notices and terms and conditions, vendor contracts and purchase agreements; and spotting issues and framing practical business solutions. We know how to structure compliance programs that make good business sense.


Distinguished Track Record of Success

  • Obtained complete dismissal of a putative nationwide TCPA class action filed in the Eastern District of New York for our healthcare client involving allegations that consumers received a single unsolicited text message sent without prior express permission, which was later affirmed by the Second Circuit Court of Appeals.
  • Obtained complete, pre-discovery dismissal of a putative nationwide TCPA class action for a healthcare publishing client involving allegations that they sent a single fax in violation of the TCPA. Although the Fourth Circuit Court of Appeals vacated and remanded the district court’s opinion, we successfully petitioned the U.S. Supreme Court to grant certiorari (Case No. 17-1705). On June 20, 2019, the U.S. Supreme Court voted to unanimously (9-0) vacate and remand the Fourth Circuit’s opinion back to the appellate court where the case is currently pending.
  • Currently representing national food producer in putative BIPA class action involving allegations of the improper collection, use and storage of employees’ fingerprints in connection with use of a biometric timeclock.
  • Currently representing the largest group of hospital facilities in Central California in the first insurance coverage lawsuit of its kind filed in the United States involving a dispute over coverage under a data-breach-specific insurance for one of California’s largest data breaches to date, which resulted in multimillion-dollar exposure for the client.
  • Secured multiple favorable settlements in class actions involving the invasion of consumer privacy rights and statutory violations for the recording of telephone calls.
  • Secured pre-discovery dismissal of putative nationwide TCPA class action against a national restaurant chain on the ground that the third-party system used to send text messages was not an automatic telephone dialing system.

News & Views

See all News and Views