Data breaches, biometric privacy, and digital tracking claims.
Privacy and data breach lawsuits arise where personal information has been exposed, collected without consent, or used in violation of privacy laws — including breaches of customer databases, biometric data collection, web tracking pixels, and unauthorized recordings.
Data breach claims.
Data breaches occur when personal information — names, addresses, Social Security numbers, payment data, health records — is accessed by unauthorized parties. Resulting lawsuits often allege negligence in cybersecurity practices, breach of contract, or violations of state breach notification laws.
Plaintiffs may seek damages for identity theft risk, credit monitoring costs, time spent responding to the breach, and emotional distress. Many data breach cases proceed as class actions because a single breach can affect thousands or millions of people in similar ways.
Biometric privacy and tracking technologies.
Some states have specific biometric privacy laws — most notably Illinois's Biometric Information Privacy Act (BIPA) — that regulate the collection, storage, and disclosure of fingerprints, facial geometry, voiceprints, and other biometric identifiers. Violations can carry significant statutory damages.
Other privacy claims involve session replay tools, tracking pixels, chat features, video and recording technologies, and analytics services that allegedly collect data without proper disclosure or consent. Some of these claims are brought under state wiretap statutes or state video privacy laws.
State privacy laws and consumer rights.
State privacy laws — including the California Consumer Privacy Act (CCPA/CPRA) and comparable laws in Virginia, Colorado, Connecticut, Utah, and other states — give consumers rights to access, delete, and limit the sale of their personal information. They also impose obligations on businesses that collect or process consumer data.
Some of these laws include private rights of action for specific violations (such as data breaches involving unencrypted information); others can only be enforced by a state regulator. The legal landscape continues to evolve as more states pass privacy legislation.