On April 13, a federal court ruled that theft of credit card information, even prior to misuse of that data, could permit a plaintiff to pursue claims based on a 2016 data breach at certain Kimpton hotel properties.  In Walters v. Kimpton Hotel & Restaurant Group, the court denied in part Kimpton’s motion to dismiss and rejected Kimpton’s position that actual injury, for standing purposes, requires unauthorized charges or other misuse of payment data.  Based on the allegations, the court found it plausible that, given the dates the plaintiff stayed at an affected hotel, the plaintiff’s payment card information “was taken in a manner that suggests it will be misused.”  It was not necessary, the court concluded, that the plaintiff wait until actual misuse occurred before seeking relief for both the theft and the time and effort spent monitoring his credit and mitigating potential misuse.  The court further ruled that the plaintiff alleged out-of-pocket expenses and other actual damages sufficient to support his claims for implied breach of contract, negligence, and violation of California’s Unfair Competition Law.

The court also found that Kimpton’s privacy policy provided a plausible basis for the existence of an implied contract between Kimpton and its patrons.  Specifically, the court noted that Kimpton’s privacy policy stated that “Kimpton is ‘committed’ to safeguarding customer privacy and personal information,” and that this commitment may create an enforceable promise.

Tags: california, Class Action, Data Breach, Payment Card, Privacy Policy
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kate Growley Kate Growley

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations…

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations, and policy engagement. With a unique combination of legal, policy, and consulting experience, Kate excels in translating complex technical topics into advice that is practical and informed by risk and business needs.

Kate has extensive experience working with members of the U.S. government contracting community, especially those within the Defense Industrial Base. She has partnered with contractors from every major sector, including technology, manufacturing, health care, and professional services. Kate is an IAPP AI Governance Professional (AIGP) and a Certified Information Privacy Professional for both the U.S. private and government sectors (CIPP/G and CIPP/US). She is also a Registered Practitioner with the U.S. Cybersecurity Maturity Model Certification (CMMC) Cyber Accreditation Body (AB).

Having lived in Greater China for several years, Kate also brings an uncommon understanding of digital and national security requirements from across the Asia Pacific region. She has notable experience with the regulatory environments of Australia, Singapore, Japan, and Greater China—including the growing regulation of data flows between the latter and the United States.

Kate is a partner in the firm’s Washington, D.C., office, as well as a senior director in the firm’s consultancy Crowell Global Advisors, to which she was seconded for several years. She is a founding member of the firm’s Privacy & Cybersecurity Group and part of the firm’s AI Steering Committee. She has been internationally recognized by Chambers and named a “Rising Star” by both Law360 and the American Bar Association (ABA). She has held numerous leadership positions in the ABA’s Public Contract Law and Science & Technology Sections and has been inducted as a lifetime fellow in the American Bar Foundation.

Read more about Kate Growley
Show more Show less
Related Posts
AI-Powered Chatbots:  Mythical Super Creature or Legal Trojan Horse
June 6, 2023
SEC Encourages Internal Accounting Controls to Guard Against Cyber Fraud
November 8, 2018
FERC Proposes to Require Expanded Cyber Security Incident Reporting
January 17, 2018