Advisen defines privacy violations as unauthorized contact, typically through electronic means, such as telemarketing, SMS text messaging and email. Losses are frequently a result of violating consumer privacy laws such as the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act.
According to Advisen’s Loss Insight data, privacy violations have resulted in losses as high as $873 million.
Some notable cases include:
• Atlantis Blue Capital: Atlantis Blue Capital was sued by Facebook Inc. for allegedly transmitting more than 4 million unsolicited spam messages to Facebook users promoting numerous web sites and products, including marijuana substitutes, male enhancement pills and sexually oriented materials. Atlantis Blue Capital was ordered to pay $873,277,200 for violating the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM).
• Jiffy Lube International: Jiffy Lube and the largest Jiffy Lube franchisee in America, Heartland, sent unsolicited commercial text messages (wireless spam) to the wireless telephone numbers of plaintiffs without prior express consent in violation of the Telephone Consumer Protection Act (TCPA). Jiffy Lube and Heartland agreed to settle the class action lawsuit. The terms of the settlement provided class members with certificates for good/services valued up to $46,844,780, with a cash value up to $35,133,585.
• Sallie Mae, Inc.: A class action lawsuit was filed against Sallie Mae for damages resulting from its illegal actions in negligently, knowingly and willfully contacting the Plaintiff’s cellular phones without prior express consent in violation of the Telephone Consumer Protection Act (TCPA). The plaintiff did not provide Sallie Mae with his cellular number during a transaction that resulted in debt owed to Sallie Mae. Subsequently, the plaintiff received repeated, harassing calls at all hours and often within an hour of each other. As a result of Sallie Mae’s negligent actions, the plaintiff and the Class Members settled with Sallie Mae for $24.15 million.
• Papa John’s International, Inc.: A class action lawsuit was commenced against Papa John’s for blasting customers with illegal text messages in violation of the TCPA. The plaintiff alleged that Pap John’s franchises sent customers a total of 500,000 unwanted messages in 2010. The spam texts offered deals for pizza, and some customers complained they were getting 15 or 16 texts in a row. Papa John’s agreed to create a $16,585,000 fund comprised of class members’ merchandise certificates and cash payments.
Privacy Violation Case Count over Time
This chart shows the number of privacy violation cases over time. Overall there is a clear upward trend, with the number of cases doubling since 2009.
Relative Occurrence Rate by Industry
This chart shows the relative occurrence rate of privacy violations by industry. The relative occurrence rate is derived by taking the number of cases over the number of businesses in each respective industry. The high relative volume of Public Administration events is due in part to election-related solicitations.
Source of Loss
By a wide margin, the largest source of loss is from telephonic violations (TCPA). The Telephone Consumer Protection Act (TCPA) restricts telephone solicitations and the use of automated telephone equipment. The TCPA limits the use of automatic dialing systems, artificial or prerecorded voice messages, SMS text messages, and fax machines.
Policy Coverage over Time
This chart illustrates the number of cyber policies in the Advisen policy database with an insuring agreement that specifically addresses privacy events in relation to the total number of cyber policies.