CVS Websites Visitor Actions Wiretapping by Foresee Replay Florida Class Action

Wiretapping used to mean listening in on telephone calls. Nowadays, there are many other ways to do it, including recording every move and keystroke to a visitor to a website. The complaint for this class action brings suit against Verint Systems, Inc. and Foresee Session Replay, Inc. for doing just that—recording information from consumer visits to certain CVS Corporation websites, including Protected Health Information (PHI) and Personally Identifiable Information (PII)—thereby invading visitors’ privacy and violating Florida’s Security of Communications Act (FSCA).

The class for this action is all Florida residents who visited the CVS websites noted above, and whose electronic communications were intercepted or recorded by Foresee.

The websites at issue include CVS.com, CVSSpecialty.com, and Caremark.com, websites for CVS Health Corporation. The wiretaps are blocks of code embedded in the websites’ code and are used “to secretly observe and record Websites visitors’ keystrokes, mouse clicks, and other electronic communications…”

Foresee Session Replay provides is a software-as-a-service (SaaS) business. One of its products is Foresee Replay, a software program that offers marketing analytics. It purports to help companies improve the design of their websites and the customers’ experiences there. It can operate with both computer and mobile devices to provide a real-time recording of a visitor’s interactions with a website.

Foresee records visitors’ actions, then transmits the information to Foresee’s servers. Foresee then makes the information available to its clients. However, according to the complaint, “A 2017 study by Princeton University found that session recording technologies like Foresee Replay were collecting sensitive user information such as passwords and credit card numbers. The research notes that this wasn’t simply the result of a bug, but rather insecure practices.” This means that website visitors can be vulnerable to data leaks from Foresee’s systems, even if they have never intended to share personal information with the company.

In this case, plaintiff Tim Lubin visited one of the CVS websites and ordered a prescription medication. The complaint alleges that, “upon information and belief,” the Foresee program captured Lubin’s keystrokes, mouse clicks, and data entries. “Crucially,” the complaint alleges, “CVS does not ask users, including [Lubin], whether they consent to being wiretapped by Foresee. Users are never actively told that their electronic communications are being wiretapped by Foresee.”

Whether or not the Privacy Policy contains anything about the wiretaps, the complaint notes that the recording begins before the visitor has a chance to visit any such other page of a website. Thus, the complaint says, users never agree to the privacy policy, nor are they given the option to agree to it. Visitors are not told anything about Foresee or its recordings of their sessions at the website.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

CVS Websites Visitor Actions Wiretapping by Foresee Replay Florida Complaint

February 9, 2021

Wiretapping used to mean listening in on telephone calls. Nowadays, there are many other ways to do it, including recording every move and keystroke to a visitor to a website. The complaint for this class action brings suit against Verint Systems, Inc. and Foresee Session Replay, Inc. for doing just that—recording information from consumer visits to certain CVS Corporation websites, including Protected Health Information (PHI) and Personally Identifiable Information (PII)—thereby invading visitors’ privacy and violating Florida’s Security of Communications Act (FSCA).

CVS Websites Visitor Actions Wiretapping by Foresee Replay Florida Complaint

Case Event History

CVS Websites Visitor Actions Wiretapping by Foresee Replay Florida Complaint

February 9, 2021

Wiretapping used to mean listening in on telephone calls. Nowadays, there are many other ways to do it, including recording every move and keystroke to a visitor to a website. The complaint for this class action brings suit against Verint Systems, Inc. and Foresee Session Replay, Inc. for doing just that—recording information from consumer visits to certain CVS Corporation websites, including Protected Health Information (PHI) and Personally Identifiable Information (PII)—thereby invading visitors’ privacy and violating Florida’s Security of Communications Act (FSCA).

CVS Websites Visitor Actions Wiretapping by Foresee Replay Florida Complaint
Tags: Using Your Private Information Without Consent, Your Privacy, wiretapping