SAN FRANCISCO — In an April 19 ruling, a California federal magistrate judge denied Google Inc.’s motion to quash a warrant, issued under the Stored Communications Act (SCA), for foreign-stored data, concluding that the warrant on California-based Google constituted a domestic application of the statute that does not run afoul of the presumption against extraterritorial application of U.S. laws (In the Matter of the Search of Content That is Stored at Premises Controlled by Google, No. 3:16-mc-80263, N.D. Calif., 2017 U.S. Dist. LEXIS 59990).
FORT LAUDERDALE, Fla. — A Utah woman filed a putative class complaint April 18 against the provider of a physician consultation smartphone app, telling a Florida federal court that the app shares users’ sensitive medical information with a third-party firm, breaching the app maker’s duty to keep this information confidential (Joan Richards v. MDLive Inc., No. 0:17-cv-60760, S.D. Fla.).
WASHINGTON, D.C. — In an en banc proceeding concerning requests for unredacted access to certain opinions about the U.S. government’s bulk collection of citizens’ telecommunications metadata, the government and movants seeking the data’s release each filed briefs with the U.S. Foreign Intelligence Surveillance Court (FISC) on April 17, debating questions of constitutional rights and standing (In Re Opinions & Orders Issued By This Court Addressing Bulk Collection of Data Under Various Provisions of the Foreign Intelligence Surveillance Act, No. Misc. 13-08, FISC).
CHICAGO — Bose Corp. was hit with a putative eavesdropping class complaint in Illinois federal court April 18, when a customer alleged that the stereo equipment manufacturer has been collecting and sharing, via a smartphone application, records of its customers’ private music and audio selections (Kyle Zak v. Bose Corp., No. 1:17-cv-02928, N.D. Ill.).
ORLANDO, Fla. — Waffle House Inc. and WH Capital LLC (together, Waffle House) and other companies violated the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681, by obtaining and using information from background reports for job applicants without providing proper disclosures to the applicants before taking adverse actions against them by not hiring them, more than a dozen applicants allege in an April 17 class complaint filed in Florida federal court (Alex Holt, et al. v. Waffle House, Inc., et al., No. 17-693, M.D. Fla.).
WASHINGTON, D.C. — Citing a pending motion to dismiss a suit over the data-collection practices of the National Security Agency (NSA), the federal government defendants tell a District of Columbia federal court in an April 10 brief that a discovery conference the plaintiffs seek to compel is “uncalled for” (Larry Elliott Klayman, et al. v. Donald J. Trump, et al., Nos. 1:13-cv-00851 and 1:13-cv-00881, D. D.C.).
AUSTIN, Texas — The Texas attorney general (AG) did not establish that disclosing the names of participants of a university’s study, in response to an information request, would not prove embarrassing to those individuals, a Texas appeals panel ruled April 7, reversing a trial court’s ruling and remanding for a determination of applicable common-law privacy rights (The University of Texas System, et al. v. Ken Paxton, Attorney General of Texas, et al., No. 03-14-00801, Texas App., 3rd Dist., 2017 Tex. App. LEXIS 3043).
ALBANY, N.Y. — A New York Court of Appeals majority on April 4 upheld an appeals court’s ruling that Facebook Inc.’s motion to quash warrants seeking user information per the Stored Communications Act (SCA) was properly denied, finding that the order, which was in conjunction with a criminal investigation, was nonappealable (In the Matter of 381 Search Warrants Directed to Facebook Inc., No. 16, N.Y. App., 2017 N.Y. LEXIS 767).
NEWARK, N.J. — Viacom Inc. and putative class plaintiffs filed supplemental briefs related to a summary judgment motion in New Jersey federal court April 3, disputing whether information Viacom collected from minor website users was personally identifiable information (PII) and whether its collection constituted an intrusion upon seclusion (In Re: Nickelodeon Consumer Privacy Litigation, No. 2:12-cv-07829, D. N.J.).
PHILADELPHIA — Finding that The Coca-Cola Co. (Coke) had neither an express nor implied contractual duty to protect its employees’ personally identifiable information (PII), a Pennsylvania federal judge on March 31 granted summary judgment to the beverage company on a putative breach of contract class action related to the theft of laptops containing employee information (Shane K. Enslin v. The Coca-Cola Co., et al., No. 2:14-cv-06476, E.D. Pa., 2017 U.S. Dist. LEXIS 49920).
SAN FRANCISCO — In an April 3 appellee brief in the Ninth Circuit U.S. Court of Appeals, online retailer Zappos.com Inc. argues that a trial court correctly dismissed some of the putative claims related to a 2012 data breach for lack of standing because the plaintiffs failed to establish any imminent, concrete harm attributable to the theft of their personally identifiable information (PII) (Theresa Stevens, et al. v Zappos.com Inc., No. 16-16860, 9th Cir.).
WASHINGTON, D.C. — The plaintiffs in a suit over the data-collection practices of the National Security Agency (NSA) assert in a March 27 motion in District of Columbia federal court that the government defendants have refused to participate in mandated discovery conferences, leading the plaintiffs to seek an order compelling compliance, as well as an order to show cause why sanctions should not be issued (Larry Elliott Klayman, et al. v. Barack Obama, et al., Nos. 1:13-cv-00851 and 1:13-cv-00881, D. D.C.).
ROME, Ga. — The lead plaintiffs in a putative class action over records stolen from their former university on March 29 asked a Georgia federal court to preliminarily approve their settlement of their negligence claims with the university in exchange for payments of costs, fees, incentive awards and reimbursements, potentially exceeding $200,000 (Erin Bishop, et al. v. Shorter University Inc., No. 4:15-cv-00033, N.D. Ga.).
WASHINGTON, D.C. — The U.S. House of Representatives on March 28 voted to approve Senate Joint Resolution (S.J. Res.) 34, which rolls back a 2016 Federal Communications Commission order that limited how internet service providers (ISPs) can use their customers’ private information.
SANTA ANA, Calif. — In a March 25 motion, the plaintiffs in a putative class action over a 2015 data breach experienced by Experian Information Solutions Inc. asked a California federal court to compel production of post-breach investigative documents by a security vendor, disputing the defendant’s claim that the documents are shielded by attorney-client privilege (In Re Experian Data Breach Litigation, No. 8:15-cv-01592, C.D. Calif.).
SAN FRANCISCO — The U.S. government and two electronic service providers participated in oral arguments before the Ninth Circuit U.S. Court of Appeals March 22, debating whether gag orders issued with national security letters (NSLs) by the Federal Bureau of Investigation seeking subscriber information violate the First Amendment to the U.S. Constitution (In re: National Security Letter, No. 16-16067, -16081, -16082 and -16190, 9th Cir.).
MINNEAPOLIS — In the wake of the Eighth Circuit U.S. Court of Appeals’ rejection and remand of a proposed settlement between Target Corp. and a class of consumers whose personally identifiable information (PII) was compromised in 2013 data breaches, the consumers on March 27 filed a memorandum in Minnesota federal court supporting a newly filed motion for class certification and defending the adequacy of their class representation (In re: Target Corporation Customer Data Security Breach Litigation, No. 14-2522, D. Minn.).
ERIE, Pa. — A second expert report filed by the lead plaintiffs in a proposed class action over spying software when they filed their reply brief in support of their renewed motion for class certification was filed too late, a Pennsylvania federal magistrate judge ruled March 22, striking the new report (Crystal Byrd, et al. v. Aaron’s, Inc., et al., No. 11-101, W.D. Pa., 2017 U.S. Dist. LEXIS 41030).
NEWARK, N.J. — An owner of smart TVs made by Samsung Electronics America Inc. filed a putative class complaint against the manufacturer in New Jersey federal court March 10, alleging that consumers’ private conversations were secretly recorded and intercepted, in violation of the New Jersey Consumer Fraud Act (CFA) and federal privacy laws (Joshua Siegel v. Samsung Electronics America Inc., No. 2:17-cv-01687, D. N.J.).
SAN FRANCISCO — Researchers, civil rights organizations and physicians on March 16 filed amicus curiae briefs in the Ninth Circuit U.S. Court of Appeals supporting a trial court’s preliminary injunction ordering the redaction of individuals’ personally identifiable information (PII) from responsive documents in an anti-abortion advocate’s public records request related to fetal tissue research (Jane Does 1-10, et al. v. David Daleiden, et al., No. 16-36038, 9th Cir.).