WASHINGTON, D.C. — A divided U.S. Supreme Court on June 22 found that the government’s search of a suspect’s cell site location information (CSLI) records qualified as a search under the Fourth Amendment to the U.S. Constitution, thus requiring a showing of probable cause before search of such records in which it found that a user has a reasonable expectation of privacy (Timothy Ivory Carpenter v. United States, No. 16-402, U.S. Sup., 2018 U.S. LEXIS 3844).
PHILADELPHIA — Because an ex-employee of The Coca-Cola Co. (Coke) failed to establish a causal connection between credit card fraud and the theft of company-owned laptops containing employees’ personally identifiable information (PII), a Third Circuit U.S. Court of Appeals panel on June 20 affirmed the dismissal of his putative breach of contract and negligence class claims against the soft drink manufacturer (Shane K. Enslin v. The Coca-Cola Co., et al., Nos. 17-3153 and 17-3256, 3rd Cir., 2018 U.S. App. LEXIS 16613).
SAN FRANCISCO — A California federal judge on June 19 agreed to stay a long-running putative privacy class action over Google LLC’s Street View feature in light of a pending U.S. Supreme Court case that the parties believe “is likely to bear directly” on a tentative settlement in the case (In re Google LLC Street View Electronic Communications Litigation, No. 3:10-md-02184, N.D. Calif.).
SANTA ANA, Calif. — A commercial general liability insurer on May 30 asked the Fourth District California Court of Appeal to reverse a lower court’s finding that penalties for the crime of secretly recording confidential communications under California Penal Code Section 632 can be shifted onto an insurer, arguing that the lower court’s ruling violates public policy (Nautilus Insurance Company v. Monique Mingione, No. G055914, Calif. App., 4th Dist., Div. 3).
WASHINGTON D.C. — Because the Health Insurance Portability and Accountability Act (HIPAA) does not provide for a private cause of action, a District of Columbia federal judge on June 15 granted a diagnostic laboratory’s motion to dismiss a complaint alleging that the lab violated the act by not furnishing patients with ample privacy while obtaining their personal health information (PHI) (Hope Lee-Thomas v. Laboratory Corporation of America, No. 1:18-cv-00591, D. D.C., 2018 U.S. Dist. LEXIS 100428).
INDIANAPOLIS — In light of a defendant’s showing of relevance and the plaintiffs’ failure to establish privilege, an Indiana federal magistrate judge on June 14 concluded that a Facebook instant message string between two named plaintiffs was not covered by a protective order in a putative class action over pension plan administrative fees, leading him to mostly grant a motion to compel (Mary Bell, et al. v. Pension Committee of ATH Holding Company LLC, et al., No. 1:15-cv-02062, S.D. Ind.).
ST. PAUL, Minn. — Rejecting objections by two class members, an Eighth Circuit U.S. Court of Appeals panel on June 13 affirmed a trial court’s approval of a $10 million settlement between Target Corp. and a class of consumers affected by a 2013 data breach, finding that on remand after a previous ruling in the objectors’ favor, the presiding judge conducted the necessary “rigorous analysis” of the settlement (In re: Target Corporation Customer Data Security Breach Litigation, No. 15-3909, 15-3912, 16-1203, 16-1245 and 16-1408 8th Cir., 2018 U.S. App. LEXIS 15839).
OAKLAND, Calif. — A marketing firm that deployed “zombie” cookies on the mobile devices of Verizon Wireless users violated New York consumer law, two wireless users argue in a June 13 brief in California federal court, claiming trespass and opposing the defendant’s motion to dismiss (Anthony Henson, et al. v. Turn Inc., No. 4:15-cv-01497, N.D. Calif.).
RICHMOND, Va. — Optometrists may proceed with two related class complaints alleging their personal information was stolen and used to open credit cards after showing injury-in-fact that may be traced to an organization that administers exams, a Fourth Circuit U.S. Court of Appeals panel ruled June 12 (Rhonda L. Hutton, O.D., et al. v. National Board of Examiners in Optometry, Inc., No. 17-1506, Nicole Mizrahi, et al. v. National Board of Examiners in Optometry, Inc., No. 17-1508, 4th Cir., 2018 U.S. App. LEXIS 15748).
SAN DIEGO — A California federal judge on June 8 dismissed a class complaint by a California man suing a home loan company from which his personal data was stolen by hackers, ruling that while the man had standing to bring his lawsuit, he failed to state a claim (Salam Razuki, et al. v. Caliber Home Loans, Inc., et al., No. 17-1718, S.D. Calif., 2018 U.S. Dist. LEXIS 96973).
ATLANTA — In briefs filed June 12 in Georgia federal court, Equifax Inc. and the consumer plaintiffs in the multidistrict litigation (MDL) over the firm’s 2017 data breach oppose the creation of a separate governmental entity track proposed by the city of Chicago, arguing that such a fourth track is unnecessary and would “likely lead to a more cumbersome structure” and “impose additional burden and expense” (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
BROOKLYN, N.Y. — Finding that the Federal Bureau of Investigation had probable cause to believe that a defendant who is charged with Hobbs Act violations was associated with a gang implicated in criminal conspiracy, a New York federal judge on June 5 denied the defendant’s motion to suppress evidence obtained via warrant from his Facebook account, deeming the warrant sufficiently particularized and not in violation of the Fourth Amendment to the U.S. Constitution (United States v. Sharod Liburd, No. 1:17-cr-00296, E.D. N.Y., 2018 U.S. Dist. LEXIS 94440).
HONOLULU — Two customers of the Hawaiian-based restaurant chain Zippy’s filed a putative class action against the chain’s operator June 1 in Hawaii federal court, alleging negligence related to a recently announced breach of the Zippy’s payment system, which they say resulted in payment card fraud (Joshua Bokelman, et al. v. FCH Enterprises Inc., No. 1:18-cv-00209, D. Hawaii).
MIAMI — A Federal Trade Commission order requiring a now-defunct laboratory testing company to implement a reasonable data-security program was deemed unenforceable on June 6 by an 11th Circuit U.S. Court of Appeals panel, which found that rather than “enjoin[ing] a specific act or practice,” the order “mandates a complete overhaul of [LabMD Inc.’s] data-security program and says precious little about how this is to be accomplished” (LabMD Inc. v. Federal Trade Commission, No. 16-16270, 11th Cir., 2018 U.S. App. LEXIS 15229).
WASHINGTON, D.C. — A growing list of class actions against Facebook Inc. over the sharing of millions of social network users’ personal data by a third-party app developer will be centralized in California federal court, the U.S. Judicial Panel for Multidistrict Litigation (JPMDL) ruled June 6, granting a motion to transfer by two of the plaintiffs (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 2843, JPMDL).
CLEVELAND — A Ohio appellate court majority on May 24 reversed a lower court’s ruling that denied a nursing home’s motion for a protective order and compelled it to provide discovery of records pertaining to a nonparty nursing home resident who allegedly fatally assaulted another resident, remanding for an in camera review of the documents to determine whether they are undiscoverable (David Howell, Jr. v. Park East Care & Rehabilitation, et al., No. 106041, Ohio App., 8th Dist., 2018 Ohio App. LEXIS 2225).
ATLANTA — Two weeks after consolidated class complaints were filed by consumer and small business (SB) classes in the consolidated multidistrict litigation over the massive 2017 Equifax Inc. data breach, a class of financial institutions (FIs) followed suit May 30, filing a consolidated complaint in Georgia federal court, accusing the credit-reporting giant of negligence and related claims (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
WASHINGTON, D.C. — Donald Trump’s presidential campaign and Republican strategist Roger Stone each filed briefs May 31, opposing a jurisdictional discovery request in a lawsuit over the 2016 hack of the Democratic National Committee’s (DNC’s) database, asserting that the discovery sought by the plaintiffs, whose personally identifiable information (PII) was stolen and posted online, is overbroad and untimely (Roy Cockrum, et al. v. Donald J. Trump For President Inc., et al., No. 1:17-cv-01370, D. D.C.).
CHICAGO — Class claims by an employee challenging the collection and storage of fingerprint scans may proceed against the company that employed her and the third-party scanner provider, an Illinois federal judge ruled May 31 (Cynthia Dixon v. The Washington and Jane Smith Community – Beverly, et al., No. 17-8033, N.D. Ill., 2018 U.S. Dist. LEXIS 90344).
ORLANDO, Fla. — In light of an announced “agreement in principle” between Wendy’s International LLC and a group of customers who claim that their payment card data (PCD) was compromised in a breach of the fast food chain’s payment system, a Florida federal judge on May 25 administratively closed a putative negligence class action to allow the parties to finalize terms of their settlement (Christine Jackson, et al. v. Wendy’s International LLC, No. 6:16-cv-00210, M.D. Fla.).