Mealey's Data Privacy

  • January 24, 2020

    Discovery Of Anonymized Minors’ Data Permitted In Indiana Abortion Law Dispute

    INDIANAPOLIS — An Indiana state court’s objection to a discovery ruling requiring it to submit certain data about minors seeking abortions was overruled Jan. 22, with an Indiana federal judge finding that the anonymized nature of the data did not implicate any privacy concerns and, as such, did not violate a state confidentiality statute (Whole Woman’s Health Alliance, et al. v. Curtis T. Hill Jr., et al., No. 1:18-cv-01904, S.D. Ind., 2020 U.S. Dist. LEXIS 10364).

  • January 23, 2020

    Attorneys General Oppose $13 Million Cy Pres Google Street View Settlement

    SAN FRANCISCO — In a Jan. 20 amicus curiae brief, the attorneys general (AGs) of nine states urge a California federal judge to deny final approval to a proposed $13 million settlement of a consolidated privacy class action over Google LLC’s “Street View” feature, objecting to the earmarking of most of the settlement fund to cy pres recipients without “cash or other direct compensation to class members” (In re Google LLC Street View Electronic Communications Litigation, No. 3:10-md-02184, N.D. Calif.).

  • January 22, 2020

    Uber Granted Motions To Compel Arbitration In 8 Data Breach Suits

    LOS ANGELES — A California federal judge on Jan. 17 issued the latest in a series of rulings in favor of Uber Technologies Inc., reporting that he had granted the ride-sharing company’s motions to compel arbitration in eight lawsuits filed over a 2016 data breach that were consolidated in a multidistrict litigation (In re Uber Technologies Inc. Data Security Breach Litigation, No. 2:18-ml-02826, C.D. Calif.).

  • January 21, 2020

    High Court Denies Facebook’s Class Standing Petition In Biometrics Privacy Suit

    WASHINGTON, D.C. — Facebook Inc.’s interlocutory appeal of a class certification ruling in a privacy lawsuit over its face-tagging feature will not be heard by the U.S. Supreme Court, which on Jan. 21 denied the social network’s petition for certiorari in which it raised questions about standing under Article III of the U.S. Constitution (Facebook Inc. v. Nimesh Patel, et al., No. 19-706, U.S. Sup., 2020 U.S. LEXIS 538).

  • January 21, 2020

    Consumer Class’s Settlement Of Equifax Data Breach Suit Receives Final Approval

    ATLANTA — A Georgia federal judge on Jan. 13 granted final approval to the settlement of a consolidated consumer class’s negligence lawsuit over the massive 2017 data breach experienced by Equifax Inc., calling the relief valued at potentially billions of dollars “an outstanding result for the class in a case with a high level of risk” that “exceeds the relief provided in other data breach settlements” (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga., 2020 U.S. Dist. LEXIS 7841).

  • January 14, 2020

    Insurer Responds To Insured’s Appeal Of No Coverage Ruling Of Alleged Data Breach

    NEW ORLEANS — A commercial general liability insurer on Nov. 25 filed its response in the Fifth Circuit U.S. Court of Appeal to an insured’s appeal of a lower court’s finding that the insurer has no duty to defend against an underlying lawsuit seeking to recover damages purportedly caused by a data breach of the insured’s credit card processing system (Landry's Inc. v. The Insurance Company of the State of Pennsylvania, No. 19-20430, 5th Cir.).

  • January 13, 2020

    Financial Institutions Seek Class Certification In Sonic Data Breach Suit

    CLEVELAND — Three credit unions suing Sonic Corp. for negligence over its 2017 data breach filed a motion in Ohio federal court on Jan. 9, seeking to certify a nationwide class of financial institutions (FIs) that accrued costs resulting from responding to cardholders whose payment cards were potentially affected by the breach (In re:  Sonic Corp. Customer Data Security Breach, No. 1:17-md-02807, N.D. Ohio).

  • January 13, 2020

    Employees Denied Discovery Of Personnel Files, Text Messages In FLSA Dispute

    HARRISBURG, Pa. — In rulings issued Jan. 8 and 9, a Pennsylvania federal magistrate judge denied discovery requests by a class of travel stop operations managers (OMs) in a Fair Labor Standards Act (FLSA) overtime lawsuit, finding requests for personnel files and text messages to be too broad, burdensome and fraught with privacy concerns (Kristopher Lawson, et al. v. Love’s Travel Stops & Country Stores Inc., No. 1:17-cv-01266, M.D. Pa., 2020 U.S. Dist. LEXIS 3352).

  • January 09, 2020

    New York City Transit Sued For Access To Facial Recognition Use Documents

    NEW YORK — A surveillance technology watchdog group sued New York City Transit (NYCT) in New York state court on Jan. 6, seeking to compel the agency to comply with a request under the state’s Freedom of Information Law (FOIL) for documents related to the purported use of facial recognition technology on the city’s subway system (Surveillance Technology Oversight Project v. Metropolitan Transportation Authority, et al., No. 150127/20, N.Y. Sup., New York Co.).

  • January 08, 2020

    Preliminary Approval Sought For $7.5 Million Google Plus Data Leak Class Action

    SAN JOSE, Calif. — Four former users of the now-defunct Google Plus social network filed a motion in California federal court on Jan. 6, seeking preliminary approval of a $7.5 million settlement with Google LLC of unfair competition, privacy and negligence class claims over two 2018 data leaks that exposed users’ personally identifiable information (PII) to third-party app developers (In re Google Plus Profile Litigation, No. 5:18-cv-06164, N.D. Calif.).

  • January 06, 2020

    Zappos Discount Coupon Data Breach Class Settlement Receives Final Approval

    RENO, Nev. — Noting that more than $5 million dollars’ worth of discount coupons that were emailed to class members affected by Zappos.com Inc.’s 2012 data breach have already been redeemed, a Nevada federal judge on Dec. 23 granted final approval to a settlement of a privacy class action against the online retailer (In Re Zappos.com Inc., Customer Data Security Breach Litigation, No. 3:12-cv-00325, D. Nev.).

  • January 06, 2020

    Alabama Hospital Sued By Patients After Ransomware Attack

    BIRMINGHAM, Ala. — An Alabama hospital has violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Federal Trade Commission Act and the Gramm-Leach-Bliley Act by failing to protect the medical records of approximately 32,000 from a recent ransomware attack, a class complaint filed Dec. 23 in a federal court in Alabama alleges (Geraldine Daniels, et al. v. DCH Healthcare Authority, No. 19-2086, N.D. Ala.).

  • January 03, 2020

    On Remand, Google Cookie Privacy Class Revises $5.5 Million Cy Pres Settlement

    WILMINGTON, Del. — In a Jan. 3 motion for preliminary approval of a revised $5.5 million class settlement with Google LLC over privacy concerns related to certain cookie deployment practices, the plaintiffs tell a Delaware federal court that although “[t]he structure, timing, and disposition of funds set out” in a previous settlement proposal, which was vacated by the Third Circuit U.S. Court of Appeals, “have not changed,” the parties have addressed the Third Circuit’s concerns over the cy pres-only nature of the settlement (In Re:  Google Inc. Cookie Placement Consumer Privacy Litigation, No. 1:12-md-02358, D. Del.).

  • January 03, 2020

    Convenience Store Chain Hit With Class Complaints After Data Breach Discovery

    PHILADELPHIA — With the filing of a putative class complaint by 12 of its customers on Dec. 31, at least 11 lawsuits have been filed in Pennsylvania federal court against a convenience store chain in the wake of its announcing that it had recently discovered a data breach that went unnoticed for nine months (Mark Schultz, et al. v. Wawa Inc., No. 2:19-cv-06190, E.D. Pa.).

  • January 02, 2020

    Ring, Amazon Hit With Class Complaint Alleging Cameras Have Been Hacked

    LOS ANGELES — The makers of Ring smart security systems have employed “[l]ax security standards and protocols” resulting in the hacking of camera systems by third parties, a man alleges in a class complaint filed Dec. 26 in a federal court in California (John Baker Orange, et al. v. Ring LLC, et al., No. 19-10899, C.D. Calif.).

  • December 20, 2019

    Location-Tracking Class Claims Against Google Dismissed By Judge

    SAN JOSE, Calif. — A California federal judge on Dec. 19 found that a putative class suing Google LLC for allegedly storing their location data failed to “plead sufficient facts to allege an invasion of privacy,” leading him to grant Google’s motion to dismiss statutory, constitutional and common-law privacy claims against the tech firm, with leave to amend (In re Google Location History Litigation, No. 5:18-cv-05062, N.D. Calif.).

  • December 19, 2019

    Insurer, Clients: D.C. Circuit Has Jurisdiction Over Dismissed Data Breach Claims

    WASHINGTON, D.C. — In supplemental briefs filed Dec. 16 at the direction of the District of Columbia Circuit U.S. Court of Appeals, a health insurance provider and a group of policyholders that sued it over a 2015 data breach both opine that a trial court properly certified a partial dismissal ruling for appeal under Federal Rule of Civil Procedure 54(b) (Chantal Attias, et al. v. CareFirst Inc., et al., No. 19-7020, D.C. Cir.).

  • December 18, 2019

    Judge Denies DOJ Review Of Biometric-Unlocking Warrant Denial As Moot

    OAKLAND, Calif. — Although a lawsuit in which the U.S. Department of Justice (DOJ) sought a warrant compelling suspects to unlock electronic devices via biometric means raised “highly engaging issues,” a California federal judge on Dec. 10 denied as moot the department’s motion to reconsider an order denying the warrant for constitutional reasons in light of the government’s abandonment of the original warrant, which deprived the court of jurisdiction over the matter (In re Search of a Residence in Oakland, Calif., No. 4:19-mj-70053, N.D. Calif.).

  • December 17, 2019

    Settlement Of Class Action Over Chipotle Data Breach Receives Final Approval

    DENVER — Six months after a group of Chipotle Mexican Grill Inc. customers announced a settlement of their class claims over a 2017 data breach experienced by the burrito chain, a Colorado federal judge on Dec. 16 granted their motion for final approval of the agreement, which provides for reimbursement of expenses customers incurred from the breach (Todd Gordon, et al. v. Chipotle Mexican Grill Inc., No. 1:17-cv-01415, D. Colo., 2019 U.S. Dist. LEXIS 215430).

  • December 17, 2019

    NSA Prevails In Wikimedia’s Constitutional Claims Over Upstream Surveillance

    BALTIMORE — Wikimedia Foundation failed to establish that the National Security Agency (NSA) copied or collected any of its international internet communications as part of its upstream surveillance program, a Maryland federal judge ruled Dec. 16, dismissing for a second time the internet firm’s constitutional claims against the government, also deeming the suit precluded by the state secrets privilege (Wikimedia Foundation v. National Security Agency, et al., No. 1:15-cv-00662, D. Md.).