Mealey's Data Privacy

  • December 7, 2017

    Sessions Opposes Rehearing In 9th Circuit Appeal Over FBI Letters’ Gag Orders

    SAN FRANCISCO — In a Dec. 5 brief opposing a rehearing petition filed by two electronic communication service providers (ECSPs), U.S. Attorney General Jefferson B. Sessions III maintains that the Ninth Circuit U.S. Court of Appeals correctly found that nondisclosure requirements of national security letters (NSLs) served by the Federal Bureau of Investigation in connection with counterterrorism efforts satisfy the strict scrutiny standards of First Amendment to the U.S. Constitution (In re:  National Security Letter, No. 16-16067, -16081, -16082 and -16190, 9th Cir.).

  • December 7, 2017

    Spokeo Seeks 2nd Certiorari Grant Over Injury-In-Fact Standing Requirement

    WASHINGTON, D.C. — Less than two years after the U.S. Supreme Court ruled on the concrete injury requirement to establish standing under Article III of the U.S. Constitution in a lawsuit over alleged violation of the Fair Credit Reporting Act (FCRA), the data aggregator defendant filed a renewed petition for certiorari Dec. 4, citing conflicting lower court interpretations of the prior ruling and a remand ruling by the Ninth Circuit U.S. Court of Appeals that it says undermines the 2016 decision (Spokeo Inc. v. Thomas Robins, No. 17-806, U.S. Sup.).

  • December 6, 2017

    Insurer Asks 2nd Circuit To Find Wire Transfer Theft Is Not Covered Under Policy

    NEW YORK — An insurer asked the Second Circuit U.S. Court of Appeals on Dec. 5 to reverse a lower court’s finding that coverage for a firm's multimillion-dollar loss due to a fraudulent wire transfer scheme existed under the computer fraud provision of the company's executive protection insurance policy (Medidata Solutions Inc. v. Federal Insurance Co., No. 17-2492, 2nd Cir.).

  • December 5, 2017

    Judge Permits Government To Conduct Broad Search Of Email Addresses

    MONTGOMERY, Ala. — An Alabama federal judge on Dec. 1 granted the U.S. government’s motion to reconsider limitations that were previously imposed on search methods to be used with certain email accounts, with the judge concluding that the specifics of the case require flexibility with the usual particularity requirements for warrants required by the Fourth Amendment to the U.S. Constitution (In re Search of Information Associated with 15 Email Addresses Stored at Premises Owned, Maintained, Controlled or Operated by 1&1 Media, Inc., et al., No. 2:17-cm-03152, M.D. Ala.).

  • December 1, 2017

    OIG Rescinds Approval Of Drug Patient Assistance Program For Privacy Breaches

    WASHINGTON, D.C. — The Office of Inspector General (OIG) on Nov. 28 rescinded a 2006 advisory opinion for the drug patient assistance program Caring Voice Coalition Inc. after determining that the program provided patient-specific data to one or more supporting drug companies, according to an OIG letter and a company statement.

  • December 1, 2017

    Washington AG Sues Uber For Failure To Notify About 2016 Data Breach

    SEATTLE — One week after Uber Technologies Inc. revealed a massive data breach that went unreported for a year, Washington Attorney General (AG) Robert W. Ferguson filed suit against the ride-hailing firm in Washington state court for violating the state’s Consumer Protection Act (CPA) (Washington v. Uber Technologies Inc., No. NA, Wash. Super., King Co.).

  • November 30, 2017

    9th Circuit Affirms ESPN App User Did Not Identify Shared PII Under VPPA

    PASADENA, Calif. — A plaintiff failed to properly plead a violation of the Video Privacy Protection Act (VPPA) by ESPN Inc., a Ninth Circuit U.S. Court of Appeals panel ruled Nov. 29, finding that user data purportedly shared by ESPN via its app did not qualify as personally identifiable information (PII) (Chad Eichenberger v. ESPN Inc., No. 15-35449, 9th Cir.).

  • November 29, 2017

    Justices Hear Arguments On 4th Amendment Rights And Cell Location Records

    WASHINGTON, D.C. — The U.S. Supreme Court heard arguments Nov. 29 on implications under the Fourth Amendment to the U.S. Constitution over the government’s collection of historical cell site location information (CSLI) records via an order issued under the Stored Communications Act (SCA), with the parties debating the expectation of privacy in such records and the application of decades-old legislation and case law to situations involving modern technology (Timothy Ivory Carpenter v. United States of America, No. 16-402, U.S. Sup.).

  • November 29, 2017

    Judge Won’t Reconsider Gag Order Ruling For Twitter Over FBI Data Collection

    OAKLAND, Calif. — A California federal judge on Nov. 28 denied the U.S. government’s motion to reconsider a ruling in which she found possible constitutional violations in the FBI’s prohibiting Twitter Inc. from publicly reporting on its involvement in the bureau’s surveillance program, holding that a subsequent Ninth Circuit U.S. Court of Appeals ruling on national security letters (NSLs)  did not alter controlling law or compel reconsideration (Twitter Inc. v. Jefferson B. Sessions III, et al., No. 4:14-cv-04480, N.D. Calif., 2017 U.S. Dist. LEXIS 195360).

  • November 29, 2017

    Judge: CGL Insurer Has No Duty To Defend Against Class Action Over Data Breach

    TAMPA, Fla. — A Florida federal judge on Nov. 17 held that a commercial general liability insurer has no duty to defend against a putative class action alleging that an insured failed to adequately protect the plaintiffs’ personal private information (PPI) and timely disclose a data breach to end users (Innovak International Inc. v. The Hanover Insurance Co., No. 16-2453, M.D. Fla., 2017 U.S. Dist. LEXIS 191271).

  • November 28, 2017

    Hospital Says Economic Loss Doctrine Bars Data Breach Negligence Claim

    PITTSBURGH — In a Nov. 27 brief, a Pittsburgh area hospital asks the Pennsylvania Supreme Court to affirm rulings by a trial and appeals court that a negligence suit brought after a breach of its network is precluded by the economic loss doctrine due to the attenuated nature of the claimed damages, as well as the lack of a statutory duty to provide foolproof protection of electronically stored information (ESI) (Barbara A. Dittman, et al. v. UPMC, et al., No. 43 WAP 2017, Pa. Sup.).

  • November 27, 2017

    2nd Circuit Finds Video Game Players Lack Standing In Biometrics Suit

    NEW YORK — Mostly affirming a trial court’s dismissal ruling, a Second Circuit U.S. Court of Appeals panel on Nov. 21 held that the lead plaintiffs in a class action alleging violation of an Illinois biometrics statute failed to establish any concrete harm from a software firm’s use of their facial scans in basketball video games, thus defeating their standing under Article III of the U.S. Constitution (Ricardo Vigil, et al. v. Take-Two Interactive Software Inc., No. 17-303, 2nd Cir., 2017 U.S. App. LEXIS 23446).

  • November 27, 2017

    Federal Magistrate Recommends Arbitration Of Barnes & Noble Data Privacy Class Suit

    NEW YORK — The arbitration provision in Barnes & Noble Booksellers Inc.’s (B&N) terms of use (TOU) on its website is not unconscionable and therefore must be enforced in a class complaint filed by a customer who claims that information about her online purchase of a DVD was shared with Facebook, a New York federal magistrate judge opined in a Nov. 20 report and recommendation (Melina Bernardino v. Barnes & Noble Booksellers, Inc., No. 17-4570, S.D. N.Y., 2017 U.S. Dist. LEXIS 192814).

  • November 22, 2017

    Uber Announces Massive Data Breach, Hit With Class Complaint

    LOS ANGELES — The same day Uber Technologies Inc. revealed in a Nov. 21 statement that it had experienced a data breach in late 2016, a class action complaint was filed against the ride-hailing firm in California federal court, alleging negligence, invasion of privacy and unfair competition (Alejandro Flores v. Rasier LLC, et al., No. 2:17-cv-08503, C.D. Calif.).

  • November 22, 2017

    No Coverage Owed For Underlying Suits Alleging Statutory Violations

    CHARLOTTE, N.C. — An insurer has no duty to defend its insured in two underlying class actions alleging violations of the federal Driver’s Privacy Protection Act (DPPA) because the business liability policy’s statutory violation exclusion clearly bars coverage, a North Carolina federal judge said Nov. 17 in granting the insurer’s motion for judgment on the pleadings (Hartford Casualty Insurance Co. v. Ted A. Greve & Associates, P.A., et al., No. 17-183, W.D. N.C., 2017 U.S. Dist. LEXIS 190603).

  • November 21, 2017

    $11.2 Million Ashley Madison Data Breach Suit Settlement Granted Final Approval

    ST. LOUIS — Following a Nov. 20 fairness hearing, a Missouri federal judge issued an order that same day granting final approval to an $11.2 million settlement between the operators of the Ashley Madison website and users of the site whose personally identifiable information (PII) was exposed in a 2015 data breach, with the judge deeming the settlement “to be the product of thorough, serious, informed, and non-collusive negotiations” (In re Ashley Madison Customer Data Security Breach Litigation, No. 4:15-cv-02669, E.D. Mo.).

  • November 21, 2017

    Insurer Asks High Court To Clarify Article III Injury Standing In Data Breach Suit

    WASHINGTON, D.C. — A health insurer on Oct. 30 filed a petition for certiorari urging the U.S. Supreme Court to provide guidance as to what constitutes an “imminent” injury to support a plaintiff’s standing under Article III of the U.S. Constitution to file suit after a data breach (CareFirst Inc., et al. v. Chantal Attias, et al., No. 17-641, U.S. Sup.).

  • November 21, 2017

    Judge Asks Government To Explain Objection To Email Keyword Search Order

    MONTGOMERY, Ala. — Responding to the U.S. government’s objection to a court-imposed requirement that keyword searches be utilized in searching email accounts targeted by warrants, an Alabama federal judge on Nov. 17 directed the government to submit a brief explaining the search framework it would rather use (In re Search of Information Associated with 15 Email Addresses Stored at Premises Owned, Maintained, Controlled or Operated by 1&1 Media, Inc., et al., No. 2:17-cm-03152, M.D. Ala.).

  • November 21, 2017

    Amended Class Complaint Filed Over Fraudulent TurboTax Filings

    SAN JOSE, Calif. — In the wake of orders partly dismissing their claims and compelling arbitration of some parties’ claims, the plaintiffs in a putative class action against Intuit Inc. filed an amended complaint in California federal court Nov. 17, restating negligence and unfair competition claims related to the filing of fraudulent tax returns by criminals that exploited purported lax security in Intuit’s TurboTax software (In re Intuit Data Litigation, No. 5:15-cv-01778, N.D. Calif.).

  • November 20, 2017

    Nationwide Data Breach Plaintiffs Object To Bailment Dismissal Recommendation

    COLUMBUS, Ohio — Asserting that they properly pleaded their bailment claim against Nationwide Mutual Insurance Co. related to a 2012 data breach, two policyholders filed an objection in Ohio federal court Nov. 14 to a magistrate’s dismissal recommendation (Mohammad S. Galaria, et al. v. Nationwide Mutual Insurance Co., No. 2:13-cv-00118, S.D. Ohio).