We use cookies on this site to enable your digital experience. By continuing to use this site, you are agreeing to our cookie policy. close

Mealey's Data Privacy

  • June 22, 2018

    Supreme Court: Probable Cause Required For Cell Location Records Search

    WASHINGTON, D.C. — A divided U.S. Supreme Court on June 22 found that the government’s search of a suspect’s cell site location information (CSLI) records qualified as a search under the Fourth Amendment to the U.S. Constitution, thus requiring a showing of probable cause before search of such records in which it found that a user has a reasonable expectation of privacy (Timothy Ivory Carpenter v. United States, No. 16-402, U.S. Sup., 2018 U.S. LEXIS 3844).

  • June 22, 2018

    3rd Circuit Affirms Dismissal Of Ex-Employee’s Laptop Data Theft Suit Against Coke

    PHILADELPHIA — Because an ex-employee of The Coca-Cola Co. (Coke) failed to establish a causal connection between credit card fraud and the theft of company-owned laptops containing employees’ personally identifiable information (PII), a Third Circuit U.S. Court of Appeals panel on June 20 affirmed the dismissal of his putative breach of contract and negligence class claims against the soft drink manufacturer (Shane K. Enslin v. The Coca-Cola Co., et al., Nos. 17-3153 and 17-3256, 3rd Cir., 2018 U.S. App. LEXIS 16613).

  • June 21, 2018

    Google Street View Case Stayed Pending Supreme Court Cy Pres Settlement Ruling

    SAN FRANCISCO — A California federal judge on June 19 agreed to stay a long-running putative privacy class action over Google LLC’s Street View feature in light of a pending U.S. Supreme Court case that the parties believe “is likely to bear directly” on a tentative settlement in the case (In re Google LLC Street View Electronic Communications Litigation, No. 3:10-md-02184, N.D. Calif.).

  • June 20, 2018

    Shifting Of Criminal Conduct To Insurer Violates Public Policy, Insurer Argues

    SANTA ANA, Calif. — A commercial general liability insurer on May 30 asked the Fourth District California Court of Appeal to reverse a lower court’s finding that penalties for the crime of secretly recording confidential communications under California Penal Code Section 632 can be shifted onto an insurer, arguing that the lower court’s ruling violates public policy (Nautilus Insurance Company v. Monique Mingione, No. G055914, Calif. App., 4th Dist., Div. 3).

  • June 20, 2018

    Patient’s HIPAA Claim Over Lab’s Privacy Failure Dismissed By Federal Judge

    WASHINGTON D.C. — Because the Health Insurance Portability and Accountability Act (HIPAA) does not provide for a private cause of action, a District of Columbia federal judge on June 15 granted a diagnostic laboratory’s motion to dismiss a complaint alleging that the lab violated the act by not furnishing patients with ample privacy while obtaining their personal health information (PHI) (Hope Lee-Thomas v. Laboratory Corporation of America, No. 1:18-cv-00591, D. D.C., 2018 U.S. Dist. LEXIS 100428).

  • June 18, 2018

    Facebook Instant Messages Deemed Discoverable In Anthem ERISA Class Action

    INDIANAPOLIS — In light of a defendant’s showing of relevance and the plaintiffs’ failure to establish privilege, an Indiana federal magistrate judge on June 14 concluded that a Facebook instant message string between two named plaintiffs was not covered by a protective order in a putative class action over pension plan administrative fees, leading him to mostly grant a motion to compel (Mary Bell, et al. v. Pension Committee of ATH Holding Company LLC, et al., No. 1:15-cv-02062, S.D. Ind.).

  • June 18, 2018

    8th Circuit Upholds Target Data Breach Class Certification, Settlement

    ST. PAUL, Minn. — Rejecting objections by two class members, an Eighth Circuit U.S. Court of Appeals panel on June 13 affirmed a trial court’s approval of a $10 million settlement between Target Corp. and a class of consumers affected by a 2013 data breach, finding that on remand after a previous ruling in the objectors’ favor, the presiding judge conducted the necessary “rigorous analysis” of the settlement (In re:  Target Corporation Customer Data Security Breach Litigation, No. 15-3909, 15-3912, 16-1203, 16-1245 and 16-1408 8th Cir., 2018 U.S. App. LEXIS 15839).

  • June 15, 2018

    Verizon Users Say ‘Zombie’ Cookie Use Was Deceptive, Impaired Devices

    OAKLAND, Calif. — A marketing firm that deployed “zombie” cookies on the mobile devices of Verizon Wireless users violated New York consumer law, two wireless users argue in a June 13 brief in California federal court, claiming trespass and opposing the defendant’s motion to dismiss (Anthony Henson, et al. v. Turn Inc., No. 4:15-cv-01497, N.D. Calif.).

  • June 14, 2018

    4th Circuit Reinstates Optometrists’ Class Complaints Over Theft Of Personal Info

    RICHMOND, Va. — Optometrists may proceed with two related class complaints alleging their personal information was stolen and used to open credit cards after showing injury-in-fact that may be traced to an organization that administers exams, a Fourth Circuit U.S. Court of Appeals panel ruled June 12 (Rhonda L. Hutton, O.D., et al. v. National Board of Examiners in Optometry, Inc., No. 17-1506, Nicole Mizrahi, et al. v. National Board of Examiners in Optometry, Inc., No. 17-1508, 4th Cir., 2018 U.S. App. LEXIS 15748).

  • June 14, 2018

    Class Complaint Over Data Theft Is Dismissed For Lack Of Claim

    SAN DIEGO — A California federal judge on June 8 dismissed a class complaint by a California man suing a home loan company from which his personal data was stolen by hackers, ruling that while the man had standing to bring his lawsuit, he failed to state a claim (Salam Razuki, et al. v. Caliber Home Loans, Inc., et al., No. 17-1718, S.D. Calif., 2018 U.S. Dist. LEXIS 96973).

  • June 14, 2018

    Equifax, Consumers Oppose Separate Government Track In Data Breach MDL

    ATLANTA — In briefs filed June 12 in Georgia federal court, Equifax Inc. and the consumer plaintiffs in the multidistrict litigation (MDL) over the firm’s 2017 data breach oppose the creation of a separate governmental entity track proposed by the city of Chicago, arguing that such a fourth track is unnecessary and would “likely lead to a more cumbersome structure” and “impose additional burden and expense” (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).

  • June 8, 2018

    Judge Denies Suppression Of Facebook Evidence In Armed Robbery Case

    BROOKLYN, N.Y. — Finding that the Federal Bureau of Investigation had probable cause to believe that a defendant who is charged with Hobbs Act violations was associated with a gang implicated in criminal conspiracy, a New York federal judge on June 5 denied the defendant’s motion to suppress evidence obtained via warrant from his Facebook account, deeming the warrant sufficiently particularized and not in violation of the Fourth Amendment to the U.S. Constitution (United States v. Sharod Liburd, No. 1:17-cr-00296, E.D. N.Y., 2018 U.S. Dist. LEXIS 94440).

  • June 8, 2018

    Hawaiian Restaurant Chain Sued For Hack Of Payment Card System

    HONOLULU — Two customers of the Hawaiian-based restaurant chain Zippy’s filed a putative class action against the chain’s operator June 1 in Hawaii federal court,  alleging negligence related to a recently announced breach of the Zippy’s payment system, which they say resulted in payment card fraud (Joshua Bokelman, et al. v. FCH Enterprises Inc., No. 1:18-cv-00209, D. Hawaii).

  • June 8, 2018

    11th Circuit Vacates FTC’s Data-Security Order To LabMD As Lacking Specificity

    MIAMI — A Federal Trade Commission order requiring a now-defunct laboratory testing company to implement a reasonable data-security program was deemed unenforceable on June 6 by an 11th Circuit U.S. Court of Appeals panel, which found that rather than “enjoin[ing] a specific act or practice,” the order “mandates a complete overhaul of [LabMD Inc.’s] data-security program and says precious little about how this is to be accomplished” (LabMD Inc. v. Federal Trade Commission, No. 16-16270, 11th Cir., 2018 U.S. App. LEXIS 15229).

  • June 7, 2018

    JPMDL Centralizes Facebook Data-Sharing Suits In California Federal Court

    WASHINGTON, D.C. — A growing list of class actions against Facebook Inc. over the sharing of millions of social network users’ personal data by a third-party app developer will be centralized in California federal court, the U.S. Judicial Panel for Multidistrict Litigation (JPMDL) ruled June 6, granting a motion to transfer by two of the plaintiffs (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 2843, JPMDL).

  • June 5, 2018

    Majority Remands For In Camera Review Of Documents In Suit Against Nursing Home

    CLEVELAND — A Ohio appellate court majority on May 24 reversed a lower court’s ruling that denied a nursing home’s motion for a protective order and compelled it to provide discovery of records pertaining to a nonparty nursing home resident who allegedly fatally assaulted another resident, remanding for an in camera review of the documents to determine whether they are undiscoverable (David Howell, Jr. v. Park East Care & Rehabilitation, et al., No. 106041, Ohio App., 8th Dist., 2018 Ohio App. LEXIS 2225).

  • June 4, 2018

    Consolidated Complaints Filed In Equifax Data Breach Lawsuit

    ATLANTA — Two weeks after consolidated class complaints were filed by consumer and small business (SB) classes in the consolidated multidistrict litigation over the massive 2017 Equifax Inc. data breach, a class of financial institutions (FIs) followed suit May 30, filing a consolidated complaint in Georgia federal court, accusing the credit-reporting giant of negligence and related claims (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).

  • June 4, 2018

    Trump Campaign: Discovery Sought In DNC Hack Suit Is Groundless, Overbroad

    WASHINGTON, D.C. — Donald Trump’s presidential campaign and Republican strategist Roger Stone each filed briefs May 31, opposing a jurisdictional discovery request in a lawsuit over the 2016 hack of the Democratic National Committee’s (DNC’s) database, asserting that the discovery sought by the plaintiffs, whose personally identifiable information (PII) was stolen and posted online, is overbroad and untimely (Roy Cockrum, et al. v. Donald J. Trump For President Inc., et al., No. 1:17-cv-01370, D. D.C.).

  • June 1, 2018

    Privacy Class Claims Against Employer, Fingerprint Scanner Company Survive Dismissal

    CHICAGO — Class claims by an employee challenging the collection and storage of fingerprint scans may proceed against the company that employed her and the third-party scanner provider, an Illinois federal judge ruled May 31 (Cynthia Dixon v. The Washington and Jane Smith Community – Beverly, et al., No. 17-8033, N.D. Ill., 2018 U.S. Dist. LEXIS 90344).

  • May 31, 2018

    Citing Settlement, Florida Federal Judge Closes Wendy’s Data Breach Class Action

    ORLANDO, Fla. — In light of an announced “agreement in principle” between Wendy’s International LLC and a group of customers who claim that their payment card data (PCD) was compromised in a breach of the fast food chain’s payment system, a Florida federal judge on May 25 administratively closed a putative negligence class action to allow the parties to finalize terms of their settlement (Christine Jackson, et al. v. Wendy’s International LLC, No. 6:16-cv-00210, M.D. Fla.).