Mealey's Data Privacy
-
October 18, 2018
Anthem Settles With HHS Over Data Breach HIPAA Violations For $16 Million
WASHINGTON, D.C. — In an Oct. 15 press release, the U.S. Department of Health and Human Services (HHS) announced that it had reached a $16 million settlement with Anthem Inc. over Health Insurance Portability and Accountability Act (HIPAA) violations related to the health insurer’s 2015 data breach. The department said this was the largest such settlement to date.
-
October 18, 2018
Judge Won’t Stay Children’s Privacy Suit Against Viacom To Pursue Arbitration
SAN FRANCISCO — Viacom Inc. failed to establish that a customer who downloaded a children’s gaming app saw, let alone agreed to be bound by, an arbitration provision on its website, a California federal judge ruled Oct. 15, denying Viacom’s motion to stay a lawsuit alleging privacy violations in favor of arbitration (Amanda Rushing, et al. v. Viacom Inc., et al., No. 3:17-cv-04492, N.D. Calif., 2018 U.S. Dist. LEXIS 176988).
-
October 15, 2018
Jury Must Decide If Insurer Handled Yahoo Email Scanning Suits In Bad Faith
SAN JOSE, Calif. — A California federal judge on Oct. 12 held that issues of fact preclude summary judgment as to whether a commercial general liability insurer acted in bad faith in its claims handling of underlying class actions filed against Yahoo! Inc. over its practice of scanning the content of emails (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 17-00489, N.D. Calif., 2018 U.S. Dist. LEXIS 176115).
-
October 11, 2018
Google Hit With Class Action After Google Plus Data Leak Is Revealed
SAN JOSE, Calif. — The same day that Google Inc. announced that a data leak had compromised the personally identifiable information (PII) of up to 500,000 users of its Google Plus social network, the technology giant was named in a putative class complaint filed in California federal court Oct. 8, accusing it of unfair competition, invasion of privacy and negligence (Matt Matic, et al. v. Google Inc., et al., No. 5:18-cv-06164, N.D. Calif.).
-
October 10, 2018
Judge: Insurer Has No Duty To Defend Against Claims Arising From Data Breach
ORLANDO, Fla. — A Florida federal judge on Oct. 1 declared that a commercial general liability insurer has no duty to defend its cybersecurity provider insured against underlying personal injury claims arising from a credit card breach involving hotel customers (St. Paul Fire & Marine Insurance Co. v. Rosen Millennium Inc., No. 17-00540, M.D. Fla., 2018 U.S. Dist. LEXIS 173072).
-
October 9, 2018
DOJ Requests Discovery Extension In Twitter’s Suit Over Government Surveillance
OAKLAND, Calif. — In an Oct. 5 discovery status report and accompanying stipulation, the U.S. Department of Justice (DOJ) asks a California federal court to extend previously set discovery compliance dates in a lawsuit brought by Twitter Inc. over the Federal Bureau of Investigation’s domestic surveillance activities, citing the need to complete privilege logs to protect documents it says are classified (Twitter Inc. v. Jefferson B. Sessions III, et al., No. 4:14-cv-04480, N.D. Calif.).
-
October 5, 2018
Plaintiffs In Motel 6 Guest List Suit Seek More Time For Settlement
PHOENIX — Attorneys representing individuals who were arrested by U.S. Immigration and Customs Enforcement (ICE) agents after they allege that their personal information contained in guest lists was voluntarily turned over by Motel 6 Operating L.P. and G6 Hospitality LLC, doing business as Motel 6, moved Oct. 4 in an Arizona federal court for additional time to prepare class settlement documents (Jane V., et al. v. Motel 6 Operating L.P., et al., No. 18-242, D. Ariz.).
-
October 4, 2018
Approval Sought For $17 Million Agreement In Vizio Smart TV Data Collection Suit
SANTA ANA, Calif. — The plaintiffs in a putative class action against Vizio Inc. filed a motion in California federal court Oct. 4 seeking preliminary approval of a $17 million settlement with the television manufacturer over its previous practice of collecting viewing data via its smart TVs (In Re: Vizio Inc., Consumer Privacy Litigation, No. 8:16-ml-02693, C.D. Calif.).
-
October 4, 2018
Airbnb, HomeAway Say New York Data-Sharing Ordinance Violates 4th Amendment, SCA
NEW YORK — Online home-sharing platform providers Airbnb Inc. and HomeAway.com Inc. filed briefs in New York federal court on Oct. 1 supporting their motions to enjoin enactment of a New York City ordinance requiring them to provide the city with certain information of rental property owners, which they say violates the Fourth Amendment to the U.S. Constitution and the Stored Communications Act (SCA) (Airbnb Inc. v. New York, No. 1:18-cv-07712, S.D. N.Y., and HomeAway.com Inc. v. New York, No. 1:18-cv-07742, S.D. N.Y.).
-
October 2, 2018
Facebook Announces Breach Affecting 50 Million Users, Gets Sued For Negligence
SAN FRANCISCO — The same day that Facebook Inc. announced a data breach affecting almost 50 million of its users’ accounts, two of the social network’s account holders on Sept. 28 filed a putative class action against it for unfair competition, negligence and deceit in California federal court (Carl Echavarria, et al. v. Facebook Inc., No. 3:18-cv-05982, N.D. Calif.).
-
October 1, 2018
Argument In Google Cy Pres Class Settlement Case Will Be Divided, High Court Says
WASHINGTON, D.C. — Three days after objectors to the cy pres settlement in a privacy class action against Google LLC filed a reply brief asking the U.S. Supreme Court to clarify the fairness of such settlements, the court in its Oct. 1 order list granted the respondents’ motion that the upcoming Oct. 31 oral arguments be divided (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).
-
September 26, 2018
Class Action Over Smart Toy Maker’s Data Breach Settled, Dismissed
CHICAGO — An Illinois federal judge on Sept. 14 dismissed with prejudice a putative class action against smart toy maker VTech Electronics North America LLC over a 2015 data breach pursuant to a stipulation of dismissal jointly filed by the defendant and the plaintiffs (In re VTech Data Breach Litigation, No. 1:15-cv-10889, N.D. Ill.).
-
September 26, 2018
Facebook Users Defend Privacy, Wiretap Claims From URL Collection To 9th Circuit
SAN FRANCISCO — Arguing that Facebook knowingly tracked their internet browsing, a group of the social network’s users tell the Ninth Circuit U.S. Court of Appeals in a Sept. 19 reply brief that Facebook’s use of persistent cookies constituted illegal wiretapping and an invasion of privacy in violation of federal and state laws (In re: Facebook Inc. Internet Tracking Litigation, No. 17-17486, 9th Cir.).
-
September 26, 2018
3 Boston Hospitals Settle HHS HIPAA Charges For Almost $1 Million
WASHINGTON, D.C. — The U.S. Department of Health and Human Services (HHS) on Sept. 20 announced that it had reached settlements with three Boston hospitals that had been charged with violating the Health Insurance Portability and Accountability Act (HIPAA) in connection with the filming of a television show.
-
September 25, 2018
Consolidated Complaint Filed In Centralized Lawsuit Over Facebook Data Sharing
SAN FRANCISCO — Three and a half months after dozens of lawsuits against Facebook Inc. were centralized in California federal court, the plaintiffs on Sept. 21 filed a consolidated complaint against the social network alleging privacy violations, negligence and related claims for Facebook’s sharing of users’ personal information with a third-party consulting firm (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-2843, N.D. Calif.).
-
September 25, 2018
Dismissal Of Government Surveillance Suits Appealed To D.C. Circuit
WASHINGTON, D.C. — The plaintiff in three lawsuits over the National Security Agency’s domestic surveillance activities on Sept. 17 filed an appellant brief in the third suit in the District of Columbia Circuit U.S. Court of Appeals, arguing that a trial court improperly dismissed his claims under the Fourth Amendment to the U.S. Constitution without permitting discovery (Larry Klayman v. National Security Agency, et al., No. 18-5097, D.C. Cir.; and Larry Klayman, et al. v. Barack Obama, et al., Nos. 17-5281 and 17-5282, D.C. Cir.).
-
September 25, 2018
Financial Institutions Defend Negligence Claims In Equifax Data Breach Suit
ATLANTA — A group of banks and financial institution (FI) plaintiffs filed a brief Sept. 20 in Georgia federal court opposing Equifax’s motion to dismiss claims related to its 2017 data breach, arguing that they sufficiently alleged injuries related to the defendant’s failure to protect their members’ personally identifiable information (PII) (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
-
September 19, 2018
Settlement Denied, Class Decertified In Neiman Marcus Data Breach Suit
CHICAGO — An Illinois federal judge on Sept. 17 denied approval of a $1.2 million settlement by Neiman Marcus Group LLC in a data breach lawsuit without prejudice and decertified the settlement class, citing intraclass conflicts (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 14-1735, N.D. Ill., 2018 U.S. Dist. LEXIS 158250).
-
September 19, 2018
Altaba To Pay $47 Million In Settlement Of All Yahoo Data Breach Claims
WASHINGTON, D.C. — The rebranded Yahoo Inc. will pay approximately $47 million in a global settlement of all litigation arising from its historic data breach, the company said Sept. 17 in a filing with the Securities and Exchange Commission, which already fined the company $35 million for its handling of the breach.
-
September 13, 2018
Equifax Says Data Breach Plaintiffs Failed To Plead FCRA, Contract Claims
ATLANTA — In a Sept. 12 reply brief supporting its motion to dismiss a consolidated class action over its 2017 data breach, Equifax Inc. tells a Georgia federal court that a group of consumer plaintiffs did not plead necessary elements of their contract, negligence and Fair Credit Reporting Act (FCRA) claims, also asserting that a host of claims brought under other states’ laws cannot apply to conduct that occurred only in Georgia (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).