ERIE, Pa. — A second expert report filed by the lead plaintiffs in a proposed class action over spying software when they filed their reply brief in support of their renewed motion for class certification was filed too late, a Pennsylvania federal magistrate judge ruled March 22, striking the new report (Crystal Byrd, et al. v. Aaron’s, Inc., et al., No. 11-101, W.D. Pa., 2017 U.S. Dist. LEXIS 41030).
NEWARK, N.J. — An owner of smart TVs made by Samsung Electronics America Inc. filed a putative class complaint against the manufacturer in New Jersey federal court March 10, alleging that consumers’ private conversations were secretly recorded and intercepted, in violation of the New Jersey Consumer Fraud Act (CFA) and federal privacy laws (Joshua Siegel v. Samsung Electronics America Inc., No. 2:17-cv-01687, D. N.J.).
SAN FRANCISCO — Researchers, civil rights organizations and physicians on March 16 filed amicus curiae briefs in the Ninth Circuit U.S. Court of Appeals supporting a trial court’s preliminary injunction ordering the redaction of individuals’ personally identifiable information (PII) from responsive documents in an anti-abortion advocate’s public records request related to fetal tissue research (Jane Does 1-10, et al. v. David Daleiden, et al., No. 16-36038, 9th Cir.).
By Eileen Garczynski, Ames & Gough and Syed Ahmad, Hunton & Williams LLP
ATLANTA — A federal court in Georgia on March 20 entered judgment in favor of an insurer on an insured’s breach of contract and bad faith claims four days after a judge found that the insured’s losses arising from a 2014 hacking incident of its payment-card reloading system did not trigger coverage under the insurance policy’s computer fraud provision (InComm Holdings Inc., et al. v. Great American Insurance Co., No. 15-02671, N.D. Ga., 2017 U.S. Dist. LEXIS 38132).
SAN JOSE, Calif. — In a March 15 order, a California federal judge denied preliminary approval of a proposed settlement of a class action over Google Inc.’s practice of scanning emails of non-Gmail users, faulting the lack of clear notice and disclosures in the settlement and finding it unclear that the settlement is “fundamentally fair, adequate, and reasonable” (Daniel Matera, et al. v. Google Inc., No. 5:15-cv-04062, N.D. Calif., 2017 U.S. Dist. LEXIS 37370).
SAN FRANCISCO — In a March 15 press release, the U.S. Department of Justice announced that a California federal grand jury has indicted four individuals for computer fraud, trade secret theft and related charges in connection with the recently announced breaches of Yahoo Inc.’s network, including two officers in Russia’s Federal Security Service (FSB) (United States of America v. Dimitry Dokuchaev, et al., No. 17-278, N.D. Calif.).
SEATTLE — A Washington federal judge on March 10 denied a motion to dismiss filed by Costco Wholesale Corp. in a class complaint accusing the retailer of violating the Fair Credit Reporting Act (FCRA) by failing to provide a full and correct disclosure when requesting authorization to conduct background checks of job applicants (Julius Terrell v. Costco Wholesale Corp., No. 16-1415, W.D. Wash., 2017 U.S. Dist. LEXIS 34821).
CHICAGO — A sex toy maker accused of wrongfully collecting highly sensitive personal information about its consumers’ usage of its products seeks to settle a class complaint for approximately $3.75 million, the plaintiffs state in a motion for preliminary approval of the class action settlement filed March 9 in an Illinois federal court (N.P., et al. v. Standard Innovation [US], Corp., d/b/a We-Vibe, No. 16-8655, N.D. Ill.).
ATLANTA — A putative class of banks and financial institutions (FIs) on March 8 filed an unopposed proposed settlement of their claims against The Home Depot Inc. arising from a 2014 data breach, asking a Georgia federal court to approve the $27.2 million settlement that they state was the result of good-faith arm’s-length negotiations with the retailer (In re: The Home Depot Inc., Customer Data Security Breach Litigation, No. 1:14-md-02583, N.D. Ga.).
WASHINGTON, D.C.— Noting purportedly classified documents regarding the Central Intelligence Agency’s surveillance activities, which were released in “document dumps” by WikiLeaks, the plaintiffs in two lawsuits over similar activities by the National Security Agency (NSA) on March 8 moved for an emergency status conference in District of Columbia federal court to address the intelligence community’s continuing violations and to initiate discovery proceedings so the four-year-old lawsuits can move forward (Larry Elliott Klayman, et al. v. Barack Obama, et al., Nos. 1:13-cv-00851 and 1:13-cv-00881, D. D.C.).
COLUMBUS, Ohio — In a March 2 motion in Ohio federal court, Nationwide Mutual Insurance Co. requests reconsideration of an earlier ruling declining to stay discovery in a pair of class actions over a 2012 data breach, arguing that the claims under the Fair Credit Reporting Act (FCRA) will likely be dismissed and calling the plaintiffs’ discovery requests broad and burdensome (Mohammad S. Galaria, et al. v. Nationwide Mutual Insurance Co., No. 2:13-cv-00118, and Anthony Hancox, et al. v. Nationwide Mutual Insurance Co., No. 2:13-cv-00257, S.D. Ohio).
BENTONVILLE, Ark. — In an Arkansas judge’s March 6 order, it was disclosed that Amazon.com Inc. submitted to law enforcement the recordings from an Amazon Echo device belonging to a murder defendant in compliance with a police warrant that Amazon previously sought to quash under privacy and free speech concerns (State of Arkansas v. James A. Bates, No. CR-2016-370-2, Ark. Cir., Benton Co.).
CHICAGO — In an amicus curiae brief filed Feb. 28 in the Seventh Circuit U.S. Court of Appeals, two nonprofit public advocacy groups argue that smart electric meters installed in an Illinois city present concerns under the Fourth Amendment to the U.S. Constitution because of the volume and specificity of information collected about customers’ in-home activities (Naperville Smart Meter Awareness v. City of Naperville, No. 16-3766, 7th Cir.).
SANTA ANA, Calif. — Finding that Vizio Inc. qualifies as a “video tape service provider” under the Video Privacy Protection Act (VPPA), a California federal judge on March 2 denied dismissal of a putative class claim under the statute for the purported disclosure of consumers’ personally identifiable information (PII) via the firm’s smart TVs (In Re: Vizio, Inc., Consumer Privacy Litigation, No. 8:16-ml-02693, C.D. Calif.).
SAN FRANCISCO — Government agencies’ “[e]mployees’ communications about official agency business may be subject to” disclosure under the California Public Records Act (CPRA) even if they were sent or received via personal email or phone accounts, the California Supreme Court ruled March 2, reversing and remanding an appeals court’s decision (City of San Jose, et al. v. The Superior Court of Santa Clara County and Ted Smith, No. S218066, Calif. Sup., 2017 Cal. LEXIS 1607).
CHICAGO — The city of Chicago on Feb. 28 asked an Illinois federal court to quash some of the discovery requests served on it by a newspaper alleged to have violated the Driver's Privacy Protection Act (DPPA), arguing that some of the documents are protected by an earlier court order and the attorney-client privilege (Scott Dahlstrom, et al. v. Sun-Times Media LLC, No. 1:12-cv-00658, N.D. Ill.).
OAKLAND, Calif. — In a March 1 motion in California federal court, the plaintiffs in a class action accusing Facebook Inc. of privacy violations in its scanning of users’ private messages (PMs) seek preliminary approval of a settlement with the social network, noting changes that Facebook has made to its allegedly illegal practices (Matthew Campbell, et al. v. Facebook Inc., No. 4:13-cv-05996, N.D. Calif.).
CHICAGO — An Illinois federal judge on Feb. 27 denied a motion by Google Inc. to dismiss two putative class complaints alleging that it violated Illinois’ Biometric Information Privacy Act (BIPA) via facial recognition capability in its “Google Photos” feature, with the judge finding that the plaintiffs sufficiently alleged that Google collected their “biometric identifiers” (Lindabeth Rivera v. Google Inc., No. 1:16-cv-02714, and Joseph Weiss v. Google Inc., No. 1:16-cv-02870, N.D. Ill., 2017 U.S. Dist. LEXIS 27276).
ATLANTA — Arby’s Restaurant Group Inc., a fast food chain, failed to take reasonable measures to protect customer data, a Montana federal credit union claims in its Feb. 27 class complaint filed in the U.S. District Court for the Northern District of Georgia (Valley Federal Credit Union of Montana, et al. v. Arby’s Restaurant Group, Inc., No. 17-715, N.D. Ga.).