OAKLAND, Calif. — In a June 21 order to show cause (OSC), a California federal judge reports that newly submitted evidence from the federal government has likely convinced her to reverse a two-year old ruling in which she declined to dismiss constitutional challenges to the Foreign Intelligence Surveillance Act (FISA) and the Espionage Act by Twitter Inc. in connection with a gag order forbidding the social network from reporting on its mandated participation in government surveillance activities (Twitter Inc. v. William P. Barr, et al., No. 4:14-cv-04480, N.D. Calif.).
WASHINGTON, D.C. — In a June 21 per curiam majority opinion, the District of Columbia Circuit U.S. Court of Appeals found that a labor union sufficiently alleged class claims against The U.S. Office of Personnel Management (OPM) and a contractor under the Privacy Act of 1974 related to a 2015 data breach, partly reversing a trial court’s dismissal of the consolidated lawsuit (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, No. 17-5217 & 17-5232, D.C. Cir., 2019 U.S. App. LEXIS 18609).
ATLANTA — The state of Georgia, the American Civil Liberties Union and a man convicted of vehicular homicide presented arguments to the Georgia Supreme Court on June 19 as to whether data related to a car’s air bag deployment, and related information, was properly downloaded by law enforcement investigating a deadly car crash prior to obtaining a warrant, or whether these actions violated the Fourth Amendment to the U.S. Constitution (Victor Mobley v. The State, No. S18G1546, Ga. Sup.).
DENVER — A Colorado federal judge on June 19 granted preliminary approval to a settlement of class claims over a 2017 data breach experienced by against Chipotle Mexican Grill Inc., with the burrito chain agreeing to pay claims of affected customers without an aggregated cap (Todd Gordon, et al. v. Chipotle Mexican Grill Inc., No. 1:17-cv-01415, D. Colo., 2019 U.S. Dist. LEXIS 102304).
NEWARK, N.J. — In a June 11 motion to dismiss, J. Crew Group Inc. says that a customer’s recently filed third amended complaint (TAC) fails to support his claim under the Fair and Accurate Credit Transactions Act (FACTA) for purportedly printing noncompliant receipts, arguing that the man pleads no new facts to support his twice-dismissed claims of an increased risk of identity theft (Ahmed Kamal v. J. Crew Group Inc., et al., No. 2:15-cv-00190, D. N.J.).
CHICAGO — Employees of two airlines challenging the collection of their biometric data via systems tracking their work time must take their disputes before an adjustment board pursuant to the Railway Labor Act (RLA), a Seventh Circuit U.S. Court of Appeals panel ruled June 13 (Jennifer Miller, et al. v. Southwest Airlines Co., No. 18-3476, David Johnson, et al. v. United Airlines, Inc., et al., No. 19-1785, 7th Cir., 2019 U.S. App. LEXIS 17803).
SAN FRANCISCO — Finding that the record established that Facebook Inc. did not use its facial recognition technology in the photo-uploading incident at the heart of a putative class action, a Ninth Circuit U.S. Court of Appeals panel on June 14 affirmed judgment in the social network’s favor on a man’s claim that it violated an Illinois biometric privacy statute (Frederick William Gullen v. Facebook Inc., No. 18-15785, 9th Cir., 2019 U.S. App. LEXIS 17969).
CHICAGO — Nine months after a judge declined to approve a previously proposed settlement between the Neiman Marcus Group LLC and a group of customers over a 2013 data breach, the parties filed a status report on June 12, informing an Illinois federal court that they had reached a new settlement (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).
SEATTLE — In a putative class complaint filed June 11 in Washington federal court, Amazon.com Inc. was accused of violating eight states’ wiretap statutes by recording and storing the voices of minors without consent or notice via the “Alexa” digital assistant (C.O. v. Amazon.com Inc., et al., No. 2:19-cv-00910, W.D. Wash.).
NEW YORK — Several surveillance program documents withheld by government agencies in response to Freedom of Information Act (FOIA) requests by the American Civil Liberties Union were properly found to be classified or privileged, a Second Circuit U.S. Court of Appeals panel found May 30, affirming a trial court’s ruling and taking the opportunity to clarify some exemptions to the FOIA, 5 U.S.C. § 552 (American Civil Liberties Union, et al. v. National Security Agency, et al., No. 17-3399, 2nd Cir., 2019 U.S. App. LEXIS 16122).
NEWARK, N.J. — Three days after Quest Diagnostics Inc. announced that a breach of a billing vendor’s system had exposed patient information, a negligence class complaint was filed against the nationwide medical testing firm in New Jersey federal court, seeking monetary damages and security system improvements (Francis Carbonneau v. Quest Diagnostics Inc., et al., No. 2:19-cv-13472, D. N.J.).
WASHINGTON, D.C. — Overruling objections raised by a class of consumer plaintiffs, the U.S. Judicial Panel on Multidistrict Litigation (JPMDL) on June 5 consolidated two putative class actions filed by financial institutions (FIs) over a 2017 data breach experienced by Sonic Corp. with those previously filed by consumer plaintiffs against the fast food chain, transferring the FI’s suits to Ohio federal court (In re: Sonic Corp. Customer Data Security Breach, No. 2807, JPMDL).
WEST PALM BEACH, Fla. — A Florida federal judge on May 30 held that coverage for an underlying $60,413,112 consent judgment entered against an insured in a Telephone Consumer Protection Act (TCPA) violation dispute is barred by the insurance policy’s “invasion of privacy” exclusion, finding that the alleged TCPA violations arise ou tof an invasion of privacy (Jacob Horn, et al. v. Liberty Insurance Underwriters, Inc., No.18-80762, S.D. Fla., 2019 U.S. Dist. LEXIS 90194).
SANTA ANA, Calif. — With a California couple’s June 3 complaint against First American Title Co. in California federal court, six putative class actions have now been filed in the wake of the recent revelation of purported lapses in protecting customer data by the leading title insurance company (Antonio Barajas, et al. v. First American Financial Corp., et al., No. 8:19-cv-01078, C.D. Calif.).
SAN FRANCISCO — In supplemental briefs filed May 29 at the direction of the Ninth Circuit U.S. Court of Appeals, Facebook Inc. and an objector to the underlying settlement of a class action over the social network’s now-discontinued practice of scanning users’ private messages (PMs), argue that subsequent U.S. Supreme Court rulings make it clear that the plaintiffs never properly established standing to bring their privacy claims against Facebook under Article III of the U.S. Constitution (Matthew Campbell, et al. v. Facebook Inc., et al., No. 17-16873, 9th Cir.).
SANTA ANA, Calif. — A California appeals panel on May 31 affirmed a lower court's finding that coverage is owed for claims that an insured violated California Penal Code Section 632 by improperly recording a private interview without her knowledge and published it to third parties, rejecting an insurer’s argument that coverage is excluded under a commercial general liability insurance policy’s criminal acts exclusion (Nautilus Insurance Company v. Monique Mingione, No. G055914, Calif. App., 4th Dist., Div. 3, 2019 Cal. App. Unpub. LEXIS 3759).
BOSTON — A federal judge in Massachusetts on May 24 dismissed with prejudice putative class claims brought by former students of a Massachusetts college that abruptly closed its doors at the end of the 2018 academic year after a failed merger, finding that the students failed to sufficiently allege their privacy, breach of contract and other claims and that no opportunity to amend would be given (Tristan Squeri, et al. v. Mount Ida College, et al., No. 18-12438, D. Mass., 2019 U.S. Dist. LEXIS 88273).
SANTA ANA, Calif. — A week after a California federal judge granted final approval to the settlement of a class action over a 2015 data breach experienced by Experian Information Solutions Inc., the class on May 16 filed a proposed judgment releasing all claims against Experian and addressing the judge’s concerns that a previously submitted judgment was overly broad (In Re Experian Data Breach Litigation, No. 8:15-cv-01592, C.D. Calif.).
OAKLAND, Calif. — Finding that certain date and time data collected by a sex toy app constituted record information, rather than the contents of a communication, a California federal judge on May 15 dismissed in part claims against a “sextech” company under the Wiretap Act, while holding that “vibration intensity” data, which was allegedly collected without user consent, qualified as communications and could support a claim under the statute (S.D. v. Hytto Ltd., No. 4:18-cv-00688, N.D. Calif.).
KANSAS CITY, Mo. — A hospital’s motion to dismiss putative class claims over the unintentional disclosure of patients’ protected health information (PHI) was partly granted May 16, when a Missouri federal judge found that the lead plaintiff did not establish the existence of a contract that was breached by the data disclosure (K.A. v. Children’s Mercy Hospital, No. 4:18-cv-00514, W.D. Mo., 2019 U.S. Dist. LEXIS 82725).