Mealey's Data Privacy

  • July 02, 2020

    Banks’ Negligence Claim Over Sonic Data Breach Survives Dismissal

    CLEVELAND — Partly denying a motion to dismiss putative class claims brought by financial institutions (FIs) over a 2017 data breach experienced by Sonic Corp., an Ohio federal judge on July 1 found that the FIs sufficiently alleged that the fast food chain acted affirmatively in not updating the data security systems for the franchises that were affected by the breach (In re:  Sonic Corp. Customer Data Security Breach, No. 1:17-md-02807, N.D. Ohio, 2020 U.S. Dist. LEXIS 114891).

  • July 01, 2020

    Kentucky Federal Judge Dismisses Suit Over Theft Of Employees’ Personal Data

    COVINGTON, Ky. — A federal judge in Kentucky on June 26 dismissed two class claims under the Fair Credit Reporting Act (FCRA) brought against employers by employees after their personal information was stolen, finding that the employers are not consumer reporting agencies (CRAs), and declined to exercise supplemental jurisdiction over state law claims (Keram J. Christensen, et al. v. Saint Elizabeth Medical Center, Inc., et al., No. 19-43, E.D. Ky., 2020 U.S. Dist. LEXIS 112353).

  • July 01, 2020

    Georgia Hospital Employees Allege COVID-19 Testing Manipulation, Seek TRO

    LAWRENCEVILLE, Ga. — An Athens, Ga., hospital is manipulating COVID-19 tests to obtain “false negative” results to keep space for new admissions and avoid negative publicity and oversight, four current and former employees allege in an amended petition for an emergency temporary restraining order (TRO) and interlocutory injunction filed June 22 in a Georgia state court (Jane Doe 1, et al. v. Landmark Hospital of Athens, LLC, No. 20-A-04131-3, Ga. Super., Gwinnett Co.).

  • June 30, 2020

    Analytics Firm Opposes LinkedIn’s Certiorari Bid, Defends Antitrust Claims

    WASHINGTON, D.C. — The collection of publicly available data from a website does not violate the Computer Fraud and Abuse Act (CFAA), a data analytics firm tells the U.S. Supreme Court in a June 25 brief opposing LinkedIn Corp.’s petition for certiorari over an injunction preventing the professional network operator from blocking such data collection (LinkedIn Corp. v. hiQ Labs Inc., No. 19-1116, U.S. Sup.).

  • June 25, 2020

    New Jersey High Court: Bathroom Spycam Plaintiffs Did Not Establish Recording

    TRENTON, N.J. — Although the New Jersey Supreme Court found that women suing over a janitor’s use of hidden cameras were not required to provide proof that they were actually filmed to support a claim for intrusion on seclusion, the state high court on June 16 ruled that they failed to provide sufficient evidence to establish a reasonable inference that they used the particular bathrooms where the filming occurred (Jaime Friedman, et al. v. Teodoro Martinez, et al., No. A-37/81, N.J. Sup., 2020 N.J. LEXIS 678).

  • June 24, 2020

    Insurer Seeks Protective Order From Officer’s Deposition In Data Breach Suit

    ROCHESTER, N.Y. — A health insurance provider that has been sued by a group of its policyholders over a 2013 data breach moved for a protective order in New York federal court on June 16, seeking to prevent the plaintiffs from deposing its chief information officer (CIO) for a third time (Matthew Fero, et al. v. Excellus Health Plan Inc., et al., No. 6:15-cv-06569, W.D. N.Y.).

  • June 24, 2020

    9th Circuit Won’t Rehear Privacy, Wiretap Claims Over Facebook’s Internet Tracking

    SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel’s reversal of the dismissal of some privacy and intrusion class claims against Facebook Inc. will stand, the panel decided June 23 as it denied the social network’s petition for rehearing in a lawsuit over Facebook’s tracking of users’ internet activity after they have logged out of their account (In re:  Facebook Inc. Internet Tracking Litigation, No. 17-17486, 9th Cir.).

  • June 23, 2020

    Personal Data Is Not A ‘Plan Asset,’ Fidelity Says In Bid To Toss ERISA Claims

    GALVESTON, Texas — In a June 15 motion to exit a dispute over the management of an ERISA-governed plan for Shell Oil Co. employees, a group of Fidelity-related companies argue that claims that it violated fiduciary duties and committed prohibited transactions as the plan’s record-keeper by marketing product to participants rest on the “faulty premise” that participants’ personal data is a plan asset (Charles Harmon v. Shell Oil Co., No. 3:20cv21, S.D. Texas).

  • June 23, 2020

    Comcast, Customer Debate Arbitration Clause In 9th Circuit Privacy Lawsuit

    PORTLAND, Ore. — In a June 18 brief responding to citation of additional authority by a subscriber who alleges privacy violations against it, Comcast Cable Communications LLC tells the Ninth Circuit U.S. Court of Appeals that a recent ruling regarding the so-called McGill rule related to contractual arbitration provisions does not support a trial court’s finding that the company’s arbitration requirement for customer disputes was invalid (Brandon Hodges v. Comcast Cable Communications LLC, No. 19-16483, 9th Cir.).

  • June 19, 2020

    FDIC Seeks Reconsideration Of Privilege Ruling In Capital One Data Breach Suit

    ALEXANDRIA, Va. — The Federal Deposit Insurance Corp. on June 16 asked a Virginia federal court to reconsider a ruling in which it denied the agency’s motion to intervene in a discovery matter in a multidistrict litigation over a 2019 data breach experienced by Capital One Financial Corp., contending that it is entitled to defend as privileged certain documents requested by the plaintiffs (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va.).

  • June 18, 2020

    Magistrate Finds Attorney Fees Not Merited In FOIA Suit Over Facebook Reports

    WASHINGTON, D.C. — A civil liberties organization that sued the Federal Trade Commission under the Freedom of Information Act (FOIA) regarding documents filed with the commission by Facebook Inc. over its data privacy practices received an unfavorable ruling in its quest for attorney fees on June 16 by a District of Columbia federal magistrate judge, who opined in a report and recommendation that the plaintiff did not establish entitlement to fees under the catalyst theory of causation (Electronic Privacy Information Center v. Federal Trade Commission, No. 1:18-cv-00942, D. D.C.).

  • June 15, 2020

    Airbnb Announces Revised Record Submission Law, Settlement With New York

    NEW YORK — An enjoined New York City ordinance that required online home-sharing platform operators to submit certain homeowner data to the city will be revised in accordance with the city’s settlement of a lawsuit filed by Airbnb Inc. under the Fourth Amendment to the U.S. Constitution, the parties reported in a June 12 letter motion seeking a stay of proceedings in New York federal court (Airbnb Inc. v.  New York, No. 1:18-cv-07712; HomeAway.com Inc. v.  New York, No. 1:18-cv-07742, S.D. N.Y.).

  • June 15, 2020

    Banks’ $5.5 Million Settlement Over Equifax Data Breach Preliminarily Approved

    ATLANTA — Three weeks after a group of financial institutions (FIs) announced a $5.5 million settlement with Equifax Inc. over the credit-reporting giant’s 2017 data breach, a Georgia federal judge on June 4 granted preliminary approval to the agreement as being “fair, reasonable, and adequate” and greenlighting the class notification program (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-02800, N.D. Ga.).

  • June 12, 2020

    Facebook Needn’t Produce Full Messenger Source Code In Data-Scraping Suit

    SAN FRANCISCO — A discovery request for all source code related to Facebook Inc.’s Messenger app was deemed too broad by a California federal magistrate judge, who on June 11 instead directed the social network to just submit source code related to the app’s features at issue in the privacy and data access claims over data-scraping activities carried out by the app (Lawrence Olin, et al. v. Facebook Inc., No. 3:18-cv-01881, N.D. Calif.).

  • June 09, 2020

    1st Circuit:  Call Interception Violation Under Wiretap Act Must Be Intentional

    BOSTON— Affirming a trial court’s ruling that reversed the quashing of a subpoena for recordings of an employee’s phone calls, a First Circuit U.S. Court of Appeals panel on June 5 found that the calls were recorded unintentionally and thus did not run afoul of the prohibitions of the Federal Wiretap Act (In re HIPAA Subpoena, No. 19-1424, 1st Cir.).

  • June 09, 2020

    Coverage Not Barred By Invasion Of Privacy Exclusion, Assignee Says To 11th Circuit

    ATLANTA — An insured’s assignee recently asked the 11th Circuit U.S. Court of Appeals to reverse a federal district court’s finding that coverage for an underlying $60,413,112 consent judgment entered against the insured in a Telephone Consumer Protection Act (TCPA) violation dispute is barred by the insurance policy's “invasion of privacy” exclusion (Jacob Horn, et al. v. Liberty Insurance Underwriters, Inc., No. 19-12525, 11th Cir.).

  • June 08, 2020

    Judge:  Defendants In Remanded Google Referrer Header Suit Have Standing

    SAN JOSE, Calif. — One day after a hearing in a remanded privacy suit against Google LLC, a California federal judge on June 5 determined that the plaintiffs sufficiently established their standing under Article III of the U.S. Constitution to allege violations of the Stored Communications Act (SCA) by Google’s purported sharing of their search query terms with third-party website operators (In re:  Google Referrer Header Privacy Litigation, No. 5:10-cv-04809, N.D. Calif., 2020 U.S. Dist. LEXIS 99291).

  • June 05, 2020

    Class Complaint Filed Over Breach Of Wishbone App’s Database

    LOS ANGELES — A former user of the Wishbone app filed a putative class action against the app’s maker in California federal court on June 1, alleging negligence and unfair competition over Mammoth Media Inc.’s purported inadequate security practices, which, he claims, led to a recently announced data breach that resulted in the theft of nearly 40 million users’ personally identifiable information (PII) (Connor Burns v. Mammoth Media Inc., No. 2:20-cv-04855, C.D. Calif.).

  • June 03, 2020

    Google Sued For Tracking Users While In ‘Private Browsing Mode’

    SAN JOSE, Calif. — In a putative class complaint filed June 2 in California federal court, three Google LLC subscribers assert that the technology firm continuously tracks and collects users’ web-browsing information despite their use of “private browsing mode” (Charles Brown, et al. v. Google LLC, et al., No. 5:20-cv-03664, N.D. Calif.).

  • June 02, 2020

    Illinois Man Denied Motion To Intervene In 6 New York Biometric Privacy Suits

    NEW YORK — An Illinois resident who filed the first of several biometric privacy suits over Clearview AI Inc.’s creation of a facial scan database failed in his bid to intervene in six putative class actions against the tech firm in New York federal court on May 29, as a New York federal judge deemed intervention in the noncertified putative class actions “not justified on either mandatory or permissive grounds” due to the movant’s lack of cognizable interest (Mario Calderon, et al. v. Clearview AI Inc., No. 1:20-cv-01296, S.D. N.Y., 2020 U.S. Dist. LEXIS 94926).