Mealey's Data Privacy

  • April 21, 2017

    Magistrate: Disclosure Of Foreigner-Stored Google Data Permissible Under SCA

    SAN FRANCISCO — In an April 19 ruling, a California federal magistrate judge denied Google Inc.’s motion to quash a warrant, issued under the Stored Communications Act (SCA), for foreign-stored data, concluding that the warrant on California-based Google constituted a domestic application of the statute that does not run afoul of the presumption against extraterritorial application of U.S. laws (In the Matter of the Search of Content That is Stored at Premises Controlled by Google, No. 3:16-mc-80263, N.D. Calif., 2017 U.S. Dist. LEXIS 59990).

  • April 21, 2017

    Privacy Class Action Filed Over Medical App’s Health Information Sharing

    FORT LAUDERDALE, Fla. — A Utah woman filed a putative class complaint April 18 against the provider of a physician consultation smartphone app, telling a Florida federal court that the app shares users’ sensitive medical information with a third-party firm, breaching the app maker’s duty to keep this information confidential (Joan Richards v. MDLive Inc., No. 0:17-cv-60760, S.D. Fla.).

  • April 20, 2017

    ACLU, Government Argue Over Right To Access Surveillance Court Records

    WASHINGTON, D.C. — In an en banc proceeding concerning requests for unredacted access to certain opinions about the U.S. government’s bulk collection of citizens’ telecommunications metadata, the government and movants seeking the data’s release each filed briefs with the U.S. Foreign Intelligence Surveillance Court (FISC) on April 17, debating questions of constitutional rights and standing (In Re Opinions & Orders Issued By This Court Addressing Bulk Collection of Data Under Various Provisions of the Foreign Intelligence Surveillance Act, No. Misc. 13-08, FISC).

  • April 20, 2017

    Bose Sued For Collecting, Sharing User Data Via Wireless Headphone, Speaker App

    CHICAGO — Bose Corp. was hit with a putative eavesdropping class complaint in Illinois federal court April 18, when a customer alleged that the stereo equipment manufacturer has been collecting and sharing, via a smartphone application, records of its customers’ private music and audio selections (Kyle Zak v. Bose Corp., No. 1:17-cv-02928, N.D. Ill.).

  • April 20, 2017

    Waffle House Job Applicants Sue Over Background Reports

    ORLANDO, Fla. — Waffle House Inc. and WH Capital LLC (together, Waffle House) and other companies violated the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681, by obtaining and using information from background reports for job applicants without providing proper disclosures to the applicants before taking adverse actions against them by not hiring them, more than a dozen applicants allege in an April 17 class complaint filed in Florida federal court (Alex Holt, et al. v. Waffle House, Inc., et al., No. 17-693, M.D. Fla.).

  • April 11, 2017

    Government Says Discovery Conference Is Unnecessary In NSA Data-Collection Suit

    WASHINGTON, D.C. — Citing a pending motion to dismiss a suit over the data-collection practices of the National Security Agency (NSA), the federal government defendants tell a District of Columbia federal court in an April 10 brief that a discovery conference the plaintiffs seek to compel is “uncalled for” (Larry Elliott Klayman, et al. v. Donald J. Trump, et al., Nos. 1:13-cv-00851 and 1:13-cv-00881, D. D.C.).

  • April 10, 2017

    Panel: AG Did Not Show Disclosure Of Study Members’ Names Is Not Embarrassing

    AUSTIN, Texas — The Texas attorney general (AG) did not establish that disclosing the names of participants of a university’s study, in response to an information request, would not prove embarrassing to those individuals, a Texas appeals panel ruled April 7, reversing a trial court’s ruling and remanding for a determination of applicable common-law privacy rights (The University of Texas System, et al. v. Ken Paxton, Attorney General of Texas, et al., No. 03-14-00801, Texas App., 3rd Dist., 2017 Tex. App. LEXIS 3043).

  • April 6, 2017

    New York High Court Deems Warrant Quash Denials On Facebook Nonappealable

    ALBANY, N.Y. — A New York Court of Appeals majority on April 4 upheld an appeals court’s ruling that Facebook Inc.’s motion to quash warrants seeking user information per the Stored Communications Act (SCA) was properly denied, finding that the order, which was in conjunction with a criminal investigation, was nonappealable (In the Matter of 381 Search Warrants Directed to Facebook Inc., No. 16, N.Y. App., 2017 N.Y. LEXIS 767).

  • April 6, 2017 Users, Viacom Argue Whether Information Collection Was An Intrusion

    NEWARK, N.J. — Viacom Inc. and putative class plaintiffs filed supplemental briefs related to a summary judgment motion in New Jersey federal court April 3, disputing whether information Viacom collected from minor website users was personally identifiable information (PII) and whether its collection constituted an intrusion upon seclusion (In Re:  Nickelodeon Consumer Privacy Litigation, No. 2:12-cv-07829, D. N.J.).

  • April 5, 2017

    Judge Finds Coke Had No Contractual Duty To Safeguard Employee Information

    PHILADELPHIA — Finding that The Coca-Cola Co. (Coke) had neither an express nor implied contractual duty to protect its employees’ personally identifiable information (PII), a Pennsylvania federal judge on March 31 granted summary judgment to the beverage company on a putative breach of contract class action related to the theft of laptops containing employee information (Shane K. Enslin v. The Coca-Cola Co., et al., No. 2:14-cv-06476, E.D. Pa., 2017 U.S. Dist. LEXIS 49920).

  • April 4, 2017

    Zappos Tells 9th Circuit Data Breach Class Claims Were Properly Dismissed

    SAN FRANCISCO — In an April 3 appellee brief in the Ninth Circuit U.S. Court of Appeals, online retailer Inc. argues that a trial court correctly dismissed some of the putative claims related to a 2012 data breach for lack of standing because the plaintiffs failed to establish any imminent, concrete harm attributable to the theft of their personally identifiable information (PII) (Theresa Stevens, et al. v Inc., No. 16-16860, 9th Cir.).

  • March 31, 2017

    Data-Collection Plaintiffs Seek To Compel NSA, DOJ To Confer On Discovery

    WASHINGTON, D.C. — The plaintiffs in a suit over the data-collection practices of the National Security Agency (NSA) assert in a March 27 motion in District of Columbia federal court that the government defendants have refused to participate in mandated discovery conferences, leading the plaintiffs to seek an order compelling compliance, as well as an order to show cause why sanctions should not be issued (Larry Elliott Klayman, et al. v. Barack Obama, et al., Nos. 1:13-cv-00851 and 1:13-cv-00881, D. D.C.).

  • March 30, 2017

    University Students Seek Approval Of Settlement Of Records Theft Suit

    ROME, Ga. — The lead plaintiffs in a putative class action over records stolen from their former university on March 29 asked a Georgia federal court to preliminarily approve their settlement of their negligence claims with the university in exchange for payments of costs, fees, incentive awards and reimbursements, potentially exceeding $200,000 (Erin Bishop, et al. v. Shorter University Inc., No. 4:15-cv-00033, N.D. Ga.).

  • March 29, 2017

    House Votes To Repeal FCC’s Internet Privacy Order

    WASHINGTON, D.C. — The U.S. House of Representatives on March 28 voted to approve Senate Joint Resolution (S.J. Res.) 34, which rolls back a 2016 Federal Communications Commission order that limited how internet service providers (ISPs) can use their customers’ private information.

  • March 29, 2017

    Experian Data Breach Plaintiffs Seek Discovery Of Security Vendor’s Documents

    SANTA ANA, Calif. — In a March 25 motion, the plaintiffs in a putative class action over a 2015 data breach experienced by Experian Information Solutions Inc. asked a California federal court to compel production of post-breach investigative documents by a security vendor, disputing the defendant’s claim that the documents are shielded by attorney-client privilege (In Re Experian Data Breach Litigation, No. 8:15-cv-01592, C.D. Calif.).

  • March 28, 2017

    9th Circuit Hears Arguments On Constitutionality Of NSL Statute Gag Orders

    SAN FRANCISCO — The U.S. government and two electronic service providers participated in oral arguments before the Ninth Circuit U.S. Court of Appeals March 22, debating whether gag orders issued with national security letters (NSLs) by the Federal Bureau of Investigation seeking subscriber information violate the First Amendment to the U.S. Constitution (In re:  National Security Letter, No. 16-16067, -16081, -16082 and -16190, 9th Cir.).

  • March 28, 2017

    Consumer Plaintiffs Defend Class Representation In Target Data Breach Suit

    MINNEAPOLIS — In the wake of the Eighth Circuit U.S. Court of Appeals’ rejection and remand of a proposed settlement between Target Corp. and a class of consumers whose personally identifiable information (PII) was compromised in 2013 data breaches, the consumers on March 27 filed a memorandum in Minnesota federal court supporting a newly filed motion for class certification and defending the adequacy of their class representation (In re:  Target Corporation Customer Data Security Breach Litigation, No. 14-2522, D. Minn.).

  • March 24, 2017

    New Expert Report In Spying Software Suit Struck, Deemed To Be Too Late

    ERIE, Pa. — A second expert report filed by the lead plaintiffs in a proposed class action over spying software when they filed their reply brief in support of their renewed motion for class certification was filed too late, a Pennsylvania federal magistrate judge ruled March 22, striking the new report (Crystal Byrd, et al. v. Aaron’s, Inc., et al., No. 11-101, W.D. Pa., 2017 U.S. Dist. LEXIS 41030).

  • March 22, 2017

    Samsung Hit With Class Complaint Over Smart TV Eavesdropping

    NEWARK, N.J.  — An owner of smart TVs made by Samsung Electronics America Inc. filed a putative class complaint against the manufacturer in New Jersey federal court March 10, alleging that consumers’ private conversations were secretly recorded and intercepted, in violation of the New Jersey Consumer Fraud Act (CFA) and federal privacy laws (Joshua Siegel v. Samsung Electronics America Inc., No. 2:17-cv-01687, D. N.J.).

  • March 22, 2017

    Amici To 9th Circuit: Personal Info Should Be Redacted From Fetal Tissue Records

    SAN FRANCISCO — Researchers, civil rights organizations and physicians on March 16 filed amicus curiae briefs in the Ninth Circuit U.S. Court of Appeals supporting a trial court’s preliminary injunction ordering the redaction of individuals’ personally identifiable information (PII) from responsive documents in an anti-abortion advocate’s public records request related to fetal tissue research (Jane Does 1-10, et al. v. David Daleiden, et al., No. 16-36038, 9th Cir.).