ATLANTA — An en banc 11th Circuit U.S. Court of Appeals will rehear the appeal of a $6.3 million settlement by Godiva Chocolatier Inc. to end class claims that it violated the Fair Credit Reporting Act (FCRA) by printing more than five digits of credit card numbers on receipts, a majority of the 11th Circuit ruled Oct. 4 (James H. Price, et al. v. Godiva Chocolatier, Inc., No. 16-16486, 11th Cir., 2019 U.S. App. LEXIS 30027).
ERIE, Pa. — On Oct. 4, a Wyoming couple who sued a rent-to-own (RTO) franchisor and franchisee over the installation of spyware on their laptop jointly filed a brief with the franchisor, with whom they recently settled their claims, opposing the franchisee’s motion to compel production of the confidential settlement agreement, asserting that a settlement is irrelevant to any remaining claims and defenses in the case (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).
SAN FRANCISCO — A class suing Facebook Inc. for violating an Illinois privacy law with its “tag suggestions” photo-tagging feature filed a brief on Oct. 1 asking the Ninth Circuit U.S. Court of Appeals to deny the social network’s petition to rehear en banc a panel’s affirming a trial court’s certification of the class, arguing that the ruling did not create any splits and did not invoke any questions of exceptional importance (In re Facebook Biometric Information Privacy Litigation, No. 18-15982, 9th Cir.).
WASHINGTON, D.C. — A District of Columbia Circuit U.S. Court of Appeals panel correctly reversed the dismissal of its privacy and negligence claims against the U.S. Office of Personnel Management (OPM) and one of its contractors related to a 2015 data breach, a plaintiff labor union and a group of government employees assert in a Sept. 30 brief opposing the agency’s motion for rehearing, arguing that the appeals court correctly found that the plaintiffs have standing to sue based on identity theft and fraud that they have already experienced as a result of their personally identifiable information (PII) being stolen in the breach (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, Nos. 17-5217 & 17-5232, D.C. Cir.).
ANCHORAGE, Alaska — An Alaska federal judge on Oct. 1 denied a petition for a writ of habeas corpus filed by a man convicted of murdering his ex-girlfriend, finding that he is not entitled to relief on the ground that the state trial court erred by not holding a hearing under Daubert v. Merrell Dow Pharmaceuticals Inc., 509 U.S. 579 (1993), to review an expert’s cell phone tower testimony (Bukurim Miftari v. Earl Houser, No. 3:19-cv-00091, D. Alaska, 2019 U.S. Dist. LEXIS 170018).
WASHINGTON, D.C. — The U.S. Judicial Panel on Multidistrict Litigation (JPMDL) issued a transfer order on Oct. 2, centralizing 21 class actions over the recently announced data breach experienced by Capital One Financial Corp. in Virginia federal court (In re Capital One Customer Data Security Breach Litigation, No. 2915, JPMDL).
GREENBELT, Md. — Marriott International Inc. filed a reply brief Sept. 27 supporting its motion to dismiss a Louisiana bank’s complaint, which is part of a multidistrict litigation over a data breach the hotel chain announced a year ago, telling a Maryland federal court that the bank’s negligence claims are precluded under the economic loss doctrine and arguing that recently submitted documents cast doubt upon the bank’s standing, thus necessitating discovery on the matter (In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 8:19-md-02879, D. Md.).
PHILADELPHIA — A federal judge in Pennsylvania on Sept. 24 granted final approval to a data theft class settlement between an employer and its employees that will provide identity theft protection and monetary payments of up to $1,500 if the class members show their stolen data was used following the release of their W-2s by another employee (Tashica Fulton-Green, et al. v. Accolade, Inc., No. 18-274, E.D. Pa., 2019 U.S. Dist. LEXIS 164375).
SAN JOSE, Calif. — A federal judge in California on Sept. 25 ruled that lead plaintiffs in a consolidated securities class action against social media networking website Facebook Inc. and several of its senior executives failed to sufficiently plead an actionable misrepresentation or omission concerning 35 of 36 alleged misstatements in violation of federal securities laws made concerning the company’s privacy and data protection practices (In re Facebook Inc. Securities Litigation, No. 18-1725, N.D. Calif., 2019 U.S. Dist. LEXIS 166027).
MISSOULA, Mont. — A federal judge in Montana on Sept. 27 denied a man’s motion to suppress evidence taken from a compensation and pension (C&P) exam he underwent in order to determine the amount of disability benefits he could obtain from the Veteran Benefits Administration (VBA), finding that the admission of the information would not violate his right to due process under the Fourth Amendment to the U.S. Constitution (United States v. John Cicero Hughes, No. 18-38, 2019 U.S. Dist. LEXIS 167127).
KANSAS CITY, Kan. — Two weeks after a Kansas federal judge denied their motions to amend and reconsider a ruling allowing state residents’ privacy claims related to a voter data-sharing program to proceed, the Kansas secretary of State (KSOS) and his predecessor teamed up to file an answer to their complaint on Sept. 19, denying the constitutional and state law claims against them (Scott Moore, et al. v. Kris Kobach, et al., No. 2:18-cv-02329, D. Kan.).
RENO, Nev. — A Nevada federal judge on Sept. 19 preliminarily approved the settlement of a seven-year-old class action against online retailer Zappos.com Inc. over a 2012 data breach, under which the settlement class members will each receive a one-time discount code that they can use to make online purchases from Zappos (In Re Zappos.com Inc., Customer Data Security Breach Litigation, No. 3:12-cv-00325, D. Nev.).
ATLANTA — Two years after Home Depot Inc. and a class of financial institution (FI) plaintiffs reached a $25 million settlement over the home supply company’s 2014 data breach, the parties submitted filings in Georgia federal court on Sept. 23, disputing how the court’s previous attorney fees award is affected by an 11th Circuit U.S. Court of Appeals ruling that partly reversed it (In Re: The Home Depot Inc., Customer Data Security Breach Litigation, No. 1:14-md-02583, D. Ga.).
WASHINGTON, D.C. — With at least 61 lawsuits filed in the wake of the data breach announced by Capital One Financial Corp. in July, a health services company on Sept. 16 became the latest plaintiff to argue in favor of consolidation, telling the U.S. Judicial Panel on Multidistrict Litigation (JPMDL) that a Virginia federal court is the most appropriate venue (In re: Capital One Consumer Data Security Breach Litigation, No. 2915, JPMDL).
PHILADELPHIA — A Pennsylvania county and its correctional facility, in two separate reply briefs filed Sept. 20, asked a federal judge in Pennsylvania to issue judgment as a matter of law, order a new trial or grant a motion for remittitur, following a May 28 jury verdict awarding what is estimated to equal $68 million to a class of inmates who sued over an online search tool that provided the public with their mugshots and arrest information (Daryoush Taha v. Bucks County, et al., No. 12-6867, E.D. Pa.).
LOS ANGELES— A minor California resident filed a first amended complaint (FAC) against Amazon.com Inc. in California federal court on Sept. 18, alleging violation of a state privacy law via the unauthorized recording of children’s voices through Amazon’s digital assistant Alexa (R.A. v. Amazon.com Inc., et al., No. 2:19-cv-06454, C.D. Calif.).
SAN FRANCISCO — The U.S. Chamber of Commerce was one of five amici curiae that filed briefs Sept. 16 supporting Facebook Inc.’s petition for rehearing, asking the Ninth Circuit U.S. Court of Appeals to reconsider a panel’s ruling that affirmed certification of a class seeking damages under the Illinois Biometric Information Privacy Act (BIPA), with the chamber arguing that certification was improper because the plaintiffs have not pleaded any harm from the social network’s use of facial recognition technology in its “Tag Suggestions” feature (In re Facebook Biometric Information Privacy Litigation, No. 18-15982, 9th Cir.).
NEWARK, N.J. — A customer of J. Crew Group Inc. who filed a putative class claim against the retailer for violation of the Fair and Accurate Credit Transactions Act (FACTA) saw his third amended complaint (TAC) dismissed without leave to amend on Sept. 10 by a New Jersey federal judge, who found that the plaintiff still failed to plead any injury from the retailer’s printing of too many credit card digits on his receipts that was sufficient to establish standing (Ahmed Kamal v. J. Crew Group Inc., et al., No. 2:15-cv-00190, D. N.J., 2019 U.S. Dist. LEXIS 153972).
ERIE, Pa. — Six days after a Wyoming couple announced their intention to dismiss Electronic Communications Privacy Act (ECPA) claims against a rent-to-own (RTO) franchisor over computer spyware, the plaintiffs and the franchisor on Sept. 16 jointly responded to an objection by a franchisee, who was not a party to the stipulation, telling a Pennsylvania federal court that there is “no live dispute” between them due to a confidential settlement (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).
SAN FRANCISCO — In a pair of motions filed Sept. 11, AT&T Inc. asks a California federal court to dismiss privacy claims over its purported sale of customers’ information to third parties for lack of jurisdiction and to compel arbitration of the plaintiffs’ claims per a provision in their customer agreements (Katherine Scott, et al. v. AT&T Inc., et al., No. 3:19-cv-04063, N.D. Calif.).