LOS ANGELES — A restaurant and a private citizen who sued the health officer for Los Angeles County over a contact tracing order that was enacted for the purpose of combatting COVID-19 saw their complaint alleging constitutional violations dismissed on Nov. 16 by a California federal judge, who found that the plaintiffs did not establish standing to bring their claims (Miura Corp., et al. v. Muntu Davis, M.D., M.P.H., No. 20-5497, C.D. Calif.).
SAN DIEGO — Three consumers who claim that their protected health information (PHI) was compromised by a billing services provider’s lax data security sufficiently pleaded most of their putative class privacy claims, a California federal judge ruled Nov. 19, largely denying the company’s motion to dismiss (Vicki Stasi, et al. v. Inmediata Health Group Corp., No. 19-2353, S.D. Calif., 2020 U.S. Dist. LEXIS 217097).
CLEVELAND — A company that provided Cybersecurity services to Capital One Financial Corp. will not be required to conduct additional searches for responsive discovery materials in its electronically stored information (ESI) related to the credit card issuer’s 2019 data breach, an Ohio federal judge ruled Nov. 20, denying the putative class plaintiffs’ motion to compel (Brandon Hausauer, et al. v. TrustedSec LLC, No. 20-mc-101, N.D. Ohio, 2020 U.S. Dist. LEXIS 217812).
SAN FRANCISCO — The named plaintiffs in a consolidated class action over multiple data breaches experienced by Yahoo! Inc. failed in their bid to dispose of one man’s appeal of the approval of a $117.5 million settlement of the suit, when a Ninth Circuit U.S. Court of Appeals panel on Nov. 20 denied their motion for summary affirmance of the approval ruling (In re: Yahoo! Inc. Customer Data Security Breach Litigation, Nos. 20-16633 and 20-16779, 9th Cir.).
SAN FRANCISCO — A trial court wrongly declined to dismiss computer fraud claims against it, a spyware maker argues in its Nov. 16 appellant brief to the Ninth Circuit U.S. Court of Appeals, contending that it is entitled to sovereign immunity because its purported unauthorized access to WhatsApp Inc.’s communications platforms occurred as part of it service to various foreign sovereign governments (WhatsApp Inc., et al. v. NSO Group Technologies Limited, et al., No. 20-16408, 9th Cir.).
ATLANTA — A $5.5 million settlement of the negligence class claims of a group of financial institutions (FIs) over Equifax Inc.’s 2017 data breach is “an excellent result,” a Georgia federal judge declared Nov. 16, granting final approval to the agreement (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 17-md-2800, N.D. Ga.).
SAN FRANCISCO — Eight months after a California federal judge declined to grant preliminary approval to a settlement of a negligence class action over a 2018 data breach related to Facebook Inc.’s “View As” feature, that same judge on Nov. 15 preliminarily approved the agreement, under which Facebook pledged to make security improvements, finding that the parties sufficiently addressed prior concerns related to compliance assessment monitoring and certain procedures for class members to object to the settlement (Stephen Adkins v. Facebook, Inc., No. 18-5982, N.D. Calif., 2020 U.S. Dist. LEXIS 214006).
SAN FRANCISCO — Although a California federal judge found that an online advertising analytics firm “has shown a risk of irreparable harm” to its business after it was blocked from accessing Facebook Inc.’s platforms, he concluded, in a ruling that was unsealed Nov. 9, that the public interest was best served by denying the company’s motion for a temporary restraining order (TRO) to halt the social network operator’s blocking actions in light of privacy concerns from the harvesting of user information (Facebook Inc. v. BrandTotal Ltd., et al., No. 20-7182, N.D. Calif., 2020 U.S. Dist. LEXIS 210431).
SAN FRANCISCO — In a Nov. 4 unpublished ruling, the Ninth Circuit U.S. Court of Appeals affirmed summary judgment by an Oregon federal judge in favor of a defendant accused of conversion, on grounds that the claim is preempted by federal copyright law (Lori Bokenfohr v. Christine Guidera, No. 19-35992, 9th Cir., 2020 U.S. App. LEXIS 34914).
NEW YORK — A New York federal judge on Nov. 10 granted an unopposed motion to consolidate nine putative class actions against Warner Music Group over a recently announced data breach, finding that they involved “substantially related questions of law and fact” springing from the same hacking incident (In re Warner Music Group Data Breach, No. 20-7473, S.D. N.Y.).
RICHMOND, Va. — Affirming a trial court’s ruling, a Fourth Circuit U.S. Court of Appeals panel majority on Nov. 5 found that a Baltimore-based think tank did not demonstrate its likelihood to succeed on its claims that an aerial surveillance program enacted by the Baltimore Police Department (BPD) violates citizens’ rights under the First and Fourth amendments to the U.S. Constitution, making a requested preliminary injunction inappropriate (Leaders of a Beautiful Struggle, et al. v. Baltimore Police Department, et al., No. 20-1495, 4th Cir., 2020 U.S. App. LEXIS 35070).
SAN FRANCISCO — A federal judge in California on Nov. 4 appointed an individual shareholder as lead plaintiff in a securities class action lawsuit against video communications platform application provider Zoom Communications Inc. and two of its senior executives, ruling that the timing of a competing shareholder’s sale of its Zoom stock capped his potential damages recovery under the Private Securities Litigation Reform Act’s (PSLRA) statutory damages cap (In re Zoom Securities Litigation, No. 20-2353, N.D. Calif., 2020 U.S. Dist. LEXIS 207490).
CLEVELAND — An Ohio federal judge on Nov. 2 granted a motion to certify a class of financial institutions (FIs) in a consolidated lawsuit alleging negligence against Sonic Corp. for a 2017 data breach, with the judge altering the class definition proposed by the plaintiffs to specify that class member FIs need to have responded or taken action to alerts received over payment cards compromised in the breach (In re: Sonic Corp. Customer Data Security Breach, No. 17-md-2807, N.D. Ohio, 2020 U.S. Dist. LEXIS 204169).
COLUMBUS, Ohio — An Ohio federal magistrate judge on Nov. 2 determined that a disability insurer must produce unredacted copies of information related to disability claims because the information is relevant to a disability plan participant’s claim (Barbara Cluck v. Unum Life Insurance Company of America, No. 18-56, S.D. Ohio, 2020 U.S. Dist. LEXIS 204429).
LOS ANGELES — A federal judge in California on Sept. 16 granted preliminary approval of a $16 million settlement to be paid by ACT Inc. to end a class complaint alleging disclosure of information regarding certain ACT examinees’ disability status to colleges and scholarship organizations and denying certain examinees with disabilities an equal opportunity to participate in its Educational Opportunity Service (EOS) program (Halie Bloom, et al. v. ACT, Inc., No. 18-6749, C.D. Calif.).
SAN FRANCISCO — Deeming the scope of discovery proposed by Facebook Inc. to be “restrictive” and “limited,” a California federal magistrate judge overseeing discovery in a consolidated class action over Facebook’s sharing of users’ profile data with third-party app developers issued an order on Oct. 29 directing the social network operator to produce data it shared related to users’ activity both on and off of its platform (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 18-md-2843, N.D. Calif.).
GREENBELT, Md. — The bellwether plaintiffs in a consolidated class complaint over Marriott International Inc.’s massive four-year data breach have sufficiently pleaded most of their negligence claims against an information technology (IT) company co-defendant that provided services to a Marriott subsidiary, a Maryland federal judge ruled Oct. 26, denying the company’s dismissal motion on five out of six bellwether claims (In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 19-2879, D. Md.).
ALEXANDRIA, Va. — The plaintiffs suing Capital One Financial Corp. over its 2019 data breach failed in their bid to obtain further testimony from the credit card issuer’s chief information officer (CIO) on Oct. 16, when a Virginia federal magistrate judge denied their motion to compel answers to deposition questions that they said were wrongly withheld under the bank examination privilege (In re Capital One Customer Data Security Breach Litigation, No. 19-2915, E.D. Va.).
LOS ANGELES — Two days after ruling that FedEx Office and Print Services Inc. is entitled to coverage for underlying class actions alleging that it violated the Fair and Accurate Credit Transactions Act (FACTA), a federal judge in California on Oct. 22 ordered FedEx and its professional solutions insurer to private mediation (FedEx Office and Print Services, Inc. v. Continental Casualty Company, No. 20-4799, C.D. Calif.).
SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on Oct. 20 affirmed a federal judge in Nevada’s ruling that Ocwen Loan Servicing LLC did not violate the Fair Credit Reporting Act (FCRA) when accessing credit reports of borrowers whose mortgage loans were discharged in bankruptcy proceedings, finding that the loan servicer obtained the information to determine whether the borrowers were eligible for loss mitigation.