Mealey's Data Privacy

  • November 24, 2020

    Suit Over Los Angeles Contact Tracing Rule Dismissed For Lack Of Standing

    LOS ANGELES — A restaurant and a private citizen who sued the health officer for Los Angeles County over a contact tracing order that was enacted for the purpose of combatting COVID-19 saw their complaint alleging constitutional violations dismissed on Nov. 16 by a California federal judge, who found that the plaintiffs did not establish standing to bring their claims (Miura Corp., et al. v. Muntu Davis, M.D., M.P.H., No. 20-5497, C.D. Calif.).

  • November 24, 2020

    Privacy Claims Over Medical Billing Firm’s Data Breach Mostly Survive Dismissal

    SAN DIEGO — Three consumers who claim that their protected health information (PHI) was compromised by a billing services provider’s lax data security sufficiently pleaded most of their putative class privacy claims, a California federal judge ruled Nov. 19, largely denying the company’s motion to dismiss (Vicki Stasi, et al. v. Inmediata Health Group Corp., No. 19-2353, S.D. Calif., 2020 U.S. Dist. LEXIS 217097).

  • November 23, 2020

    Capital One’s Security Firm Needn’t Run More ESI Searches In Data Breach Row

    CLEVELAND — A company that provided Cybersecurity services to Capital One Financial Corp. will not be required to conduct additional searches for responsive discovery materials in its electronically stored information (ESI) related to the credit card issuer’s 2019 data breach, an Ohio federal judge ruled Nov. 20, denying the putative class plaintiffs’ motion to compel (Brandon Hausauer, et al. v. TrustedSec LLC, No. 20-mc-101, N.D. Ohio, 2020 U.S. Dist. LEXIS 217812).

  • November 23, 2020

    Objector May Pursue 9th Circuit Appeal Of Yahoo Data Breach Settlement

    SAN FRANCISCO — The named plaintiffs in a consolidated class action over multiple data breaches experienced by Yahoo! Inc. failed in their bid to dispose of one man’s appeal of the approval of a $117.5 million settlement of the suit, when a Ninth Circuit U.S. Court of Appeals panel on Nov. 20 denied their motion for summary affirmance of the approval ruling (In re:  Yahoo! Inc. Customer Data Security Breach Litigation, Nos. 20-16633 and 20-16779, 9th Cir.).

  • November 19, 2020

    Spyware Firm Asserts Sovereign Immunity Defense In 9th Circuit Computer Fraud Suit

    SAN FRANCISCO — A trial court wrongly declined to dismiss computer fraud claims against it, a spyware maker argues in its Nov. 16 appellant brief to the Ninth Circuit U.S. Court of Appeals, contending that it is entitled to sovereign immunity because its purported unauthorized access to WhatsApp Inc.’s communications platforms occurred as part of it service to various foreign sovereign governments (WhatsApp Inc., et al. v. NSO Group Technologies Limited, et al., No. 20-16408, 9th Cir.).

  • November 18, 2020

    Final OK Given To Banks’ $5.5 Million Settlement Of Equifax Data Breach Suit

    ATLANTA — A $5.5 million settlement of the negligence class claims of a group of financial institutions (FIs) over Equifax Inc.’s 2017 data breach is “an excellent result,” a Georgia federal judge declared Nov. 16, granting final approval to the agreement (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 17-md-2800, N.D. Ga.).

  • November 17, 2020

    Settlement Of Facebook ‘View As’ Privacy Class Action Preliminarily Approved

    SAN FRANCISCO — Eight months after a California federal judge declined to grant preliminary approval to a settlement of a negligence class action over a 2018 data breach related to Facebook Inc.’s “View As” feature, that same judge on Nov. 15 preliminarily approved the agreement, under which Facebook pledged to make security improvements, finding that the parties sufficiently addressed prior concerns related to compliance assessment monitoring and certain procedures for class members to object to the settlement (Stephen Adkins v. Facebook, Inc., No. 18-5982, N.D. Calif., 2020 U.S. Dist. LEXIS 214006).

  • November 13, 2020

    Advertising Analytics Firm Denied TRO In Computer Fraud Dispute With Facebook

    SAN FRANCISCO — Although a California federal judge found that an online advertising analytics firm “has shown a risk of irreparable harm” to its business after it was blocked from accessing Facebook Inc.’s platforms, he concluded, in a ruling that was unsealed Nov. 9, that the public interest was best served by denying the company’s motion for a temporary restraining order (TRO) to halt the social network operator’s blocking actions in light of privacy concerns from the harvesting of user information (Facebook Inc. v. BrandTotal Ltd., et al., No. 20-7182, N.D. Calif., 2020 U.S. Dist. LEXIS 210431).

  • November 12, 2020

    9th Circuit: Conversion Claim Correctly Deemed Preempted By Copyright Act

    SAN FRANCISCO — In a Nov. 4 unpublished ruling, the Ninth Circuit U.S. Court of Appeals affirmed summary judgment by an Oregon federal judge in favor of a defendant accused of conversion, on grounds that the claim is preempted by federal copyright law (Lori Bokenfohr v. Christine Guidera, No. 19-35992, 9th Cir., 2020 U.S. App. LEXIS 34914).

  • November 12, 2020

    9 Class Actions Over Warner Music Data Breach Consolidated In New York

    NEW YORK — A New York federal judge on Nov. 10 granted an unopposed motion to consolidate nine putative class actions against Warner Music Group over a recently announced data breach, finding that they involved “substantially related questions of law and fact” springing from the same hacking incident (In re Warner Music Group Data Breach, No. 20-7473, S.D. N.Y.).

  • November 10, 2020

    4th Circuit Won’t Enjoin Baltimore Police Department’s Aerial Surveillance Plan

    RICHMOND, Va. — Affirming a trial court’s ruling, a Fourth Circuit U.S. Court of Appeals panel majority on Nov. 5 found that a Baltimore-based think tank did not demonstrate its likelihood to succeed on its claims that an aerial surveillance program enacted by the Baltimore Police Department (BPD) violates citizens’ rights under the First and Fourth amendments to the U.S. Constitution, making a requested preliminary injunction inappropriate (Leaders of a Beautiful Struggle, et al. v. Baltimore Police Department, et al., No. 20-1495, 4th Cir., 2020 U.S. App. LEXIS 35070).

  • November 09, 2020

    Investor Appointed As Lead Plaintiff In Zoom Securities Class Action

    SAN FRANCISCO — A federal judge in California on Nov. 4 appointed an individual shareholder as lead plaintiff in a securities class action lawsuit against video communications platform application provider Zoom Communications Inc. and two of its senior executives, ruling that the timing of a competing shareholder’s sale of its Zoom stock capped his potential damages recovery under the Private Securities Litigation Reform Act’s (PSLRA) statutory damages cap (In re Zoom Securities Litigation, No. 20-2353, N.D. Calif., 2020 U.S. Dist. LEXIS 207490).

  • November 04, 2020

    Financial Institution Class Certified In Sonic Data Breach Suit

    CLEVELAND — An Ohio federal judge on Nov. 2 granted a motion to certify a class of financial institutions (FIs) in a consolidated lawsuit alleging negligence against Sonic Corp. for a 2017 data breach, with the judge altering the class definition proposed by the plaintiffs to specify that class member FIs need to have responded or taken action to alerts received over payment cards compromised in the breach (In re:  Sonic Corp. Customer Data Security Breach, No. 17-md-2807, N.D. Ohio, 2020 U.S. Dist. LEXIS 204169).

  • November 03, 2020

    Magistrate Judge Says Disability Insurer Must Produce Unredacted Documents

    COLUMBUS, Ohio — An Ohio federal magistrate judge on Nov. 2 determined that a disability insurer must produce unredacted copies of information related to disability claims because the information is relevant to a disability plan participant’s claim (Barbara Cluck v. Unum Life Insurance Company of America, No. 18-56, S.D. Ohio, 2020 U.S. Dist. LEXIS 204429).

  • November 02, 2020

    Preliminary Approval Of $16M Settlement Granted In Student Disclosure Suit

    LOS ANGELES — A federal judge in California on Sept. 16 granted preliminary approval of a $16 million settlement to be paid by ACT Inc. to end a class complaint alleging disclosure of information regarding certain ACT examinees’ disability status to colleges and scholarship organizations and denying certain examinees with disabilities an equal opportunity to participate in its Educational Opportunity Service (EOS) program (Halie Bloom, et al. v. ACT, Inc., No. 18-6749, C.D. Calif.).

  • November 02, 2020

    Facebook’s Discovery To Include Third-Party Data Use In Profile Data-Sharing Suit

    SAN FRANCISCO — Deeming the scope of discovery proposed by Facebook Inc. to be “restrictive” and “limited,” a California federal magistrate judge overseeing discovery in a consolidated class action over Facebook’s sharing of users’ profile data with third-party app developers issued an order on Oct. 29 directing the social network operator to produce data it shared related to users’ activity both on and off of its platform (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 18-md-2843, N.D. Calif.).

  • October 28, 2020

    IT Firm Mostly Denied Dismissal Motion In Marriott Data Breach Suit

    GREENBELT, Md. — The bellwether plaintiffs in a consolidated class complaint over Marriott International Inc.’s massive four-year data breach have sufficiently pleaded most of their negligence claims against an information technology (IT) company co-defendant that provided services to a Marriott subsidiary, a Maryland federal judge ruled Oct. 26, denying the company’s dismissal motion on five out of six bellwether claims (In re:  Marriott International Inc. Customer Data Security Breach Litigation, No. 19-2879, D. Md.).

  • October 26, 2020

    Magistrate Won’t Compel Testimony From Capitol One’s CIO In Data Breach Suit

    ALEXANDRIA, Va. — The plaintiffs suing Capital One Financial Corp. over its 2019 data breach failed in their bid to obtain further testimony from the credit card issuer’s chief information officer (CIO) on Oct. 16, when a Virginia federal magistrate judge denied their motion to compel answers to deposition questions that they said were wrongly withheld under the bank examination privilege (In re Capital One Customer Data Security Breach Litigation, No. 19-2915, E.D. Va.).

  • October 23, 2020

    Judge Refers Professional Services Coverage Suit To Mediation After Coverage Ruling

    LOS ANGELES — Two days after ruling that FedEx Office and Print Services Inc. is entitled to coverage for underlying class actions alleging that it violated the Fair and Accurate Credit Transactions Act (FACTA), a federal judge in California on Oct. 22 ordered FedEx and its professional solutions insurer to private mediation (FedEx Office and Print Services, Inc. v. Continental Casualty Company, No. 20-4799, C.D. Calif.).

  • October 23, 2020

    9th Circuit:  Loan Servicer’s Access Of Credit Reports Did Not Violate Statute

    SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on Oct. 20 affirmed a federal judge in Nevada’s ruling that Ocwen Loan Servicing LLC did not violate the Fair Credit Reporting Act (FCRA) when accessing credit reports of borrowers whose mortgage loans were discharged in bankruptcy proceedings, finding that the loan servicer obtained the information to determine whether the borrowers were eligible for loss mitigation.