Mealey's Data Privacy

  • November 07, 2018

    Zappos Customers Oppose Certiorari In Data Breach Suit

    WASHINGTON, D.C. — Asserting that they plausibly pleaded a substantial risk of future harm due to their personally identifiable information (PII) being stolen in a 2012 data breach experienced by Inc., a group of the online retailer’s customers in a Nov. 6 brief urge the U.S. Supreme Court to deny its petition for certiorari, arguing that the circuit courts are in agreement on the standard of determining whether future harm has been sufficiently alleged in data breach cases ( Inc. v. Theresa Stevens, et al., No. 18-225, U.S. Sup.).

  • November 07, 2018

    Post-Argument Briefs Ordered By Supreme Court In Google Privacy Cy Pres Case

    WASHINGTON, D.C. — Six days after hearing oral arguments in a dispute about the propriety of cy pres settlements in class actions, the U.S. Supreme Court on Nov. 6 directed the parties to file supplemental briefs addressing whether the named plaintiffs alleging privacy violations by Google LLC established standing in the case under Article III of the U.S. Constitution (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).

  • November 07, 2018

    British Airways Hit With Class Complaint Over Hack Of Online Payment System

    BROOKLYN, N.Y. — A New York man on Nov. 5 filed a putative class complaint against British Airways PLC (UK) in New York federal court, claiming that the airline’s failure to comply with the European Union’s General Data Protection Regulation (GDPR) led to a recently announced data breach that exposed the payment information of hundreds of thousands of customers (Ralph Pena v. British Airways PLC [UK], No. 1:18-cv-06278, E.D. N.Y.).

  • November 06, 2018

    Facebook Moves To Dismiss Data-Sharing Class Action For Lack Of Standing

    SAN FRANCISCO — Facebook Inc. on Nov. 2 moved in California federal court to dismiss a consolidated class action over its 2015 data-sharing incident with Cambridge Analytica LLC, arguing that the plaintiffs have not pleaded any cognizable harm from the incident that is sufficient to establish standing under Article III of the U.S. Constitution, citing a lack of allegations that the shared data was misused by any third parties (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-2843, N.D. Calif.).

  • November 06, 2018

    Equifax Says Banks Did Not Plead Injury, Establish Standing In Data Breach Suit

    ATLANTA — A consolidated group of banks and financial institutions (FIs) failed to establish standing to sue under Article III of the U.S. Constitution, Equifax Inc. argues in a Nov. 1 reply brief in Georgia federal court, seeking dismissal of negligence claims related to its 2017 data breach for failure to plead a cognizable injury (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).

  • November 05, 2018

    Kansas Appeals Panel Says Court Can Order DNA Testing In Probate Proceeding

    TOPEKA, Kan. — A Kansas Court of Appeals panel on Nov. 2 vacated a magistrate judge’s decision to deny a woman’s request for DNA testing in a probate proceeding, finding that the judge abused his discretion by misunderstanding the law (In re Estate of Chad Allen Fechner, No. 118,809, Kan. App., 2018 Kan. App. LEXIS 59).

  • October 31, 2018

    Fairness, Standing Argued In High Court Over Google Privacy Cy Pres Settlement

    WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 31 heard arguments about the propriety of cy pres settlements of class actions, with Google LLC, the federal government, a class of Google users and objectors to a class settlement all offering their opinions on whether such a settlement was fair in an underlying privacy case (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).

  • October 30, 2018

    Judge Refuses To Suppress Evidence Of Fraud Scheme From Defendant’s Phone

    DETROIT — Evidence from a defendant’s cell phone documenting his role in a scheme to fraudulently obtain unemployment insurance benefits should not be suppressed, a federal judge in Michigan ruled Oct. 29, finding that a private investigator for an insurance company was not acting as a government agent when viewing the contents of the phone (United States v. Damon Drekarr Kemp, No. 18-20043, E.D. Mich., 2018 U.S. Dist. LEXIS 184341).

  • October 30, 2018

    U.S. Supreme Court Hears Arguments In Class Arbitration Dispute

    WASHINGTON, D.C. — While contract disputes are generally controlled by state law, the Federal Arbitration Act (FAA) controls questions about class arbitrability when it comes to interpreting an employment contract between an employer and employee after the employee filed a class complaint alleging, in part, negligence and violation of California’s unfair competition law (UCL) after employee data was stolen, the attorney representing the employer told the U.S. Supreme Court on Oct. 29 (Lamps Plus, Inc., et al. v. Frank Varela, No. 17-988, U.S. Sup.).

  • October 29, 2018

    Plaintiffs Call Horizon’s Document Production In Data Theft Suit Deficient

    NEWARK, N.J. — In an Oct. 24 letter to a New Jersey federal magistrate judge, the plaintiffs in a lawsuit over the theft of laptops that contained policyholders’ personally identifiable information (PII) assert that the defendant insurance company has shirked its duty to produce discovery relevant to the claims and defenses in the case, seeking a hearing or motion to compel withheld documents (In Re Horizon Healthcare Services Inc. Data Breach Litigation, No. 2:13-CV-07418, D. N.J.).

  • October 26, 2018

    Payment Card Data Found Not To Be Trade Secret Under DTSA

    DENVER — A federal judge in Colorado on Oct. 24 ruled that two financial institutions failed to sufficiently show that payment card data is a trade secret or that the data has any independent economic value in bringing their Defend Trade Secrets Act (DTSA) claims against fast food restaurant operator Chipotle Mexican Grill Inc. for its role in a massive data breach (Bellwether Community Credit Union, et al. v. Chipotle Mexican Grill Inc., No. 17-1102, D. Colo., 2018 U.S. Dist. LEXIS 182717).

  • October 25, 2018

    Objectors To Google Privacy Cy Pres Settlement Inform High Court Of New Ruling

    WASHINGTON, D.C. — Eight days before the scheduled oral argument in a dispute over the fairness of cy pres settlements in class actions, two objectors to the settlement in a privacy lawsuit against Google LLC filed a supplemental brief with the U.S. Supreme Court on Oct. 23, reporting a recent Ninth Circuit U.S. Court of Appeals ruling that they say demonstrates “the pernicious affects” such settlements can have (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).

  • October 25, 2018

    AT&T Moves To Dismiss Complaint Over Cellphone Hack And Cryptocurrency Theft

    LOS ANGELES — AT&T Inc. seeks dismissal of a 16-count complaint in which one of its customers attempts to hold the cellular provider responsible for the theft of almost $24 million in cryptocurrency via hacking of his cellphone, arguing in an Oct. 22 motion in California federal court that the plaintiff “falls far short of stating a claim against” it under any of his theories (Michael Terpin v. AT&T Inc., et al., No. 2:18-cv-06975, C.D. Calif.).

  • October 24, 2018

    Judge Dismisses Privacy, Negligence Claims Over Theft Of Data From Escrow Agent

    CHICAGO — Mostly granting an escrow agent’s motion to dismiss a lawsuit over a hacking incident that exposed a customer’s personal information, an Illinois federal judge on Oct. 16 found that the plaintiff did not allege any intentional disclosure or negligent misrepresentation by the agent (Robert Douglas White v. Citywide Title Corp., et al., No. 1:18-cv-02086, N.D. Ill., 2018 U.S. Dist. LEXIS 177834).

  • October 24, 2018

    Google Says Smartphone Data Collection Suit Must Fail Because Of User Consent

    SAN FRANCISCO — An iPhone user suing Google LLC for collecting location information from his device consented to such collection when he opted to use Google’s services, the tech giant tells a California federal court in an Oct. 22 motion, seeking dismissal of privacy claims against it as a matter of law (Napoleon Patacsil v. Google Inc., No. 3:18-cv-05062, N.D. Calif.).

  • October 23, 2018

    $50 Million Settlement Proposed In Consolidated Yahoo Data Breach Suit

    SAN JOSE, Calif. — In an Oct. 22 motion in California federal court, the plaintiffs in the two-year-old consolidated class action over various data breach and data theft incidents experienced by Yahoo! Inc. seek preliminary approval of a settlement that would establish a $50 million nonreversionary fund (In re:  Yahoo! Inc. Customer Data Security Breach Litigation, No. 5:16-md-02752, N.D. Calif.).

  • October 23, 2018

    Data Breach Whistleblower’s Retaliation Suit Against College Partly Dismissed

    PHOENIX — Finding that a former community college employee did not establish all of the necessary elements to prove that he was terminated for reporting data security violations, an Arizona federal magistrate judge on Oct. 12 partly granted summary judgment in favor of the school, while partly ruling for the employee on defamation and due process claims and deeming a jury determination necessary to resolve disputed factual elements (Miguel Corzo v. Maricopa County Community College District, et al., No. 2:15-cv-02552, D. Ariz., 2018 U.S. Dist. LEXIS 174967).

  • October 23, 2018

    CMS Reports 75,000 Users’ Files Accessed In Data Breach

    BALTIMORE — The U.S. Centers for Medicare & Medicaid Services (CMS) announced Oct. 19 that it discovered “anomalous activity” in one of the portals of, which is the website through which Americans can obtain health insurance, per the Patient Protection and Affordable Care Act (ACA), 111 P.L. 148,124 Stat. 119. 

  • October 22, 2018

    9th Circuit Dismisses, Remands Appeal Over Warrant For Google Foreign-Stored Emails

    SAN FRANCISCO — In light of a relevant U.S. Supreme Court ruling and newly enacted legislation, a Ninth Circuit U.S. Court of Appeals panel on Oct. 18 granted a motion by Google LLC to dismiss and remand its appeal of a ruling that required it to comply with a governmental warrant seeking production of user emails stored in foreign servers (In re:  Search of Content That is Stored at Premises Controlled by Google, No. 17-17393, 9th Cir., 2018 U.S. App. LEXIS 29450).

  • October 19, 2018

    Uber Drivers Defend Negligence Suit Over Data Breach To 9th Circuit

    SAN FRANCISCO — In an Oct. 17 appellant brief, two former drivers with Uber Technologies Inc. tell the Ninth Circuit U.S. Court of Appeals that their putative class action over the ride-sharing company’s 2014 data breach was improperly dismissed, arguing that they sufficiently alleged injuries sustained by hackers’ theft of their personally identifiable information (PII) (Sasha Antman, et al. v. Uber Technologies Inc. No. 18-16100, 9th Cir.).

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.