PORTLAND, Ore. — Two Marriott International Inc. customers filed a class complaint on Nov. 30 in an Oregon state court, seeking up to $12.5 billion for a nationwide class allegedly affected by the hotel chain’s data breach that was announced that same day (David Johnson, et al. v. Marriott International, Inc., No. 18CV54883, Ore. Cir., Multnomah Co.).
WASHINGTON, D.C. — One month after oral arguments were held, Google LLC, a class of Google users and the federal government filed supplemental briefs in the U.S. Supreme Court on Nov. 30 addressing whether the class had established standing under Article III of the U.S. Constitution to bring its privacy claims against the internet giant (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).
CHICAGO — In its Nov. 28 response to a plaintiff’s motion to compel production of identifying information for prospective class members in a data breach lawsuit, Barnes & Noble Inc. tells an Illinois federal court that it properly redacted private customer information that is irrelevant at the class definition stage of the litigation (In re Barnes & Noble Pin Pad Litigation, No. 1:12-cv-08617, N.D. Ill.).
FRESNO, Calif. — On Nov. 28, the American Civil Liberties Union and Electronic Frontier Foundation (EFF) filed a motion in California federal court to unseal the court filings in a case where the U.S. Department of Justice (DOJ) reportedly sought to compel Facebook Inc. to provide it with access to users’ private calls made via the social network (In re U.S. Department of Justice Motion to Compel Facebook to Provide Technical Assistance in Sealed Case, Opinion and Order Issued in or About September 2018, No. 1:18-mc-00057, E.D. Calif.).
PITTSBURGH — The Pennsylvania Supreme Court on Nov. 21 found that an employer has a duty to protect any personally identifiable information (PII) that it collects from its employees, reversing the dismissal of a putative class of hospital employees’ negligence claim over the theft of their information after a breach of their employer’s network (Barbara A. Dittman, et al. v. UPMC, et al., No. 43 WAP 2017, Pa. Sup., 2018 Pa. LEXIS 6051).
CHICAGO — In an Oct. 24 response brief, five members of the Chicago Police Department (CPD) tell the Seventh Circuit U.S. Court of Appeals that a newspaper’s appeal of a ruling that deemed it in violation of the Driver’s Privacy Protection Act (DPPA) is premature and merits dismissal because the trial court’s order was not final and did not award any relief (Scott Dahlstrom, et al. v. Sun-Times Media LLC, No. 18-3101, 7th Cir.).
WASHINGTON, D.C. — Appealing a ruling that pleading an increased risk of identity theft from a data breach is sufficient to establish an injury for purposes of standing under Article III of the U.S. Constitution, Zappos.com Inc., in a Nov. 19 reply brief supporting its petition for certiorari, asks the U.S. Supreme Court to decide the uniform standard to establish what constitutes a concrete injury in such cases (Zappos.com Inc. v. Theresa Stevens, et al., No. 18-225, U.S. Sup.).
WASHINGTON, D.C. — A man who has filed multiple lawsuits over the domestic surveillance activities of the National Security Agency (NSA) filed a reply brief in one of three dismissed cases Nov. 14, arguing to the District of Columbia U.S. Court of Appeals that he has standing and evidence to pursue his constitutional claims against the government (Larry Klayman v. National Security Agency, et al., No. 18-5097, D.C. Cir.; and Larry Klayman, et al. v. Barack Obama, et al., Nos. 17-5281 and 17-5282, D.C. Cir.).
BALTIMORE — In light of the presiding judge’s finding that the state secrets privilege precluded production of most of the evidence sought by Wikimedia Foundation to support its lawsuit over surveillance conducted by the National Security Agency (NSA), the government on Nov. 13 moved for summary judgment in Maryland federal court, asserting that the plaintiff was unable to establish standing to pursue its constitutional claims (Wikimedia Foundation v. National Security Agency, et al., No. 1:15-cv-00662, D. Md.).
NEWARK, N.J. — A New Jersey man failed to establish the necessary elements of unlawful interception of electronic communications by Quicken Loans Inc., a New Jersey federal judge ruled Nov. 9, dismissing his putative class claims under the Wiretap Act because the lender’s collection of data via its website was lawful (Michael Allen v. Quicken Loans Inc., et al., No. 2:17-cv-12352, D. N.J., 2018 U.S. Dist. LEXIS 192066).
PITTSBURGH — A Rite Aid customer sued the pharmacy company and a pharmacist at a Pittsburgh location on Oct. 23, alleging that an employee violated state and federal health laws and caused him mental anguish and humiliation by announcing his HIV status without permission within earshot of other customers (John Doe v. Rite Aid Pharmacy Corp., et al., No. 18-013826, Pa. Comm. Pls., Allegheny Co.).
NEW YORK — A federal judge in New York on Nov. 9 denied a motion to suppress filed by a man accused of participating in a health care fraud scheme, finding that search warrants executed for three email accounts were not overbroad and that the man had no reasonable expectation of privacy for the accounts (United States v. Paul J. Mathieu, et al., No. 16 cr 763, S.D. N.Y., 2018 U.S. Dist. LEXIS 192281).
OAKLAND, Calif. — Seeking to proceed with their statutory claims over the domestic surveillance activities of the National Security Agency (NSA), the plaintiffs in a 10-year old putative class action against the federal government on Nov. 2 filed a declaration by former NSA contractor Edward Snowden the same day they filed a reply brief in California federal court opposing the government’s summary judgment motion (Carolyn Jewel, et al. v. National Security Agency, et al., No. 4:08-cv-04373, N.D. Calif.).
WASHINGTON, D.C. — Asserting that they plausibly pleaded a substantial risk of future harm due to their personally identifiable information (PII) being stolen in a 2012 data breach experienced by Zappos.com Inc., a group of the online retailer’s customers in a Nov. 6 brief urge the U.S. Supreme Court to deny its petition for certiorari, arguing that the circuit courts are in agreement on the standard of determining whether future harm has been sufficiently alleged in data breach cases (Zappos.com Inc. v. Theresa Stevens, et al., No. 18-225, U.S. Sup.).
WASHINGTON, D.C. — Six days after hearing oral arguments in a dispute about the propriety of cy pres settlements in class actions, the U.S. Supreme Court on Nov. 6 directed the parties to file supplemental briefs addressing whether the named plaintiffs alleging privacy violations by Google LLC established standing in the case under Article III of the U.S. Constitution (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).
BROOKLYN, N.Y. — A New York man on Nov. 5 filed a putative class complaint against British Airways PLC (UK) in New York federal court, claiming that the airline’s failure to comply with the European Union’s General Data Protection Regulation (GDPR) led to a recently announced data breach that exposed the payment information of hundreds of thousands of customers (Ralph Pena v. British Airways PLC [UK], No. 1:18-cv-06278, E.D. N.Y.).
SAN FRANCISCO — Facebook Inc. on Nov. 2 moved in California federal court to dismiss a consolidated class action over its 2015 data-sharing incident with Cambridge Analytica LLC, arguing that the plaintiffs have not pleaded any cognizable harm from the incident that is sufficient to establish standing under Article III of the U.S. Constitution, citing a lack of allegations that the shared data was misused by any third parties (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-2843, N.D. Calif.).
ATLANTA — A consolidated group of banks and financial institutions (FIs) failed to establish standing to sue under Article III of the U.S. Constitution, Equifax Inc. argues in a Nov. 1 reply brief in Georgia federal court, seeking dismissal of negligence claims related to its 2017 data breach for failure to plead a cognizable injury (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
TOPEKA, Kan. — A Kansas Court of Appeals panel on Nov. 2 vacated a magistrate judge’s decision to deny a woman’s request for DNA testing in a probate proceeding, finding that the judge abused his discretion by misunderstanding the law (In re Estate of Chad Allen Fechner, No. 118,809, Kan. App., 2018 Kan. App. LEXIS 59).
WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 31 heard arguments about the propriety of cy pres settlements of class actions, with Google LLC, the federal government, a class of Google users and objectors to a class settlement all offering their opinions on whether such a settlement was fair in an underlying privacy case (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).