WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 31 heard arguments about the propriety of cy pres settlements of class actions, with Google LLC, the federal government, a class of Google users and objectors to a class settlement all offering their opinions on whether such a settlement was fair in an underlying privacy case (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).
DETROIT — Evidence from a defendant’s cell phone documenting his role in a scheme to fraudulently obtain unemployment insurance benefits should not be suppressed, a federal judge in Michigan ruled Oct. 29, finding that a private investigator for an insurance company was not acting as a government agent when viewing the contents of the phone (United States v. Damon Drekarr Kemp, No. 18-20043, E.D. Mich., 2018 U.S. Dist. LEXIS 184341).
WASHINGTON, D.C. — While contract disputes are generally controlled by state law, the Federal Arbitration Act (FAA) controls questions about class arbitrability when it comes to interpreting an employment contract between an employer and employee after the employee filed a class complaint alleging, in part, negligence and violation of California’s unfair competition law (UCL) after employee data was stolen, the attorney representing the employer told the U.S. Supreme Court on Oct. 29 (Lamps Plus, Inc., et al. v. Frank Varela, No. 17-988, U.S. Sup.).
NEWARK, N.J. — In an Oct. 24 letter to a New Jersey federal magistrate judge, the plaintiffs in a lawsuit over the theft of laptops that contained policyholders’ personally identifiable information (PII) assert that the defendant insurance company has shirked its duty to produce discovery relevant to the claims and defenses in the case, seeking a hearing or motion to compel withheld documents (In Re Horizon Healthcare Services Inc. Data Breach Litigation, No. 2:13-CV-07418, D. N.J.).
DENVER — A federal judge in Colorado on Oct. 24 ruled that two financial institutions failed to sufficiently show that payment card data is a trade secret or that the data has any independent economic value in bringing their Defend Trade Secrets Act (DTSA) claims against fast food restaurant operator Chipotle Mexican Grill Inc. for its role in a massive data breach (Bellwether Community Credit Union, et al. v. Chipotle Mexican Grill Inc., No. 17-1102, D. Colo., 2018 U.S. Dist. LEXIS 182717).
WASHINGTON, D.C. — Eight days before the scheduled oral argument in a dispute over the fairness of cy pres settlements in class actions, two objectors to the settlement in a privacy lawsuit against Google LLC filed a supplemental brief with the U.S. Supreme Court on Oct. 23, reporting a recent Ninth Circuit U.S. Court of Appeals ruling that they say demonstrates “the pernicious affects” such settlements can have (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).
LOS ANGELES — AT&T Inc. seeks dismissal of a 16-count complaint in which one of its customers attempts to hold the cellular provider responsible for the theft of almost $24 million in cryptocurrency via hacking of his cellphone, arguing in an Oct. 22 motion in California federal court that the plaintiff “falls far short of stating a claim against” it under any of his theories (Michael Terpin v. AT&T Inc., et al., No. 2:18-cv-06975, C.D. Calif.).
CHICAGO — Mostly granting an escrow agent’s motion to dismiss a lawsuit over a hacking incident that exposed a customer’s personal information, an Illinois federal judge on Oct. 16 found that the plaintiff did not allege any intentional disclosure or negligent misrepresentation by the agent (Robert Douglas White v. Citywide Title Corp., et al., No. 1:18-cv-02086, N.D. Ill., 2018 U.S. Dist. LEXIS 177834).
SAN FRANCISCO — An iPhone user suing Google LLC for collecting location information from his device consented to such collection when he opted to use Google’s services, the tech giant tells a California federal court in an Oct. 22 motion, seeking dismissal of privacy claims against it as a matter of law (Napoleon Patacsil v. Google Inc., No. 3:18-cv-05062, N.D. Calif.).
SAN JOSE, Calif. — In an Oct. 22 motion in California federal court, the plaintiffs in the two-year-old consolidated class action over various data breach and data theft incidents experienced by Yahoo! Inc. seek preliminary approval of a settlement that would establish a $50 million nonreversionary fund (In re: Yahoo! Inc. Customer Data Security Breach Litigation, No. 5:16-md-02752, N.D. Calif.).
PHOENIX — Finding that a former community college employee did not establish all of the necessary elements to prove that he was terminated for reporting data security violations, an Arizona federal magistrate judge on Oct. 12 partly granted summary judgment in favor of the school, while partly ruling for the employee on defamation and due process claims and deeming a jury determination necessary to resolve disputed factual elements (Miguel Corzo v. Maricopa County Community College District, et al., No. 2:15-cv-02552, D. Ariz., 2018 U.S. Dist. LEXIS 174967).
BALTIMORE — The U.S. Centers for Medicare & Medicaid Services (CMS) announced Oct. 19 that it discovered “anomalous activity” in one of the portals of HealthCare.gov, which is the website through which Americans can obtain health insurance, per the Patient Protection and Affordable Care Act (ACA), 111 P.L. 148,124 Stat. 119.
SAN FRANCISCO — In light of a relevant U.S. Supreme Court ruling and newly enacted legislation, a Ninth Circuit U.S. Court of Appeals panel on Oct. 18 granted a motion by Google LLC to dismiss and remand its appeal of a ruling that required it to comply with a governmental warrant seeking production of user emails stored in foreign servers (In re: Search of Content That is Stored at Premises Controlled by Google, No. 17-17393, 9th Cir., 2018 U.S. App. LEXIS 29450).
SAN FRANCISCO — In an Oct. 17 appellant brief, two former drivers with Uber Technologies Inc. tell the Ninth Circuit U.S. Court of Appeals that their putative class action over the ride-sharing company’s 2014 data breach was improperly dismissed, arguing that they sufficiently alleged injuries sustained by hackers’ theft of their personally identifiable information (PII) (Sasha Antman, et al. v. Uber Technologies Inc. No. 18-16100, 9th Cir.).
WASHINGTON, D.C. — In an Oct. 15 press release, the U.S. Department of Health and Human Services (HHS) announced that it had reached a $16 million settlement with Anthem Inc. over Health Insurance Portability and Accountability Act (HIPAA) violations related to the health insurer’s 2015 data breach. The department said this was the largest such settlement to date.
SAN FRANCISCO — Viacom Inc. failed to establish that a customer who downloaded a children’s gaming app saw, let alone agreed to be bound by, an arbitration provision on its website, a California federal judge ruled Oct. 15, denying Viacom’s motion to stay a lawsuit alleging privacy violations in favor of arbitration (Amanda Rushing, et al. v. Viacom Inc., et al., No. 3:17-cv-04492, N.D. Calif., 2018 U.S. Dist. LEXIS 176988).
PHOENIX — An Arizona federal judge on Oct. 9 granted a motion for extension and gave the parties in a class lawsuit over guest lists being voluntarily turned over to U.S. Immigration and Customs Enforcement (ICE) agents by Motel 6 Operating L.P. and G6 Hospitality LLC, doing business as Motel 6, until Nov. 2 to move for preliminary approval of a class settlement (Jane V., et al. v. Motel 6 Operating L.P., et al., No. 18-242, D. Ariz.).
SAN JOSE, Calif. — A California federal judge on Oct. 12 held that issues of fact preclude summary judgment as to whether a commercial general liability insurer acted in bad faith in its claims handling of underlying class actions filed against Yahoo! Inc. over its practice of scanning the content of emails (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 17-00489, N.D. Calif., 2018 U.S. Dist. LEXIS 176115).
SAN JOSE, Calif. — The same day that Google Inc. announced that a data leak had compromised the personally identifiable information (PII) of up to 500,000 users of its Google Plus social network, the technology giant was named in a putative class complaint filed in California federal court Oct. 8, accusing it of unfair competition, invasion of privacy and negligence (Matt Matic, et al. v. Google Inc., et al., No. 5:18-cv-06164, N.D. Calif.).
ORLANDO, Fla. — A Florida federal judge on Oct. 1 declared that a commercial general liability insurer has no duty to defend its cybersecurity provider insured against underlying personal injury claims arising from a credit card breach involving hotel customers (St. Paul Fire & Marine Insurance Co. v. Rosen Millennium Inc., No. 17-00540, M.D. Fla., 2018 U.S. Dist. LEXIS 173072).