Mealey's Data Privacy

  • May 14, 2018

    Magistrate Judge Recommends Partially Applying Ohio Law In Data Breach Class Suit

    PITTSBURGH — A Pennsylvania federal magistrate judge on May 9 issued a report and recommendation in a class complaint by banks and credit unions against a fast food company after a hacking incident to apply Ohio law as to the plaintiffs’ negligence and negligence per se claims (First Choice Federal Credit Union, et al. v. The Wendy’s Company, et al., No. 16-506, W.D. Pa., 2018 U.S. Dist. LEXIS 79088).

  • May 14, 2018

    Drivers’ Class Claims Over Uber Data Breach Dismissed For 3rd, Final Time

    SAN FRANCISCO — Uber Technologies Inc. saw negligence and unfair competition claims against it dismissed for a third time May 10, as a California federal magistrate judge found that two former Uber drivers had still failed to establish standing via an injury related to the theft of their personally identifiable information (PII) in a 2014 data breach, despite amending their complaint three times (Sasha Antman, et al. v. Uber Technologies Inc., et al., No. 3:15-cv-01175, N.D. Calif., 2018 U.S. Dist. LEXIS 79371).

  • May 03, 2018

    Lead Plaintiff In FCRA Class Suit Found To Lack Article III Standing

    CHICAGO — An Illinois federal judge on April 17 granted dismissal of a class complaint accusing a consumer reporting agency (CRA) of violating the Fair Credit Reporting Act (FCRA) by releasing the plaintiff’s personal data and the data of others to a marketing agency, after determining that the plaintiff did not identify a concrete injury (Quentin Crabtree, et al. v. Experian Information Solutions, Inc., No. 16-10706, N.D. Ill., 2018 U.S. Dist. LEXIS 67560).

  • May 02, 2018

    Fairness Of Home Depot Data Breach Attorney Fees Award Argued In 11th Circuit

    ATLANTA — In an April 30 reply brief in the 11th Circuit U.S. Court of Appeals, a group of financial institution (FI) plaintiffs defend a trial court’s $15.3 million attorney fees award in conjunction with a $25 million settlement of a class action over the 2014 Home Depot Inc. data breach, calling the award reasonable and based on counsel’s efforts in the case (Northeastern Engineers Federal, et al. v. Home Depot Inc., et al., No. 17-14741, 11th Cir.).

  • May 02, 2018

    Cellular Firm Settles FTC Data-Sharing Charges, Agrees To Security Monitoring

    WASHINGTON, D.C. — The Federal Trade Commission on April 30 announced that it had settled deceptive representation claims against a mobile device company that failed to protect its customers’ data from a third party, with the firm agreeing to a 20-year program of data security and outside compliance monitoring (In re BLU Products Inc., et al., No. 172 3025, FTC).

  • May 01, 2018

    NSA Says State Secrets Privilege Bars Discovery In Upstream Surveillance Suit

    BALTIMORE — In an April 28 brief in Maryland federal court, the National Security Agency (NSA) says that discovery Wikimedia Foundation seeks to compel in its suit alleging constitutional violations in the agency’s upstream surveillance program comprises “highly sensitive and classified information that is protected by state secrets privilege (Wikimedia Foundation v. National Security Agency, et al., No. 1:15-cv-00662, D. Md.).

  • May 01, 2018

    100 Plaintiffs In Equifax Data Breach MDL Seek Remand To State Court

    ATLANTA — In an April 26 motion to remand, 100 plaintiffs in the multidistrict litigation over the 2017 massive Equifax Inc. data breach, told a Georgia federal court that it lacked diversity jurisdiction over them due to damages cap stipulations, seeking to return their respective lawsuits to California state court (In Re:  Equifax Inc. Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).

  • April 30, 2018

    Supreme Court To Decide Fairness Of Google Privacy Cy Pres Class Settlement

    WASHINGTON, D.C. — The U.S. Supreme Court on April 30 granted certiorari in a dispute over the fairness of the settlement of a privacy class action against Google LLC, in which two objectors contend that the distribution of the $8.5 million settlement to cy pres recipients, rather than to class members, does not constitute a “fair, reasonable, and adequate” settlement of the class claims (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).

  • April 30, 2018

    U.S. High Court Takes On State Law Interpretation Of Class Arbitration

    WASHINGTON, D.C. — The U.S. Supreme Court on April 30 granted a petition for writ of certiorari filed by an employer whose payroll system was hacked and asked the high court justices to decide if the Federal Arbitration Act bars a state law interpretation permitting class arbitration where class arbitration is not specifically mentioned in the agreement (Lamps Plus, Inc., et al. v. Frank Varela, No. 17-988, U.S. Sup.).

  • April 26, 2018

    Class, Subclasses Certified In Suit Over Release Of Info On Fetal Tissue Sales

    SEATTLE — A Washington federal judge on April 24 certified a class and three subclasses in a suit by unnamed plaintiffs seeking to stop the release of unredacted information regarding the University of Washington’s (UW) purchase or procurement of fetal tissues, organs and cell products over the last eight years (Jane Does 1-10, et al. v. University of Washington, et al., No. 16-1212, W.D. Wash., 2018 U.S. Dist. LEXIS 68797).

  • April 25, 2018

    SEC Levies $35 Million Fine For Failure To Disclose Yahoo Data Breach

    WASHINGTON, D.C. — In an April 24 order, the Securities and Exchange Commission announced a $35 million penalty agreement with the successor of Yahoo! Inc., by which it settled charges that the internet firm misled investors by failing to report a massive 2014 data breach for two years (In re Altaba Inc., No. N/A, SEC).

  • April 25, 2018

    Google Says Standing, Injury Lacking In Suits Over Illinois Biometric Law

    CHICAGO — The plaintiffs in two putative class actions alleging violation of Illinois’ Biometric Information Privacy Act (BIPA) lack standing under Article III of the U.S. Constitution, Google LLC says in an April 23 summary judgment motion in Illinois federal court, arguing that the plaintiffs have not established a concrete injury under the act (Lindabeth Rivera v. Google LLC, No. 1:16-cv-02714, and Joseph Weiss v. Google LLC, No. 1:16-cv-02870, N.D. Ill.).

  • April 24, 2018

    Fraud, Contract Class Claims Over VTech Data Breach Again Dismissed

    CHICAGO — The plaintiffs in a putative class action against VTech Electronics North America LLC saw their claims related to a 2015 data breach get dismissed a second time April 18, when an Illinois federal judge held that they failed to establish any implied contractual breaches or unfair conduct by the digital toy maker (In re VTech Data Breach Litigation, No. 1:15-cv-10889, N.D. Ill., 2018 U.S. Dist. LEXIS 65060).

  • April 20, 2018

    9th Circuit Denies Zappos Rehearing Over Plaintiffs’ Standing In Data Breach Suit

    SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on April 20 denied a motion by Zappos.com Inc. to reconsider a March panel ruling that found that a putative class of Zappos customers had standing under Article III of the U.S. Constitution to sue the online retailer over a 2012 data breach that exposed their personally identifiable information (PII) (In re Zappos.com Inc. Customer Data Security Breach Litigation, No. 16-16860, 9th Cir.).

  • April 18, 2018

    Disability Claimant’s Interest In Privacy Supports Sealing Entire Administrative Record

    PORTLAND, Ore. — An Oregon federal judge on April 17 granted a disability claimant’s motion to file the entire administrative record under seal after determining that the claimant’s interest in keeping her personal and medical information private outweighs the right of public access to the information (Alison Gary v. Unum Life Insurance Company of America, No. 17-1414, D. Ore., 2018 U.S. Dist. LEXIS 64186).

  • April 18, 2018

    Judge Certifies Illinois Users Class In Facebook Facial Scan Privacy Suit

    SAN FRANCISCO — A group of Illinois Facebook Inc. users were handed another victory April 16, as a California judge certified one of the proposed classes in their lawsuit, in which they claim that the social network operator violated the Illinois Biometric Information Privacy Act (BIPA) by collecting users’ facial scans in connection with a photo-tagging feature (In re Facebook Biometric Information Privacy Litigation, No. 3:15-cv-03747, N.D. Calif., 2018 U.S. Dist. LEXIS 63930).

  • April 17, 2018

    Class Certification Denied In Suit Claiming Prison Calls Were Not Private

    SAN DIEGO — A California federal judge on April 12 declined to certify a class of inmates and attorneys whose phone calls were allegedly eavesdropped on and/or recorded by the company providing inmate communication services, Securus Technologies Inc., finding that the plaintiffs bringing the lawsuit failed to show that a class action is a superior method for proceeding with their claims (Juan Romero, et al. v. Securus Technologies, Inc., No. 16-1283, S.D. Calif., 2018 U.S. Dist. LEXIS 63084).

  • April 17, 2018

    Supreme Court Deems Foreign-Stored Email Suit Mooted By CLOUD Act

    WASHINGTON, D.C. — The U.S. Supreme Court on April 17 declared an already-argued case between the U.S. government and Microsoft Corp. over law enforcement’s ability to compel production of foreign-stored emails to be mooted by the newly passed Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which amended the warrant provision of the Stored Communications Act (SCA) at issue in the suit, leaving no live dispute between the parties (United States v. Microsoft Corp., No. 17-2, U.S. Sup., 2018 U.S. LEXIS 2495).

  • April 16, 2018

    7th Circuit Reinstates Barnes & Noble Data Theft Class Suit, Finds Damages

    CHICAGO — A Seventh Circuit U.S. Court of Appeals panel on April 11 reinstated a proposed class complaint accusing a bookstore chain of failing to protect customers’ personal data when it fell victim to data theft, ruling that the trial court erred when it dismissed two customers’ allegations on the ground that they failed to adequately allege compensable damages (Heather Dieffenbach, et al. v. Barnes & Noble, Inc., No. 17-2408, 7th Cir., 2018 U.S. App. LEXIS 9051).

  • April 09, 2018

    Amended Complaints Ordered In Children’s Privacy Suits Against Disney, Viacom

    SAN FRANCISCO — In an April 6 minute order, a California federal judge ordered that amended complaints be filed in three related class actions brought against The Walt Disney Co., Viacom Inc. and others under the Children’s Online Privacy Protection Act (COPPA) related to game apps, voicing possible concerns about the claims’ viability (Amanda Rushing, et al. v. The Walt Disney Company, et al., No. 3:17-cv-04419, N.D. Calif.; Amanda Rushing, et al. v. Viacom Inc., et al., No. 3:17-cv-04492, N.D. Calif.; Michael McDonald, et al. v. Kiloo ApS, et al., No. 3:17-cv-04344, N.D. Calif.).

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.