Mealey's Data Privacy

  • October 31, 2018

    Fairness, Standing Argued In High Court Over Google Privacy Cy Pres Settlement

    WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 31 heard arguments about the propriety of cy pres settlements of class actions, with Google LLC, the federal government, a class of Google users and objectors to a class settlement all offering their opinions on whether such a settlement was fair in an underlying privacy case (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).

  • October 30, 2018

    Judge Refuses To Suppress Evidence Of Fraud Scheme From Defendant’s Phone

    DETROIT — Evidence from a defendant’s cell phone documenting his role in a scheme to fraudulently obtain unemployment insurance benefits should not be suppressed, a federal judge in Michigan ruled Oct. 29, finding that a private investigator for an insurance company was not acting as a government agent when viewing the contents of the phone (United States v. Damon Drekarr Kemp, No. 18-20043, E.D. Mich., 2018 U.S. Dist. LEXIS 184341).

  • October 30, 2018

    U.S. Supreme Court Hears Arguments In Class Arbitration Dispute

    WASHINGTON, D.C. — While contract disputes are generally controlled by state law, the Federal Arbitration Act (FAA) controls questions about class arbitrability when it comes to interpreting an employment contract between an employer and employee after the employee filed a class complaint alleging, in part, negligence and violation of California’s unfair competition law (UCL) after employee data was stolen, the attorney representing the employer told the U.S. Supreme Court on Oct. 29 (Lamps Plus, Inc., et al. v. Frank Varela, No. 17-988, U.S. Sup.).

  • October 29, 2018

    Plaintiffs Call Horizon’s Document Production In Data Theft Suit Deficient

    NEWARK, N.J. — In an Oct. 24 letter to a New Jersey federal magistrate judge, the plaintiffs in a lawsuit over the theft of laptops that contained policyholders’ personally identifiable information (PII) assert that the defendant insurance company has shirked its duty to produce discovery relevant to the claims and defenses in the case, seeking a hearing or motion to compel withheld documents (In Re Horizon Healthcare Services Inc. Data Breach Litigation, No. 2:13-CV-07418, D. N.J.).

  • October 26, 2018

    Payment Card Data Found Not To Be Trade Secret Under DTSA

    DENVER — A federal judge in Colorado on Oct. 24 ruled that two financial institutions failed to sufficiently show that payment card data is a trade secret or that the data has any independent economic value in bringing their Defend Trade Secrets Act (DTSA) claims against fast food restaurant operator Chipotle Mexican Grill Inc. for its role in a massive data breach (Bellwether Community Credit Union, et al. v. Chipotle Mexican Grill Inc., No. 17-1102, D. Colo., 2018 U.S. Dist. LEXIS 182717).

  • October 25, 2018

    Objectors To Google Privacy Cy Pres Settlement Inform High Court Of New Ruling

    WASHINGTON, D.C. — Eight days before the scheduled oral argument in a dispute over the fairness of cy pres settlements in class actions, two objectors to the settlement in a privacy lawsuit against Google LLC filed a supplemental brief with the U.S. Supreme Court on Oct. 23, reporting a recent Ninth Circuit U.S. Court of Appeals ruling that they say demonstrates “the pernicious affects” such settlements can have (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).

  • October 25, 2018

    AT&T Moves To Dismiss Complaint Over Cellphone Hack And Cryptocurrency Theft

    LOS ANGELES — AT&T Inc. seeks dismissal of a 16-count complaint in which one of its customers attempts to hold the cellular provider responsible for the theft of almost $24 million in cryptocurrency via hacking of his cellphone, arguing in an Oct. 22 motion in California federal court that the plaintiff “falls far short of stating a claim against” it under any of his theories (Michael Terpin v. AT&T Inc., et al., No. 2:18-cv-06975, C.D. Calif.).

  • October 24, 2018

    Judge Dismisses Privacy, Negligence Claims Over Theft Of Data From Escrow Agent

    CHICAGO — Mostly granting an escrow agent’s motion to dismiss a lawsuit over a hacking incident that exposed a customer’s personal information, an Illinois federal judge on Oct. 16 found that the plaintiff did not allege any intentional disclosure or negligent misrepresentation by the agent (Robert Douglas White v. Citywide Title Corp., et al., No. 1:18-cv-02086, N.D. Ill., 2018 U.S. Dist. LEXIS 177834).

  • October 24, 2018

    Google Says Smartphone Data Collection Suit Must Fail Because Of User Consent

    SAN FRANCISCO — An iPhone user suing Google LLC for collecting location information from his device consented to such collection when he opted to use Google’s services, the tech giant tells a California federal court in an Oct. 22 motion, seeking dismissal of privacy claims against it as a matter of law (Napoleon Patacsil v. Google Inc., No. 3:18-cv-05062, N.D. Calif.).

  • October 23, 2018

    $50 Million Settlement Proposed In Consolidated Yahoo Data Breach Suit

    SAN JOSE, Calif. — In an Oct. 22 motion in California federal court, the plaintiffs in the two-year-old consolidated class action over various data breach and data theft incidents experienced by Yahoo! Inc. seek preliminary approval of a settlement that would establish a $50 million nonreversionary fund (In re:  Yahoo! Inc. Customer Data Security Breach Litigation, No. 5:16-md-02752, N.D. Calif.).

  • October 23, 2018

    Data Breach Whistleblower’s Retaliation Suit Against College Partly Dismissed

    PHOENIX — Finding that a former community college employee did not establish all of the necessary elements to prove that he was terminated for reporting data security violations, an Arizona federal magistrate judge on Oct. 12 partly granted summary judgment in favor of the school, while partly ruling for the employee on defamation and due process claims and deeming a jury determination necessary to resolve disputed factual elements (Miguel Corzo v. Maricopa County Community College District, et al., No. 2:15-cv-02552, D. Ariz., 2018 U.S. Dist. LEXIS 174967).

  • October 23, 2018

    CMS Reports 75,000 Users’ Files Accessed In Data Breach

    BALTIMORE — The U.S. Centers for Medicare & Medicaid Services (CMS) announced Oct. 19 that it discovered “anomalous activity” in one of the portals of, which is the website through which Americans can obtain health insurance, per the Patient Protection and Affordable Care Act (ACA), 111 P.L. 148,124 Stat. 119. 

  • October 22, 2018

    9th Circuit Dismisses, Remands Appeal Over Warrant For Google Foreign-Stored Emails

    SAN FRANCISCO — In light of a relevant U.S. Supreme Court ruling and newly enacted legislation, a Ninth Circuit U.S. Court of Appeals panel on Oct. 18 granted a motion by Google LLC to dismiss and remand its appeal of a ruling that required it to comply with a governmental warrant seeking production of user emails stored in foreign servers (In re:  Search of Content That is Stored at Premises Controlled by Google, No. 17-17393, 9th Cir., 2018 U.S. App. LEXIS 29450).

  • October 19, 2018

    Uber Drivers Defend Negligence Suit Over Data Breach To 9th Circuit

    SAN FRANCISCO — In an Oct. 17 appellant brief, two former drivers with Uber Technologies Inc. tell the Ninth Circuit U.S. Court of Appeals that their putative class action over the ride-sharing company’s 2014 data breach was improperly dismissed, arguing that they sufficiently alleged injuries sustained by hackers’ theft of their personally identifiable information (PII) (Sasha Antman, et al. v. Uber Technologies Inc. No. 18-16100, 9th Cir.).

  • October 18, 2018

    Anthem Settles With HHS Over Data Breach HIPAA Violations For $16 Million

    WASHINGTON, D.C. — In an Oct. 15 press release, the U.S. Department of Health and Human Services (HHS) announced that it had reached a $16 million settlement with Anthem Inc. over Health Insurance Portability and Accountability Act (HIPAA) violations related to the health insurer’s 2015 data breach.  The department said this was the largest such settlement to date.

  • October 18, 2018

    Judge Won’t Stay Children’s Privacy Suit Against Viacom To Pursue Arbitration

    SAN FRANCISCO — Viacom Inc. failed to establish that a customer who downloaded a children’s gaming app saw, let alone agreed to be bound by, an arbitration provision on its website, a California federal judge ruled Oct. 15, denying Viacom’s motion to stay a lawsuit alleging privacy violations in favor of arbitration (Amanda Rushing, et al. v. Viacom Inc., et al., No. 3:17-cv-04492, N.D. Calif., 2018 U.S. Dist. LEXIS 176988).

  • October 17, 2018

    Plaintiffs In Motel 6 Guest List Suit Granted More Time For Settlement

    PHOENIX — An Arizona federal judge on Oct. 9 granted a motion for extension and gave the parties in a class lawsuit over guest lists being voluntarily turned over to U.S. Immigration and Customs Enforcement (ICE) agents by Motel 6 Operating L.P. and G6 Hospitality LLC, doing business as Motel 6, until Nov. 2 to move for preliminary approval of a class settlement (Jane V., et al. v. Motel 6 Operating L.P., et al., No. 18-242, D. Ariz.).

  • October 15, 2018

    Jury Must Decide If Insurer Handled Yahoo Email Scanning Suits In Bad Faith

    SAN JOSE, Calif. — A California federal judge on Oct. 12 held that issues of fact preclude summary judgment as to whether a commercial general liability insurer acted in bad faith in its claims handling of underlying class actions filed against Yahoo! Inc. over its practice of scanning the content of emails (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 17-00489, N.D. Calif., 2018 U.S. Dist. LEXIS 176115).

  • October 11, 2018

    Google Hit With Class Action After Google Plus Data Leak Is Revealed

    SAN JOSE, Calif. — The same day that Google Inc. announced that a data leak had compromised the personally identifiable information (PII) of up to 500,000 users of its Google Plus social network, the technology giant was named in a putative class complaint filed in California federal court Oct. 8, accusing it of unfair competition, invasion of privacy and negligence (Matt Matic, et al. v. Google Inc., et al., No. 5:18-cv-06164, N.D. Calif.).

  • October 10, 2018

    Judge: Insurer Has No Duty To Defend Against Claims Arising From Data Breach

    ORLANDO, Fla. — A Florida federal judge on Oct. 1 declared that a commercial general liability insurer has no duty to defend its cybersecurity provider insured against underlying personal injury claims arising from a credit card breach involving hotel customers (St. Paul Fire & Marine Insurance Co. v. Rosen Millennium Inc., No. 17-00540, M.D. Fla., 2018 U.S. Dist. LEXIS 173072).

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.