RICHMOND, Va. — Optometrists may proceed with two related class complaints alleging their personal information was stolen and used to open credit cards after showing injury-in-fact that may be traced to an organization that administers exams, a Fourth Circuit U.S. Court of Appeals panel ruled June 12 (Rhonda L. Hutton, O.D., et al. v. National Board of Examiners in Optometry, Inc., No. 17-1506, Nicole Mizrahi, et al. v. National Board of Examiners in Optometry, Inc., No. 17-1508, 4th Cir., 2018 U.S. App. LEXIS 15748).
SAN DIEGO — A California federal judge on June 8 dismissed a class complaint by a California man suing a home loan company from which his personal data was stolen by hackers, ruling that while the man had standing to bring his lawsuit, he failed to state a claim (Salam Razuki, et al. v. Caliber Home Loans, Inc., et al., No. 17-1718, S.D. Calif., 2018 U.S. Dist. LEXIS 96973).
ATLANTA — In briefs filed June 12 in Georgia federal court, Equifax Inc. and the consumer plaintiffs in the multidistrict litigation (MDL) over the firm’s 2017 data breach oppose the creation of a separate governmental entity track proposed by the city of Chicago, arguing that such a fourth track is unnecessary and would “likely lead to a more cumbersome structure” and “impose additional burden and expense” (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
BROOKLYN, N.Y. — Finding that the Federal Bureau of Investigation had probable cause to believe that a defendant who is charged with Hobbs Act violations was associated with a gang implicated in criminal conspiracy, a New York federal judge on June 5 denied the defendant’s motion to suppress evidence obtained via warrant from his Facebook account, deeming the warrant sufficiently particularized and not in violation of the Fourth Amendment to the U.S. Constitution (United States v. Sharod Liburd, No. 1:17-cr-00296, E.D. N.Y., 2018 U.S. Dist. LEXIS 94440).
HONOLULU — Two customers of the Hawaiian-based restaurant chain Zippy’s filed a putative class action against the chain’s operator June 1 in Hawaii federal court, alleging negligence related to a recently announced breach of the Zippy’s payment system, which they say resulted in payment card fraud (Joshua Bokelman, et al. v. FCH Enterprises Inc., No. 1:18-cv-00209, D. Hawaii).
MIAMI — A Federal Trade Commission order requiring a now-defunct laboratory testing company to implement a reasonable data-security program was deemed unenforceable on June 6 by an 11th Circuit U.S. Court of Appeals panel, which found that rather than “enjoin[ing] a specific act or practice,” the order “mandates a complete overhaul of [LabMD Inc.’s] data-security program and says precious little about how this is to be accomplished” (LabMD Inc. v. Federal Trade Commission, No. 16-16270, 11th Cir., 2018 U.S. App. LEXIS 15229).
WASHINGTON, D.C. — A growing list of class actions against Facebook Inc. over the sharing of millions of social network users’ personal data by a third-party app developer will be centralized in California federal court, the U.S. Judicial Panel for Multidistrict Litigation (JPMDL) ruled June 6, granting a motion to transfer by two of the plaintiffs (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 2843, JPMDL).
CLEVELAND — A Ohio appellate court majority on May 24 reversed a lower court’s ruling that denied a nursing home’s motion for a protective order and compelled it to provide discovery of records pertaining to a nonparty nursing home resident who allegedly fatally assaulted another resident, remanding for an in camera review of the documents to determine whether they are undiscoverable (David Howell, Jr. v. Park East Care & Rehabilitation, et al., No. 106041, Ohio App., 8th Dist., 2018 Ohio App. LEXIS 2225).
ATLANTA — Two weeks after consolidated class complaints were filed by consumer and small business (SB) classes in the consolidated multidistrict litigation over the massive 2017 Equifax Inc. data breach, a class of financial institutions (FIs) followed suit May 30, filing a consolidated complaint in Georgia federal court, accusing the credit-reporting giant of negligence and related claims (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
WASHINGTON, D.C. — Donald Trump’s presidential campaign and Republican strategist Roger Stone each filed briefs May 31, opposing a jurisdictional discovery request in a lawsuit over the 2016 hack of the Democratic National Committee’s (DNC’s) database, asserting that the discovery sought by the plaintiffs, whose personally identifiable information (PII) was stolen and posted online, is overbroad and untimely (Roy Cockrum, et al. v. Donald J. Trump For President Inc., et al., No. 1:17-cv-01370, D. D.C.).
CHICAGO — Class claims by an employee challenging the collection and storage of fingerprint scans may proceed against the company that employed her and the third-party scanner provider, an Illinois federal judge ruled May 31 (Cynthia Dixon v. The Washington and Jane Smith Community – Beverly, et al., No. 17-8033, N.D. Ill., 2018 U.S. Dist. LEXIS 90344).
ORLANDO, Fla. — In light of an announced “agreement in principle” between Wendy’s International LLC and a group of customers who claim that their payment card data (PCD) was compromised in a breach of the fast food chain’s payment system, a Florida federal judge on May 25 administratively closed a putative negligence class action to allow the parties to finalize terms of their settlement (Christine Jackson, et al. v. Wendy’s International LLC, No. 6:16-cv-00210, M.D. Fla.).
CHICAGO — An Illinois federal judge on May 24 remanded a class complaint accusing a theme park of violating the Fair Credit Reporting Act (FCRA), as amended by the Fair and Accurate Transactions Act of 2003 (FACTA), by printing more than the last five digits of debit card numbers on receipts, ruling that the federal court lacks subject matter jurisdiction (Hugo Soto, et al. v. Great America, LLC, et al., No. 17-6902, N.D. Ill., 2018 U.S. Dist. LEXIS 87598).
SAN FRANCISCO — The same day that a California federal judge denied Facebook Inc.’s motion to stay proceedings in a suit over its alleged violations of the Illinois Biometric Information Privacy Act (BIPA), a Ninth Circuit U.S. Court of Appeals panel on May 29 granted the social network’s emergency motion to stay trial court proceedings pending its appeal of a class certification ruling (Namesh Patel, et al. v. Facebook Inc., No. 18-80053, 9th Cir.).
PEORIA, Ill. — An Illinois federal judge on May 23 sent a class complaint accusing a restaurant chain of improperly collecting and retaining employees’ fingerprints back to state court, ruling that the district court lacks jurisdiction (Emily Kiefer, et al. v. Bob Evans Farms, LLC, et al., No. 17-1544, C.D. Ill., 2018 U.S. Dist. LEXIS 88639).
SAN JOSE, Calif. — In a May 15 brief, the lead plaintiffs in a class action over Anthem Inc.’s 2015 data breach ask a California federal judge to overrule a special master’s findings and increase a recommended attorney fees award in the preliminarily settled suit by more than $9 million (In Re: Anthem Inc., Customer Data Security Breach Litigation, No. 5:15-md-02617, N.D. Calif.).
COLUMBUS, Ohio — CVS Health Corp. and its subsidiaries disclosed the HIV status of approximately 6,000 patients in a mass mailing, a Dayton, Ohio, resident, referred to only as John Doe, alleges in a May 16 class complaint filed in the U.S. District Court for the Southern District of Ohio (John Doe, et al. v. CVS Health Corporation, et al., No. 18-488, S.D. Ohio).
BALTIMORE — In a May 18 reply brief in Maryland federal court, Wikimedia Foundation defends its motion to compel documents to establish that its communications were intercepted by the National Security Agency’s (NSA) upstream surveillance program, arguing that a statutory in camera review procedure defeats the government’s assertion of the state secrets privilege (Wikimedia Foundation v. National Security Agency, et al., No. 1:15-cv-00662, D. Md.).
RICHMOND, Va. — Border agents’ discovery of weapons in an airline passenger’s luggage created sufficient individualized suspicion to justify a forensic examination of his smartphone without violating the Fourth Amendment to the U.S. Constitution, a Fourth Circuit U.S. Court of Appeals panel majority ruled May 9, finding that a trial court properly declined to suppress evidence obtained from the search (United States v. Hamza Kolsuz, No. 16-4687, 4th Cir., 2018 U.S. App. LEXIS 12147).
SAN JOSE, Calif. — Granting a motion for partial dismissal by Intuit Inc., a California federal judge on May 15 found that two plaintiffs failed to sufficiently amend their complaint to support negligence and aiding and abetting claims against the tax software firm related to incidents of identity theft and tax fraud due to data theft (Christine Diaz, et al. v. Intuit Inc., No. 5:15-cv-01778, N.D. Calif.; 2018 U.S. Dist. LEXIS 82009).