ROCHESTER, N.Y. — In light of a Second Circuit U.S. Court of Appeals ruling and newly submitted evidence suggesting potential criminal misuse of policyholders’ personally identifiable information (PII), which was stolen in a breach of their insurer’s network, a New York federal judge on Jan. 19 found that sufficient allegations of injury from the risk of future identity theft merited reconsideration of her previous decision to dismiss claims brought by some of the plaintiffs in a putative class action against the insurer (Matthew Fero, et al. v. Excellus Health Plan Inc., et al., No. 6:15-cv-06569, W.D. N.Y., 2018 U.S. Dist. LEXIS 8999).
SEATTLE — Washington State Attorney General Bob Ferguson announced in a press release that the state sued Motel 6 on Jan. 3 in the King County Superior Court, alleging that the national hotel chain voluntarily provided guest lists to agents of U.S. Immigration and Customs Enforcement (ICE) on a routine basis for at least two years (Washington v. Motel 6 Operating LP, Wash. Super., King Co.).
ORLANDO, Fla. — Customers suing over a 2015/2016 data breach at fast food franchises have proposed class definitions that are “fundamentally flawed,” have failed to show that there is common evidence and haven’t proven any risk of future harm, Wendy’s International LLC argues in its opposition to a motion for class certification filed Jan. 16 in a Florida federal court (Jonathan Torres, et al. v. Wendy’s International, LLC, No. 16-210, M.D. Fla.).
WASHINGTON, D.C. — The U.S. Supreme Court on Jan. 22 denied a petition for certiorari filed by an online data aggregator seeking review of a follow-up question related to standing under Article III of the U.S. Constitution that it claimed was not resolved in a 2016 ruling by the Supreme Court in the same case (Spokeo Inc. v. Thomas Robins, No. 17-806, U.S. Sup.).
HARTFORD, Conn. — A Connecticut trial court erred when it ruled for a health care provider, finding that it did not owe its patient a common-law duty of confidentiality when responding to a subpoena, the Connecticut Supreme Court ruled Jan. 16 (Emily Byrne v. Avery Center for Obstetrics and Gynecology, P.C., SC 19873, Conn. Sup., 2018 Conn. LEXIS 20).
PHILADELPHIA — Aetna Inc. and related entities (Aetna, collectively) have agreed to pay $17,161,200 to settle privacy claims by more than 13,400 class members whose HIV status was revealed by the insurer through an indiscreet mailing, according to a motion for preliminary approval of a class action settlement filed Jan. 16 (Andrew Beckett, et al. v. Aetna, Inc., et al., No. 17-3864, E.D. Pa.).
WASHINGTON, D.C. — In a Jan. 11 respondent brief, Microsoft Corp. asks the U.S. Supreme Court to affirm the Second Circuit U.S. Court of Appeals’ finding that the Stored Communications Act (SCA) does not permit the government to seize, via warrant, emails that are stored abroad, arguing that altering of the 30-year old statute’s reach to address such modern technological matters should be handled via legislation, not litigation (United States v. Microsoft Corp., No. 17-2, U.S. Sup.).
WASHINGTON, D.C. — In a Jan. 3 reply brief supporting its certiorari petition, an online data aggregator that has twice received adverse rulings on a Fair Credit Reporting Act (FCRA) complaint against it asks the U.S. Supreme Court to grant review to address a follow-up question pertaining to standing under Article III of the U.S. Constitution that it says was not resolved in a 2016 ruling by the high court in the same case (Spokeo Inc. v. Thomas Robins, No. 17-806, U.S. Sup.).
ATLANTA — A month after almost 100 lawsuits over the recently announced Equifax Inc. data breach were consolidated, the presiding Georgia federal judge, in a Jan. 9 case management order, announced that the case would proceed with separate, concurrent tracks for individual consumer and financial institution (FI) plaintiffs (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
SAN JOSE, Calif. — A commercial general liability (CGL) insurer on Jan. 4 moved for summary judgment in California federal court in a coverage dispute with Yahoo! Inc., arguing that its duty to indemnify was never triggered in underlying privacy lawsuits over the internet firm’s former email-scanning practices because no damages award was levied against Yahoo (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, Pa., No. 5:17-cv-00489, N.D. Calif.).
WASHINGTON, D.C. — In its Jan. 8 order list, the U.S. Supreme Court denied a petition for certiorari by a man who claimed to have opted out of the 2011 settlement of a privacy class action against Google Inc. over its now-defunct Google Buzz feature, letting stand a Ninth Circuit U.S. Court of Appeals ruling affirming dismissal of the suit under the doctrine of res judicata (Michael Amalfitano v. Google Inc., No. 17-358, U.S. Sup.).
BOSTON — A gynecologist accused of wrongfully providing a pharmaceutical drug sales representative access to patients’ confidential health information cannot have access to instructions provided to two grand juries, a federal magistrate judge in Massachusetts ruled Jan. 3, holding that the information could not support her claim for vindictive prosecution (United States of America v. Rita Luthra, No. 15-cr-30032, D. Mass., 2018 U.S. Dist. LEXIS 604).
BOSTON — A federal court correctly determined that, based on terms in a professional liability policy, an insurer has no duty to defend an insured doctor against claims by his ex-wife that he unlawfully disclosed her confidential health care information, the insurer tells the First Circuit U.S. Court of Appeals in a Nov. 22 response brief (Medical Mutual Insurance Company of Maine, Inc. v. Douglas Burka, 17-1872, 1st Cir.).
CHICAGO — An Illinois man filed a class complaint on Dec. 21 in an Illinois state court accusing a Chicago hospital of violating state law by collecting, storing and disclosing employees’ fingerprints and then failing to destroy the data when employment ends (Corey Heard, et al. v. St. Bernard Hospital, et al., No. 2017-CH-16828, Ill. Cir., Cook Co.).
WASHINGTON, D.C. — An appeals court correctly found that they plausibly alleged an injury-in-fact due to a breach of their insurer’s network and the theft of their personally identifiable information (PII), a group of insureds tell the U.S. Supreme Court in a Jan. 2 brief opposing the insurer’s petition for certiorari challenging their standing under Article III of the U.S. Constitution (CareFirst Inc., et al. v. Chantal Attias, et al., No. 17-641, U.S. Sup.).
WASHINGTON, D.C. — A civil liberties organization failed to establish standing to sue over a federal governmental advisory committee’s request for voter information from the states, a District of Columbia Circuit U.S. Court of Appeals panel majority ruled Dec. 26, upholding a trial court’s denial of a preliminary injunction that would halt collection of the information (Electronic Privacy Information Center v. Presidential Advisory Commission on Election Integrity, et al., No. 17-5171, D.C. Cir., 2017 U.S. App. LEXIS 26535).
BALTIMORE — In accordance with the Health Insurance Portability and Accountability Act (HIPAA) and its implanting regulations, a Maryland federal judge on Dec. 19 issued a disclosure order authorizing health care providers to disclose a decedent’s protected health information in the presence of plaintiff’s counsel in a wrongful death and negligence lawsuit and also issued a qualified protective order authorizing third parties to disclose the decedent’s protected health information pursuant to traditional discovery mechanisms (Gwendolyn Lynch v. SSC Glen Burnie Operating Company, LLC, No. 17-1328, D. Md., 2017 U.S. Dist. LEXIS 208948).
WASHINGTON, D.C. — Although a District of Columbia federal judge applauded a group of plaintiffs’ efforts to champion constitutional rights allegedly violated by the National Security Agency’s (NSA’s) bulk metadata collection program, he nevertheless found it necessary to dismiss their lawsuits against the government for lack of jurisdiction in a Nov. 21 ruling, in light of the subsequent expiry of the USA Patriot Act, which changed the facts of the case (Larry Elliott Klayman, et al. v. National Security Agency, et al., Nos. 1:13-cv-00851 and 1:13-cv-00881, D. D.C., 2017 U.S. Dist. LEXIS 193267).
ATLANTA — In a Dec. 18 brief in the 11th Circuit U.S. Court of Appeals, Home Depot Inc. appeals what it describes as a “staggering” attorney fees award granted to a group of financial institutions (FIs) that sued over the retailer’s 2014 data breach (Northeastern Engineers Federal, et al. v. Home Depot Inc., et al., No. 17-14741, 11th Cir.).
COLUMBUS, Ohio — Adopting a magistrate’s recommendation, an Ohio federal judge on Dec. 13 dismissed the remaining bailment claim alleged against Nationwide Mutual Insurance Co. by two of its policyholders related to a 2012 data breach, with the judge finding that the plaintiffs did not establish that they relinquished control of their personally identifiable information (PII) to the insurer (Mohammad S. Galaria, et al. v. Nationwide Mutual Insurance Co., No. 2:13-cv-00118, S.D. Ohio, 2017 U.S. Dist. LEXIS 205304).