ATLANTA — A month after almost 100 lawsuits over the recently announced Equifax Inc. data breach were consolidated, the presiding Georgia federal judge, in a Jan. 9 case management order, announced that the case would proceed with separate, concurrent tracks for individual consumer and financial institution (FI) plaintiffs (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
SAN JOSE, Calif. — A commercial general liability (CGL) insurer on Jan. 4 moved for summary judgment in California federal court in a coverage dispute with Yahoo! Inc., arguing that its duty to indemnify was never triggered in underlying privacy lawsuits over the internet firm’s former email-scanning practices because no damages award was levied against Yahoo (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, Pa., No. 5:17-cv-00489, N.D. Calif.).
WASHINGTON, D.C. — In its Jan. 8 order list, the U.S. Supreme Court denied a petition for certiorari by a man who claimed to have opted out of the 2011 settlement of a privacy class action against Google Inc. over its now-defunct Google Buzz feature, letting stand a Ninth Circuit U.S. Court of Appeals ruling affirming dismissal of the suit under the doctrine of res judicata (Michael Amalfitano v. Google Inc., No. 17-358, U.S. Sup.).
BOSTON — A gynecologist accused of wrongfully providing a pharmaceutical drug sales representative access to patients’ confidential health information cannot have access to instructions provided to two grand juries, a federal magistrate judge in Massachusetts ruled Jan. 3, holding that the information could not support her claim for vindictive prosecution (United States of America v. Rita Luthra, No. 15-cr-30032, D. Mass., 2018 U.S. Dist. LEXIS 604).
BOSTON — A federal court correctly determined that, based on terms in a professional liability policy, an insurer has no duty to defend an insured doctor against claims by his ex-wife that he unlawfully disclosed her confidential health care information, the insurer tells the First Circuit U.S. Court of Appeals in a Nov. 22 response brief (Medical Mutual Insurance Company of Maine, Inc. v. Douglas Burka, 17-1872, 1st Cir.).
CHICAGO — An Illinois man filed a class complaint on Dec. 21 in an Illinois state court accusing a Chicago hospital of violating state law by collecting, storing and disclosing employees’ fingerprints and then failing to destroy the data when employment ends (Corey Heard, et al. v. St. Bernard Hospital, et al., No. 2017-CH-16828, Ill. Cir., Cook Co.).
WASHINGTON, D.C. — An appeals court correctly found that they plausibly alleged an injury-in-fact due to a breach of their insurer’s network and the theft of their personally identifiable information (PII), a group of insureds tell the U.S. Supreme Court in a Jan. 2 brief opposing the insurer’s petition for certiorari challenging their standing under Article III of the U.S. Constitution (CareFirst Inc., et al. v. Chantal Attias, et al., No. 17-641, U.S. Sup.).
WASHINGTON, D.C. — A civil liberties organization failed to establish standing to sue over a federal governmental advisory committee’s request for voter information from the states, a District of Columbia Circuit U.S. Court of Appeals panel majority ruled Dec. 26, upholding a trial court’s denial of a preliminary injunction that would halt collection of the information (Electronic Privacy Information Center v. Presidential Advisory Commission on Election Integrity, et al., No. 17-5171, D.C. Cir., 2017 U.S. App. LEXIS 26535).
BALTIMORE — In accordance with the Health Insurance Portability and Accountability Act (HIPAA) and its implanting regulations, a Maryland federal judge on Dec. 19 issued a disclosure order authorizing health care providers to disclose a decedent’s protected health information in the presence of plaintiff’s counsel in a wrongful death and negligence lawsuit and also issued a qualified protective order authorizing third parties to disclose the decedent’s protected health information pursuant to traditional discovery mechanisms (Gwendolyn Lynch v. SSC Glen Burnie Operating Company, LLC, No. 17-1328, D. Md., 2017 U.S. Dist. LEXIS 208948).
WASHINGTON, D.C. — Although a District of Columbia federal judge applauded a group of plaintiffs’ efforts to champion constitutional rights allegedly violated by the National Security Agency’s (NSA’s) bulk metadata collection program, he nevertheless found it necessary to dismiss their lawsuits against the government for lack of jurisdiction in a Nov. 21 ruling, in light of the subsequent expiry of the USA Patriot Act, which changed the facts of the case (Larry Elliott Klayman, et al. v. National Security Agency, et al., Nos. 1:13-cv-00851 and 1:13-cv-00881, D. D.C., 2017 U.S. Dist. LEXIS 193267).
ATLANTA — In a Dec. 18 brief in the 11th Circuit U.S. Court of Appeals, Home Depot Inc. appeals what it describes as a “staggering” attorney fees award granted to a group of financial institutions (FIs) that sued over the retailer’s 2014 data breach (Northeastern Engineers Federal, et al. v. Home Depot Inc., et al., No. 17-14741, 11th Cir.).
COLUMBUS, Ohio — Adopting a magistrate’s recommendation, an Ohio federal judge on Dec. 13 dismissed the remaining bailment claim alleged against Nationwide Mutual Insurance Co. by two of its policyholders related to a 2012 data breach, with the judge finding that the plaintiffs did not establish that they relinquished control of their personally identifiable information (PII) to the insurer (Mohammad S. Galaria, et al. v. Nationwide Mutual Insurance Co., No. 2:13-cv-00118, S.D. Ohio, 2017 U.S. Dist. LEXIS 205304).
NEW YORK — A magazine publisher that has faced several class complaints alleging unlawful disclosures of customers’ data had no duty to preserve evidence between the termination of the first class complaint and the filing of the second, a New York federal magistrate judge ruled Dec. 18 (Josephine James Edwards v. Hearst Communications, Inc., No. 15-9279, S.D. N.Y., 2017 U.S. Dist. LEXIS 207540).
SAN FRANCISCO — In a December 18 appellee brief, Facebook Inc. tells the Ninth Circuit U.S. Court of Appeals that a trial court correctly found that three of the social network’s users’ claims over the collection of their protected health information (PHI) from third-party health-related websites “are barred by their undisputed, affirmative consent to” Facebook’s data policy (Winston Smith, et al. v. Facebook Inc., No. 17-16206, 9th Cir.).
SAN JOSE, Calif. — In a Dec. 15 motion, Intuit Inc. asks a California federal court to again dismiss negligence and aiding and abetting claims brought against it related to incidents of fraudulent tax return filings, arguing that the plaintiffs did not establish any liability for the criminal activities of third parties (In re Intuit Data Litigation, No. 5:15-cv-01778, N.D. Calif.).
WASHINGTON, D.C. — The U.S Judicial Panel on Multidistrict Litigation (JPMDL) on Dec. 6 issued a transfer order centralizing 97 cases pending in various districts over Equifax Inc.’s recently announced data breach in the U.S. District Court for the Northern District of Georgia (In Re: Equifax, Inc., Customer Data Security Breach Litigation, MDL No. 2800, JPMDL, 2017 U.S. Dist. LEXIS 200507).
SAN FRANCISCO — On Dec. 8, the same day that a group of plaintiffs moved for class certification in their claims under Illinois’ Biometric Information Privacy Act (BIPA) against Facebook Inc., the social network moved for summary judgment, telling a California federal court that applying the Illinois law to its out-of-state facial recognition activities would violate the dormant commerce clause of the U.S. Constitution (In re Facebook Biometric Information Privacy Litigation, No. 3:15-cv-03747, N.D. Calif.).
WASHINGTON, D.C. — In a Dec. 6 petition for certiorari, the U.S. government argues that a warrant issued under the Stored Communications Act (SCA) obligated Microsoft Corp.to provide a user’s email data that it happened to store abroad, asking the U.S. Supreme Court to overturn the Second Circuit U.S. Court of Appeals’ finding that the presumption against extraterritoriality barred such foreign application of the statute (United States v. Microsoft Corp., No. 17-2, U.S. Sup.).
SAN FRANCISCO — In a Dec. 5 brief opposing a rehearing petition filed by two electronic communication service providers (ECSPs), U.S. Attorney General Jefferson B. Sessions III maintains that the Ninth Circuit U.S. Court of Appeals correctly found that nondisclosure requirements of national security letters (NSLs) served by the Federal Bureau of Investigation in connection with counterterrorism efforts satisfy the strict scrutiny standards of First Amendment to the U.S. Constitution (In re: National Security Letter, No. 16-16067, -16081, -16082 and -16190, 9th Cir.).
WASHINGTON, D.C. — Less than two years after the U.S. Supreme Court ruled on the concrete injury requirement to establish standing under Article III of the U.S. Constitution in a lawsuit over alleged violation of the Fair Credit Reporting Act (FCRA), the data aggregator defendant filed a renewed petition for certiorari Dec. 4, citing conflicting lower court interpretations of the prior ruling and a remand ruling by the Ninth Circuit U.S. Court of Appeals that it says undermines the 2016 decision (Spokeo Inc. v. Thomas Robins, No. 17-806, U.S. Sup.).