Mealey's Data Privacy

  • December 01, 2017

    OIG Rescinds Approval Of Drug Patient Assistance Program For Privacy Breaches

    WASHINGTON, D.C. — The Office of Inspector General (OIG) on Nov. 28 rescinded a 2006 advisory opinion for the drug patient assistance program Caring Voice Coalition Inc. after determining that the program provided patient-specific data to one or more supporting drug companies, according to an OIG letter and a company statement.

  • December 01, 2017

    Washington AG Sues Uber For Failure To Notify About 2016 Data Breach

    SEATTLE — One week after Uber Technologies Inc. revealed a massive data breach that went unreported for a year, Washington Attorney General (AG) Robert W. Ferguson on Nov. 28 filed suit against the ride-hailing firm in Washington state court for violating the state’s Consumer Protection Act (CPA) (Washington v. Uber Technologies Inc., No. NA, Wash. Super., King Co.).

  • November 30, 2017

    9th Circuit Affirms ESPN App User Did Not Identify Shared PII Under VPPA

    PASADENA, Calif. — A plaintiff failed to properly plead a violation of the Video Privacy Protection Act (VPPA) by ESPN Inc., a Ninth Circuit U.S. Court of Appeals panel ruled Nov. 29, finding that user data purportedly shared by ESPN via its app did not qualify as personally identifiable information (PII) (Chad Eichenberger v. ESPN Inc., No. 15-35449, 9th Cir.).

  • November 29, 2017

    Justices Hear Arguments On 4th Amendment Rights And Cell Location Records

    WASHINGTON, D.C. — The U.S. Supreme Court heard arguments Nov. 29 on implications under the Fourth Amendment to the U.S. Constitution over the government’s collection of historical cell site location information (CSLI) records via an order issued under the Stored Communications Act (SCA), with the parties debating the expectation of privacy in such records and the application of decades-old legislation and case law to situations involving modern technology (Timothy Ivory Carpenter v. United States of America, No. 16-402, U.S. Sup.).

  • November 29, 2017

    Judge Won’t Reconsider Gag Order Ruling For Twitter Over FBI Data Collection

    OAKLAND, Calif. — A California federal judge on Nov. 28 denied the U.S. government’s motion to reconsider a ruling in which she found possible constitutional violations in the FBI’s prohibiting Twitter Inc. from publicly reporting on its involvement in the bureau’s surveillance program, holding that a subsequent Ninth Circuit U.S. Court of Appeals ruling on national security letters (NSLs)  did not alter controlling law or compel reconsideration (Twitter Inc. v. Jefferson B. Sessions III, et al., No. 4:14-cv-04480, N.D. Calif., 2017 U.S. Dist. LEXIS 195360).

  • November 29, 2017

    Judge: CGL Insurer Has No Duty To Defend Against Class Action Over Data Breach

    TAMPA, Fla. — A Florida federal judge on Nov. 17 held that a commercial general liability insurer has no duty to defend against a putative class action alleging that an insured failed to adequately protect the plaintiffs’ personal private information (PPI) and timely disclose a data breach to end users (Innovak International Inc. v. The Hanover Insurance Co., No. 16-2453, M.D. Fla., 2017 U.S. Dist. LEXIS 191271).

  • November 28, 2017

    Hospital Says Economic Loss Doctrine Bars Data Breach Negligence Claim

    PITTSBURGH — In a Nov. 27 brief, a Pittsburgh area hospital asks the Pennsylvania Supreme Court to affirm rulings by a trial and appeals court that a negligence suit brought after a breach of its network is precluded by the economic loss doctrine due to the attenuated nature of the claimed damages, as well as the lack of a statutory duty to provide foolproof protection of electronically stored information (ESI) (Barbara A. Dittman, et al. v. UPMC, et al., No. 43 WAP 2017, Pa. Sup.).

  • November 27, 2017

    2nd Circuit Finds Video Game Players Lack Standing In Biometrics Suit

    NEW YORK — Mostly affirming a trial court’s dismissal ruling, a Second Circuit U.S. Court of Appeals panel on Nov. 21 held that the lead plaintiffs in a class action alleging violation of an Illinois biometrics statute failed to establish any concrete harm from a software firm’s use of their facial scans in basketball video games, thus defeating their standing under Article III of the U.S. Constitution (Ricardo Vigil, et al. v. Take-Two Interactive Software Inc., No. 17-303, 2nd Cir., 2017 U.S. App. LEXIS 23446).

  • November 27, 2017

    Federal Magistrate Recommends Arbitration Of Barnes & Noble Data Privacy Class Suit

    NEW YORK — The arbitration provision in Barnes & Noble Booksellers Inc.’s (B&N) terms of use (TOU) on its website is not unconscionable and therefore must be enforced in a class complaint filed by a customer who claims that information about her online purchase of a DVD was shared with Facebook, a New York federal magistrate judge opined in a Nov. 20 report and recommendation (Melina Bernardino v. Barnes & Noble Booksellers, Inc., No. 17-4570, S.D. N.Y., 2017 U.S. Dist. LEXIS 192814).

  • November 22, 2017

    Uber Announces Massive Data Breach, Hit With Class Complaint

    LOS ANGELES — The same day Uber Technologies Inc. revealed in a Nov. 21 statement that it had experienced a data breach in late 2016, a class action complaint was filed against the ride-hailing firm in California federal court, alleging negligence, invasion of privacy and unfair competition (Alejandro Flores v. Rasier LLC, et al., No. 2:17-cv-08503, C.D. Calif.).

  • November 22, 2017

    No Coverage Owed For Underlying Suits Alleging Statutory Violations

    CHARLOTTE, N.C. — An insurer has no duty to defend its insured in two underlying class actions alleging violations of the federal Driver’s Privacy Protection Act (DPPA) because the business liability policy’s statutory violation exclusion clearly bars coverage, a North Carolina federal judge said Nov. 17 in granting the insurer’s motion for judgment on the pleadings (Hartford Casualty Insurance Co. v. Ted A. Greve & Associates, P.A., et al., No. 17-183, W.D. N.C., 2017 U.S. Dist. LEXIS 190603).

  • November 21, 2017

    $11.2 Million Ashley Madison Data Breach Suit Settlement Granted Final Approval

    ST. LOUIS — Following a Nov. 20 fairness hearing, a Missouri federal judge issued an order that same day granting final approval to an $11.2 million settlement between the operators of the Ashley Madison website and users of the site whose personally identifiable information (PII) was exposed in a 2015 data breach, with the judge deeming the settlement “to be the product of thorough, serious, informed, and non-collusive negotiations” (In re Ashley Madison Customer Data Security Breach Litigation, No. 4:15-cv-02669, E.D. Mo.).

  • November 21, 2017

    Insurer Asks High Court To Clarify Article III Injury Standing In Data Breach Suit

    WASHINGTON, D.C. — A health insurer on Oct. 30 filed a petition for certiorari urging the U.S. Supreme Court to provide guidance as to what constitutes an “imminent” injury to support a plaintiff’s standing under Article III of the U.S. Constitution to file suit after a data breach (CareFirst Inc., et al. v. Chantal Attias, et al., No. 17-641, U.S. Sup.).

  • November 21, 2017

    Judge Asks Government To Explain Objection To Email Keyword Search Order

    MONTGOMERY, Ala. — Responding to the U.S. government’s objection to a court-imposed requirement that keyword searches be utilized in searching email accounts targeted by warrants, an Alabama federal judge on Nov. 17 directed the government to submit a brief explaining the search framework it would rather use (In re Search of Information Associated with 15 Email Addresses Stored at Premises Owned, Maintained, Controlled or Operated by 1&1 Media, Inc., et al., No. 2:17-cm-03152, M.D. Ala.).

  • November 21, 2017

    Amended Class Complaint Filed Over Fraudulent TurboTax Filings

    SAN JOSE, Calif. — In the wake of orders partly dismissing their claims and compelling arbitration of some parties’ claims, the plaintiffs in a putative class action against Intuit Inc. filed an amended complaint in California federal court Nov. 17, restating negligence and unfair competition claims related to the filing of fraudulent tax returns by criminals that exploited purported lax security in Intuit’s TurboTax software (In re Intuit Data Litigation, No. 5:15-cv-01778, N.D. Calif.).

  • November 20, 2017

    Nationwide Data Breach Plaintiffs Object To Bailment Dismissal Recommendation

    COLUMBUS, Ohio — Asserting that they properly pleaded their bailment claim against Nationwide Mutual Insurance Co. related to a 2012 data breach, two policyholders filed an objection in Ohio federal court Nov. 14 to a magistrate’s dismissal recommendation (Mohammad S. Galaria, et al. v. Nationwide Mutual Insurance Co., No. 2:13-cv-00118, S.D. Ohio).

  • November 20, 2017

    Facebook Tracking Cookie Class Action Dismissed For 3rd Time

    SAN JOSE, Calif. — A group of Facebook Inc. users saw their putative class claims against the social network operator dismissed for a third time Nov. 17, with a California federal judge finding that the plaintiffs still failed to establish that Facebook breached a contractual duty when it purportedly tracked their online activities (In re:  Facebook Internet Tracking Litigation, No. 5:12-md-02314, N.D. Calif.).

  • November 17, 2017

    Employer’s Collection Of Biometric Data Violates Illinois Law, Class Suit Claims

    CHICAGO — The owner of assisted living facilities violates the Illinois’ Biometric Information Privacy Act (BIPA) by collecting biometric data, one former employee alleges in a class complaint filed Nov. 14 in the Cook County, Ill., Circuit Court (Jonnae Taylor, et al. v. Sunrise Senior Living Management, Inc., et al., No. 2017-CH-15152, Ill. Cir., Cook Co., Chancery Div.).

  • November 17, 2017

    Negligence Claim Is Not Preempted By ERISA, California Federal Judge Says

    SAN DIEGO — Because a negligence claim against a health insurer is seeking damages related to the release of private medical information rather than a denial of benefits, the negligence claim is not preempted by the Employee Retirement Income Security Act, a California federal judge said Nov. 9 in denying the insurer’s motion to dismiss (James Heldt v. The Guardian Life Insurance Company of America, No. 16-885, S.D. Calif., 2017 U.S. Dist. LEXIS 186299).

  • November 13, 2017

    Plaintiffs Say VTech Data Breach Revealed Products’ Diminished Value

    CHICAGO — Stressing that the claims in their amended complaint center on a benefit of the bargain damages theory, the plaintiffs in a putative class action filed in the wake of a 2015 data breach experienced by VTech Electronics North America LLC oppose the firm’s dismissal motion in a Nov. 9 brief in Illinois federal court, arguing that the breach  revealed VTech’s failure to provide a promised kid-safe environment (In re VTech Data Breach Litigation, No. 1:15-cv-10889, N.D. Ill.).

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.