ERIE, Pa. — A rent-to-own (RTO) retailer and one of its franchisees on June 28 moved for summary judgment related to a couple’s claims under the Electronic Communications Privacy Act (ECPA), telling a Pennsylvania federal court that the plaintiffs did not plead sufficient facts or damages to support their privacy assertions (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).
ALBANY, N.Y. — New York Attorney General (AG) Letitia James issued a press release on June 28 announcing that her office had settled an investigation over privacy violations by the operator of a gay and bisexual dating app, with the company agreeing to pay $240,000 and to make substantial changes to its online security.
SAN FRANCISCO — In briefs filed June 12, the American Civil Liberties Union and the owner of the Washington Post ask the Ninth Circuit U.S. Court of Appeals to reverse a trial court’s decision to seal court records and documents related to efforts by the U.S. Department of Justice (DOJ) to get Facebook Inc. to assist it with surveillance in a criminal investigation, arguing that the sealed documents are matters of public record and potentially shed light on important matters surrounding the government’s ability to compel compliance with electronic surveillance programs (American Civil Liberties Union Foundation, et al. v. U.S. Department of Justice, et al., Nos. 19-15472 and 19-15473, 9th Cir.).
LOS ANGELES — One week after a California federal judge dismissed her punitive class complaint against Delta Air Lines Inc. and a customer service business partner over a 2017 data breach, a Florida woman on June 25 filed a notice of her intent to not further amend her breach of contract and computer fraud claims, instead requesting entry of final judgment (Teresa J. McGarry v. Delta Air Lines Inc., et al., No. 2:18-cv-09827, C.D. Calif.).
WASHINGTON, D.C. — On their second appeal of a ruling dismissing a putative class action over their health insurance provider’s 2014 data breach, a group of policyholders tell the District of Columbia Circuit U.S. Court of Appeals in a June 24 appellant brief that they adequately pleaded damages from the breach to allow their negligence and contract claims to proceed (Chantal Attias, et al. v. CareFirst Inc., et al., No. 19-7020, D.C. Cir.).
SAN FRANCISCO — A California federal judge on June 21 mostly granted a motion by Facebook Inc. to dismiss a putative class action over a 2018 data theft via the social network’s “view as” feature, finding that only one of the remaining plaintiffs established standing and that most of his claims were not sufficiently pleaded or were precluded under California law (William Bass Jr., et al. v. Facebook Inc., No. 3:18-cv-05982, N.D. Calif., 2019 U.S. Dist. LEXIS 104488).
OAKLAND, Calif. — In a June 21 order to show cause (OSC), a California federal judge reports that newly submitted evidence from the federal government has likely convinced her to reverse a two-year old ruling in which she declined to dismiss constitutional challenges to the Foreign Intelligence Surveillance Act (FISA) and the Espionage Act by Twitter Inc. in connection with a gag order forbidding the social network from reporting on its mandated participation in government surveillance activities (Twitter Inc. v. William P. Barr, et al., No. 4:14-cv-04480, N.D. Calif.).
WASHINGTON, D.C. — In a June 21 per curiam majority opinion, the District of Columbia Circuit U.S. Court of Appeals found that a labor union sufficiently alleged class claims against The U.S. Office of Personnel Management (OPM) and a contractor under the Privacy Act of 1974 related to a 2015 data breach, partly reversing a trial court’s dismissal of the consolidated lawsuit (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, No. 17-5217 & 17-5232, D.C. Cir., 2019 U.S. App. LEXIS 18609).
ATLANTA — The state of Georgia, the American Civil Liberties Union and a man convicted of vehicular homicide presented arguments to the Georgia Supreme Court on June 19 as to whether data related to a car’s air bag deployment, and related information, was properly downloaded by law enforcement investigating a deadly car crash prior to obtaining a warrant, or whether these actions violated the Fourth Amendment to the U.S. Constitution (Victor Mobley v. The State, No. S18G1546, Ga. Sup.).
DENVER — A Colorado federal judge on June 19 granted preliminary approval to a settlement of class claims over a 2017 data breach experienced by against Chipotle Mexican Grill Inc., with the burrito chain agreeing to pay claims of affected customers without an aggregated cap (Todd Gordon, et al. v. Chipotle Mexican Grill Inc., No. 1:17-cv-01415, D. Colo., 2019 U.S. Dist. LEXIS 102304).
NEWARK, N.J. — In a June 11 motion to dismiss, J. Crew Group Inc. says that a customer’s recently filed third amended complaint (TAC) fails to support his claim under the Fair and Accurate Credit Transactions Act (FACTA) for purportedly printing noncompliant receipts, arguing that the man pleads no new facts to support his twice-dismissed claims of an increased risk of identity theft (Ahmed Kamal v. J. Crew Group Inc., et al., No. 2:15-cv-00190, D. N.J.).
CHICAGO — Employees of two airlines challenging the collection of their biometric data via systems tracking their work time must take their disputes before an adjustment board pursuant to the Railway Labor Act (RLA), a Seventh Circuit U.S. Court of Appeals panel ruled June 13 (Jennifer Miller, et al. v. Southwest Airlines Co., No. 18-3476, David Johnson, et al. v. United Airlines, Inc., et al., No. 19-1785, 7th Cir., 2019 U.S. App. LEXIS 17803).
SAN FRANCISCO — Finding that the record established that Facebook Inc. did not use its facial recognition technology in the photo-uploading incident at the heart of a putative class action, a Ninth Circuit U.S. Court of Appeals panel on June 14 affirmed judgment in the social network’s favor on a man’s claim that it violated an Illinois biometric privacy statute (Frederick William Gullen v. Facebook Inc., No. 18-15785, 9th Cir., 2019 U.S. App. LEXIS 17969).
CHICAGO — Nine months after a judge declined to approve a previously proposed settlement between the Neiman Marcus Group LLC and a group of customers over a 2013 data breach, the parties filed a status report on June 12, informing an Illinois federal court that they had reached a new settlement (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).
SEATTLE — In a putative class complaint filed June 11 in Washington federal court, Amazon.com Inc. was accused of violating eight states’ wiretap statutes by recording and storing the voices of minors without consent or notice via the “Alexa” digital assistant (C.O. v. Amazon.com Inc., et al., No. 2:19-cv-00910, W.D. Wash.).
NEW YORK — Several surveillance program documents withheld by government agencies in response to Freedom of Information Act (FOIA) requests by the American Civil Liberties Union were properly found to be classified or privileged, a Second Circuit U.S. Court of Appeals panel found May 30, affirming a trial court’s ruling and taking the opportunity to clarify some exemptions to the FOIA, 5 U.S.C. § 552 (American Civil Liberties Union, et al. v. National Security Agency, et al., No. 17-3399, 2nd Cir., 2019 U.S. App. LEXIS 16122).
NEWARK, N.J. — Three days after Quest Diagnostics Inc. announced that a breach of a billing vendor’s system had exposed patient information, a negligence class complaint was filed against the nationwide medical testing firm in New Jersey federal court on June 6, seeking monetary damages and security system improvements (Francis Carbonneau v. Quest Diagnostics Inc., et al., No. 2:19-cv-13472, D. N.J.).
WASHINGTON, D.C. — Overruling objections raised by a class of consumer plaintiffs, the U.S. Judicial Panel on Multidistrict Litigation (JPMDL) on June 5 consolidated two putative class actions filed by financial institutions (FIs) over a 2017 data breach experienced by Sonic Corp. with those previously filed by consumer plaintiffs against the fast food chain, transferring the FIs' suits to Ohio federal court (In re: Sonic Corp. Customer Data Security Breach, No. 2807, JPMDL).
WEST PALM BEACH, Fla. — A Florida federal judge on May 30 held that coverage for an underlying $60,413,112 consent judgment entered against an insured in a Telephone Consumer Protection Act (TCPA) violation dispute is barred by the insurance policy’s “invasion of privacy” exclusion, finding that the alleged TCPA violations arise ou tof an invasion of privacy (Jacob Horn, et al. v. Liberty Insurance Underwriters, Inc., No.18-80762, S.D. Fla., 2019 U.S. Dist. LEXIS 90194).
SANTA ANA, Calif. — With a California couple’s June 3 complaint against First American Title Co. in California federal court, six putative class actions have now been filed in the wake of the recent revelation of purported lapses in protecting customer data by the leading title insurance company (Antonio Barajas, et al. v. First American Financial Corp., et al., No. 8:19-cv-01078, C.D. Calif.).