We use cookies on this site to enable your digital experience. By continuing to use this site, you are agreeing to our cookie policy. close

Mealey's Data Privacy

  • March 26, 2019

    Amended Complaint Filed In Consolidated Data Breach Class Action Against Insurer

    ROCHESTER, N.Y. — More than a year after a group of policyholders saw some of their dismissed claims over a 2013 data breach reinstated, the plaintiffs filed a second amended complaint in New York federal court on March 25 against their insurer, abandoning previously asserted claims for breach of contract and negligent misrepresentation (Matthew Fero, et al. v. Excellus Health Plan Inc., et al., No. 6:15-cv-06569, W.D. N.Y.).

  • March 25, 2019

    Judge Finds Reasonable Expectation Of Privacy In Employee’s Dropbox Account

    JOHNSTOWN, Pa. — A former employee had a reasonable expectation of privacy in files and photographs stored in her personal cloud-based Dropbox account, even though she sometimes used the account for work-related purposes, a Pennsylvania federal judge ruled March 19, declining to dismiss a civil rights claim based on an alleged violation of the employee’s rights under the Fourth Amendment to the U.S. Constitution (Elizabeth Frankhouser v. Clearfield County Career and Technology Center, et al., No. 3:18-cv-00180, W.D. Pa., 2019 U.S. Dist. LEXIS 44559).

  • March 25, 2019

    Zappos Denied Certiorari For Article III Question In Data Breach Class Action

    WASHINGTON, D.C. — More than three months after a case over a 2012 data breach was first distributed for conference, the U.S. Supreme Court on March 25 declined to consider a question presented by Zappos.com Inc. in which the online retailer sought a uniform standard to determine what constitutes a concrete injury for purposes of standing under Article III of the U.S. Constitution in class actions over data breach incidents (Zappos.com Inc. v. Theresa Stevens, et al., No. 18-225, U.S. Sup., 2019 U.S. LEXIS 2106).

  • March 22, 2019

    Border Search Of Phone, Devices Deemed Good Faith By 7th Circuit Panel

    CHICAGO — Border agents’ warrantless search of a traveler’s electronic devices, which revealed the existence of child pornography, was conducted in good faith and with reasonable suspicion, a Seventh Circuit U.S. Court of Appeals panel ruled March 19, finding no violation of the Fourth Amendment to the U.S. Constitution and affirming a trial court’s denial of a motion to suppress the obtained data (United States v. Donald Wanjiku, No. 18-1973, 7th Cir., 2019 U.S. App. LEXIS 8154).

  • March 21, 2019

    University Of Connecticut, UCONN Health Hit With Class Suit Over Data Breach

    NEW HAVEN, Conn. — The University of Connecticut and UCONN Health failed to properly secure patients’ personally identifiable information (PII) and protected health information (PHI), resulting in a hacker accessing the personal data of more than 326,000 patients, one patient claims in a March 18 class complaint filed in a Connecticut federal court, seeking an injunction and damages (Yoselin Martinez, et al. v. University of Connecticut, et al., No. 19-416, D. Conn.).

  • March 21, 2019

    Google, Apple, Facebook File Motions To Dismiss Location-Tracking Lawsuit

    OAKLAND, Calif. — Google LLC, Apple Inc. and Facebook Inc. each filed motions in California federal court on March 18 to dismiss a putative class action over the social network’s purported tracking of users’ locations via their smartphone apps (Brendan Lundy, et al. v. Facebook Inc., et al., No. 4:18-cv-06793, N.D. Calif.).

  • March 21, 2019

    Android Users Oppose Facebook’s Motion To Dismiss Data-Scraping Privacy Suit

    SAN FRANCISCO — Arguing that they sufficiently alleged a lack of consent to Facebook Inc.’s practice of scraping data from their phones’ call and text logs, as well as resulting economic injury, a group of Android smartphone users filed a brief in California federal court on March 19 opposing the social network’s motion to dismiss their putative class action alleging privacy and data access violations (Lawrence Olin, et al. v. Facebook Inc., No. 3:18-cv-01881, N.D. Calif.).

  • March 20, 2019

    High Court Declines To Rule In Google Privacy Class Action Due To Standing Issues

    WASHINGTON, D.C. — After oral arguments and a round of supplemental briefing, the U.S. Supreme Court on March 20 concluded in a per curiam majority opinion that it lacked jurisdiction to rule on the fairness of a cy pres settlement of a privacy class action against Google LLC, remanding the case for a determination of whether the plaintiffs sufficiently established standing under Article III of the U.S. Constitution (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).

  • March 19, 2019

    Facebook Seeks Dismissal Of Class Complaint Over ‘View As’ Data Breach

    SAN FRANCISCO — Telling a California federal court that the remaining plaintiffs in a consolidated class action over a 2018 hacking of its profile “View As” feature failed to plead to any harm, Facebook Inc. on March 14 filed a motion to dismiss the complaint (Jasper Schmidt, et al. v. Facebook Inc., No. 3:18-cv-05982, N.D. Calif.).

  • March 13, 2019

    Wendy’s $50 Million Franchisee Hacking Settlement Preliminarily Approved

    PITTSBURGH — A Pennsylvania federal judge on Feb. 26 granted preliminary approval of a $50 million settlement to be paid by a fast food chain to end financial institutions’ class claims against its franchisees in connection with a data breach first reported in 2016 (First Choice Federal Credit Union, et al. v. The Wendy’s Company, et al., No. 16-506, W.D. Pa.).

  • March 12, 2019

    Spokeo Settles FCRA Suit, Agrees To Post Disclaimers, Opt Out Links

    LOS ANGELES — A California federal judge on March 11 approved a stipulation settling a long-running putative class action between online data aggregator Spokeo Inc. and a man that sued it for violating the Fair Credit Reporting Act (FCRA), with the website operator agreeing to post disclaimers about the accuracy of information on its site and how such information may be used (Thomas Robins v. Spokeo Inc., No. 2:10-cv-05306, C.D. Calif.).

  • March 12, 2019

    School District, Employee Settle Suit Over Data Breach Whistleblower Retaliation

    PHOENIX — Five months after a split summary judgment ruling, a school district and a former employee who claims he was fired for exposing negligence that led to multiple data breaches announced that they had settled their remaining claims, leading an Arizona federal magistrate judge to grant dismissal of the case with prejudice on March 7 (Miguel Corzo v. Maricopa County Community College District, et al., No. 2:15-cv-02552, D. Ariz.).

  • March 11, 2019

    Insureds Ask 4th Circuit To Find Insurer Has Duty To Defend Data Breach Suit

    RICHMOND, Va. — A cybersecurity provider insured recently asked the Fourth Circuit U.S. Court of Appeals to reverse a lower federal court’s finding that a commercial general liability insurer has no duty to defend it against underlying personal injury claims arising from a credit card breach involving hotel customers, contending that the lower court “incorrectly applied Florida insurance coverage law” (St. Paul Fire & Marine Insurance Co. v. Rosen Millennium Inc., No. 18-14427, 4th Cir.).

  • March 11, 2019

    3rd Circuit: J. Crew Patron Pleaded No Concrete Identity Theft Harm In FACTA Suit

    PHILADELPHIA — Affirming a trial court’s dismissal of a putative class action against J. Crew Group Inc. under the Fair and Accurate Credit Transactions Act (FACTA), a Third Circuit U.S. Court of Appeals panel on March 8 held that a customer of the retailer failed to plead to any concrete harm in the purported increased risk of identity theft from the printing of 10 digits from his credit card number on his receipts (Ahmed Kamal v. J. Crew Group Inc., et al., No. 17-2345 and 17-2453, 3rd Cir., 2019 U.S. App. LEXIS 7053).

  • March 11, 2019

    Arizona Judge Finds No Expectation Of Privacy In IP Address, Subscriber Info

    TUCSON, Ariz. — Finding that an internet user’s internet protocol (IP) address is information that is publicly available and shared with many parties, an Arizona federal judge on March 7 ruled that a man indicted on federal child pornography charges had no reasonable expectation of privacy in his IP address or in the subscriber information supplied by his internet service provider (ISP), adopting a magistrate’s recommendation to deny the indictee’s motion to suppress the information (United States v. Michael James McCutchin, No. 4:17-cr-01517, D. Ariz., 2019 U.S. Dist. LEXIS 36811).

  • March 11, 2019

    Plaintiffs Seek Attorney Fee, Service Awards In Experian Data Breach Class Action

    SANTA ANA, Calif. — Three months after a judge preliminarily approved their settlement with Experian Information Solutions Inc. over a 2015 data breach, the plaintiffs filed a motion in California federal court on March 6 requesting service awards for the named plaintiffs, as well as awards of attorney fees and litigation costs (In Re Experian Data Breach Litigation, No. 8:15-cv-01592, C.D. Calif.).

  • March 8, 2019

    Imaging Firm Says Discovery In Contract Suit Is Irrelevant, Would Violate GDPR

    WILMINGTON, Del. — An Irish-based medical imaging company argues in a March 5 brief in Delaware court that documents sought in discovery by a former manufacturing partner in a motion to compel are not only irrelevant to the contractual dispute between them but also that  producing them could potentially violate the stringent privacy standards of Europe’s General Data Protection Regulation (GDPR) (Guerbet Ireland Unlimited Co., et al. v. SpecGX LLC, No. N18C-05-159, Del. Super.).

  • March 7, 2019

    Native American Tribes Request Separate Track In Equifax Data Breach Suit

    ATLANTA — Three Native American tribes that saw their claims against Equifax Inc. transferred and centralized in Georgia federal court along with hundreds of other similar suits filed a motion March 1 asking the court to establish a separate track in the litigation for tribal governments’ claims against the company, citing unique issues of law and sovereignty (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).

  • March 7, 2019

    9th Circuit Finds Murder Suspect’s Cell-Site Data Was Acquired In Good Faith

    SAN DIEGO — Although a Ninth Circuit U.S. Court of Appeals panel majority found that law enforcement personnel lacked probable cause to obtain the cell-site location information (CSLI) for a man who was indicted for a murder, it held in a March 4 ruling that the officer’s good faith reliance on a court-issued warrant overcame the probable cause deficiency (United States v. Antonio Gilton, et al., No. 16-10109, 9th Cir., 2019 U.S. App. LEXIS 6507).

  • March 1, 2019

    FTC Settles Children’s Privacy Violations By Musical.ly For $5.7 Million

    LOS ANGELES — The Federal Trade Commission (FTC) on Feb. 27 filed a proposed, stipulated order in California federal court, announcing that it had settled claims against online video social network operator Musical.ly for violation of the Children’s Online Privacy Protection Act (COPPA) for an amount of $5.7 million (United States v.  Musical.ly, et al., No. 2:19-cv-01439, C.D. Calif.).

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.