PHOENIX — An originator and provider of residential mortgage loans acted with negligence in failing to properly secure the personal identifying information (PII) of its customers, which allowed an unknown third party to electronically access the PII, exposing the customers to damages and the risk of identity theft and cybercrimes, a borrower alleges in a class action complaint filed April 26 in Arizona federal court.
WASHINGTON, D.C. — Counsel for two nonprofit organizations, the California attorney general (AG) and the U.S. government fielded questions from the U.S. Supreme Court justices on April 26 over the proper standard for challenging the constitutionality of a California requirement that charities turn over donor lists.
NEW YORK — In an April 12 reply brief, Microsoft Corp. argues to the Second Circuit U.S. Court of Appeals that gag orders issued by the government under the Stored Communications Act (SCA) violate the First Amendment to the U.S. Constitution as prior restraint because the orders did not meet the strict scrutiny standard.
SAN JOSE, Calif. — Complying with a California federal magistrate judge’s order, Google LLC and a group of users of its Chrome internet browser filed a joint submission on April 20 enumerating various discovery items on which the parties have reached an impasse, including the production of electronically stored information (ESI) and the defendant’s quest for a protective order related to customer logs.
SANTA ANA, Calif. — A plaintiff’s decision to narrow his class definition in an amended complaint following removal may not be considered when deciding whether remand is appropriate, a federal judge in California ruled on April 20, denying remand of California unfair competition law (UCL) and privacy claims in a case concerning an automatic subscription renewal.
ALEXANDRIA, Va. — A Virginia federal magistrate judge on April 16 granted in part a motion by Amazon Web Services Inc. (AWS) to compel deposition testimony from the plaintiffs’ technical expert in a consolidated class action over Capital One Financial Corp.’s 2019 data breach, giving the co-defendant additional time to interview the expert over his reports related specifically to Amazon.
SAN Jose, Calif. — Two putative children’s privacy class actions against Google LLC and YouTube LLC were consolidated in California federal court on April 20 on a motion by the two defendants, with a judge agreeing that the two cases, which pertain to alleged inappropriate collection of the personally identifiable information (PII) of minors who watched videos on the platform, involve common questions of fact and law.
JACKSONVILLE, Fla. — A motion to certify a class of Chili’s patrons affected by a 2018 data breach was partly granted on April 14, with a Florida federal judge certifying a nationwide class for only a negligence claim brought against the restaurant chain’s owner.
DETROIT — A Black man who was wrongly arrested based on information obtained from facial recognition technology filed a civil rights lawsuit under the Fourth Amendment to the U.S. Constitution on April 13 in Michigan federal court, claiming that the technology is highly flawed and is skewed against people of color.
SAN FRANCISCO — A federal judge in California on April 12 denied an investor group’s request to reconsider his ruling appointing an individual investor as lead plaintiff in a securities class action lawsuit against video communications platform application provider Zoom Communications Inc. and two of its senior executives, ruling that the investor group failed to provide any evidence that would support a finding that revisiting the order is necessary.
SEATTLE — In a pair of rulings issued in parallel cases April 14, a Washington federal judge dismissed claims against Microsoft Corp. under the Illinois Biometric Information Privacy Act (BIPA), while declining to dismiss similar claims against Amazon.com Inc., finding that plaintiffs alleging privacy violations through the companies’ use of facial scans did not sufficiently plead that Microsoft profits from distribution of their biometric information, while holding that claims of profit by Amazon were plausibly alleged.
PASADENA, Calif.—The Ninth Circuit U.S. Court of Appeals on April 9 affirmed a lower federal court’s ruling in favor of an insurer in Alorica Inc.’s lawsuit seeking coverage for its alleged “security failure” that was caused by a phishing attack by an unknown perpetrator, rejecting the insured’s contention that a letter demanding monetary relief from client Express Scripts constituted a “claim” under its “security & privacy risk response” policy.
COLUMBIA, S.C. — A cloud software company that was sued over a 2020 ransomware attack and data breach must provide the identities of its affected customers in response to a discovery request by a putative class, a South Carolina federal judge ruled April 8, deeming the information relevant to a determination of class representatives and overruling the defendant’s objections to the request.
CINCINNATI — The Home Depot Inc. and Home Depot U.S.A. Inc. on April 8 sued their primary and excess commercial general liability insurers for breach of contract and bad faith in a federal court in Ohio, seeking damages up to the full collective policy limits of $50 million for its losses stemming from a 2014 data breach.
WASHINGTON, D.C. — In an April 2 brief, New Jersey asks the U.S. Supreme Court to deny a former sheriff’s officer’s petition for certiorari in which he challenges the constitutionality of a subpoena requiring him to unlock his password-protected smartphone, arguing that the Fifth Amendment to the U.S. Constitution is not implicated and suggesting that the high court lacks jurisdiction over the matter.
WASHINGTON, D.C. — In its April 5 order list, the U.S. Supreme Court granted a motion by the federal government to participate in oral arguments in a lawsuit over a California requirement that nonprofit organizations turn over lists identifying their donors to the state, in which two nonprofit groups allege that the requirement violates their right to association under of the First Amendment to the U.S. Constitution.
GALVESTON, Texas — A federal district court in Texas on March 30 dismissed claims that Fidelity was a 401(k) plan fiduciary and engaged in a prohibited transaction when it shared participant information with its affiliates to market its products to plan participants, concluding that participant data are not “plan assets” under ERISA.
SAN FRANCISCO — Reversing an appellate court’s judgment, the California Supreme Court on April 1 found that a section of California’s Invasion of Privacy Act (CIPA) that prohibits the nonconsensual recording of cellular or cordless phone calls applies to nonparties as well as to the parties to a call.
BOSTON — Overturning two lower courts’ rulings, the Massachusetts Supreme Judicial Court on March 24 found that some of the data sought by the state’s attorney general (AG) in an investigation of Facebook Inc.’s data security practices is protected by the attorney-client privilege or the work product doctrine, remanding the case for a determination of which documents qualify for either privilege.
OAKLAND, Calif. — A user of The Weather Channel smartphone app sufficiently alleged his privacy and unjust enrichment class claims over geolocation data collection carried out by TWC Product and Technology LLC, a California federal judge ruled March 17, finding, however, that a claim under California’s unfair competition law (UCL) merited dismissal for lack of standing.