LOS ANGELES — A federal judge in California on Sept. 16 granted preliminary approval of a $16 million settlement to be paid by ACT Inc. to end a class complaint alleging disclosure of information regarding certain ACT examinees’ disability status to colleges and scholarship organizations and denying certain examinees with disabilities an equal opportunity to participate in its Educational Opportunity Service (EOS) program (Halie Bloom, et al. v. ACT, Inc., No. 18-6749, C.D. Calif.).
SAN FRANCISCO — Deeming the scope of discovery proposed by Facebook Inc. to be “restrictive” and “limited,” a California federal magistrate judge overseeing discovery in a consolidated class action over Facebook’s sharing of users’ profile data with third-party app developers issued an order on Oct. 29 directing the social network operator to produce data it shared related to users’ activity both on and off of its platform (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 18-md-2843, N.D. Calif.).
GREENBELT, Md. — The bellwether plaintiffs in a consolidated class complaint over Marriott International Inc.’s massive four-year data breach have sufficiently pleaded most of their negligence claims against an information technology (IT) company co-defendant that provided services to a Marriott subsidiary, a Maryland federal judge ruled Oct. 26, denying the company’s dismissal motion on five out of six bellwether claims (In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 19-2879, D. Md.).
ALEXANDRIA, Va. — The plaintiffs suing Capital One Financial Corp. over its 2019 data breach failed in their bid to obtain further testimony from the credit card issuer’s chief information officer (CIO) on Oct. 16, when a Virginia federal magistrate judge denied their motion to compel answers to deposition questions that they said were wrongly withheld under the bank examination privilege (In re Capital One Customer Data Security Breach Litigation, No. 19-2915, E.D. Va.).
LOS ANGELES — Two days after ruling that FedEx Office and Print Services Inc. is entitled to coverage for underlying class actions alleging that it violated the Fair and Accurate Credit Transactions Act (FACTA), a federal judge in California on Oct. 22 ordered FedEx and its professional solutions insurer to private mediation (FedEx Office and Print Services, Inc. v. Continental Casualty Company, No. 20-4799, C.D. Calif.).
SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on Oct. 20 affirmed a federal judge in Nevada’s ruling that Ocwen Loan Servicing LLC did not violate the Fair Credit Reporting Act (FCRA) when accessing credit reports of borrowers whose mortgage loans were discharged in bankruptcy proceedings, finding that the loan servicer obtained the information to determine whether the borrowers were eligible for loss mitigation.
SANTA ANA, Calif. — Seven months after a Pennsylvania man sued a substance abuse rehabilitation facility where he once received treatment, the plaintiff on Oct. 21 filed a notice of voluntary dismissal in California federal court, bringing an end to his privacy and unfair competition claims over a data breach that compromised his personal information (Hector Fuentes v. Sunshine Behavioral Health Group LLC, No. 20-487, C.D. Calif.).
SAN FRANCISCO — The parents of a group of minor plaintiffs who sued over the collection of voice recordings by the “Alexa” digital assistant are attempting to avoid an arbitration requirement by filing suit in their children’s names, Amazon.com Inc. argues in a Sept. 24 reply brief, asking the Ninth Circuit U.S. Court of Appeals to reverse a trial court’s finding that the minors, as nonsignatories, were not bound by the online retailer’s terms of service (TOS) (B.F., et al. v. Amazon.com Inc., et al., No. 20-35359, 9th Cir.).
SAN FRANCISCO — A spyware firm may proceed with its interlocutory appeal of a trial court judge’s ruling that it was not entitled to sovereign immunity in a computer fraud lawsuit a Ninth Circuit U.S. Court of Appeals panel ruled Oct. 16, denying a motion by WhatsApp Inc. to dismiss the appeal for lack of jurisdiction (WhatsApp Inc., et al. v. NSO Group Technologies Limited, et al., No. 20-16408, 9th Cir., 2020 U.S. App. LEXIS 32787).
SAN FRANCISCO — A trial court judge correctly found that the distribution of a $13 million settlement fund of a long-running privacy class action over Google LLC’s “Street View” feature would be infeasible, Google and the named plaintiffs argued in their respective appellee briefs on Oct. 13, asking to the Ninth Circuit U.S. Court of Appeals to find that the settlement’s cy pres-only nature was appropriate, despite the representations of an objecting class member (In re Google LLC Street View Electronic Communications Litigation [Benjamin Joffe, et al. v. Google Inc.], No. 20-15616, 9th Cir.).
TACOMA, Wash. — A Washington federal judge on Oct. 16 granted a joint stipulation to file the administrative record in a disability dispute under seal, agreeing with the parties that the need to protect the disability claimant’s privacy is a compelling reason to file the record under seal (Randolff Scott Ruffell Westover v. Life Insurance Company of North America, No. 20-5606, W.D. Wash., 2020 U.S. Dist. LEXIS 192304).
GREENBELT, Md. — A Maryland federal judge on Oct. 14 recommended that Chicago be ordered to provide responses to interrogatories and requests for production (RFPs) served by Marriott International Inc. in a consolidated lawsuit brought by the city and other plaintiffs over a massive data breach experienced by the hotel chain (In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 8:19-md-02879, D. Md.).
SAN FRANCISCO — Two newly added plaintiffs from the United Kingdom should be dismissed from the consolidated lawsuit over the sharing of social network users’ profile data with third parties, Facebook Inc. argues in an Oct. 13 reply brief, telling a California federal court that applicable forum selection clauses preclude inclusion of the foreign plaintiffs in the putative class action (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 18-md-2843, N.D. Calif.).
PEORIA, Ill. — A federal judge in Illinois on Oct. 8 partially granted a motion by a restaurant chain to dismiss or stay a class complaint over its collection of employees biometric data via its timekeeping system and staying proceedings pending arbitration, ruling that the agreement leaves to an arbitrator to decide the enforceability (Austin Kuznik, et al. v. Hooters of America, LLC, et al., No. 20-1255, C.D. Ill., 2020 U.S. Dist. LEXIS 186548).
SAN FRANCISCO — In a Sept. 16 cross-appeal filed in the Ninth Circuit U.S. Court of Appeals, a commercial general liability insurer argues that Yahoo forfeited its claim to $618,380 in attorney fees under Brandt v. Superior Court in their data privacy coverage dispute but defends the lower court’s ruling that the policy’s deductible coverage endorsement is enforceable and precludes coverage for additional damages (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 19-16475, 9th Cir.).
MINNEAPOLIS — A magistrate judge in Minnesota on Oct. 5 said that a settlement conference will be held before him on Oct. 28 in Target’s breach of contract lawsuit seeking coverage for its settlement with a group of financial institutions (FIs) over a 2013 data breach (Target Corp. v. ACE American Insurance Co., et al., No. 0:19-cv-02916, D. Minn.).
CINCINNATI — The Sixth Circuit U.S. Court of Appeals on Oct. 8 denied a mandamus petition by the Ohio Board of Pharmacy (OBOP) to order the opioids multidistrict litigation court to rescind its order to provide the names and addresses of opioid prescribers and dispensers to retail pharmacies in an upcoming bellwether trial (In Re: National Prescription Opiate Litigation [In Re: State of Ohio Board of Pharmacy], No. 20-3875, 6th Cir.).
PORTLAND, Maine— Concluding that state evidentiary law protecting the confidentiality of patient records applies equally to redacted and unredacted records, the Maine Supreme Judicial Court on Sept. 29 reversed a trial court’s order compelling the production of the redacted records of nonparty patients who underwent similar surgical procedures as one at issue in a malpractice suit against a hospital (Estate of Carol A. Kennelly v. Mid Coast Hospital, No. Cum-18-445, Maine Sup., 2020 Me. LEXIS 118).
LOS ANGELES — The health officer for Los Angeles County filed a reply brief in California federal court on Oct. 5 supporting his motion to dismiss a complaint alleging that his order directing county businesses to collect customer information for the purpose of contact tracing in the event of an outbreak of COVID-19 is unconstitutional, arguing that the order was properly issued under governmental emergency powers and that the plaintiffs failed to allege any concrete constitutional harms (Miura Corp., et al. v. Muntu Davis, M.D., M.P.H., No. 20-5497, C.D. Calif.).
SAN FRANCISCO — An insured on Sept. 8 asked the Ninth Circuit U.S. Court of Appeals to reverse a lower federal court's ruling in favor of its insurer in a lawsuit seeking coverage for its alleged "security failure" that was caused by a phishing attack by an unknown perpetrator, contending that a letter demanding monetary relief from one of its clients constituted a "claim" under its "security & privacy risk response" policy (Alorica Inc. v. Starr Surplus Lines Insurance Company, No. 20-55458, 9th Cir.).