SAN FRANCISCO — In a Dec. 5 brief opposing a rehearing petition filed by two electronic communication service providers (ECSPs), U.S. Attorney General Jefferson B. Sessions III maintains that the Ninth Circuit U.S. Court of Appeals correctly found that nondisclosure requirements of national security letters (NSLs) served by the Federal Bureau of Investigation in connection with counterterrorism efforts satisfy the strict scrutiny standards of First Amendment to the U.S. Constitution (In re: National Security Letter, No. 16-16067, -16081, -16082 and -16190, 9th Cir.).
WASHINGTON, D.C. — Less than two years after the U.S. Supreme Court ruled on the concrete injury requirement to establish standing under Article III of the U.S. Constitution in a lawsuit over alleged violation of the Fair Credit Reporting Act (FCRA), the data aggregator defendant filed a renewed petition for certiorari Dec. 4, citing conflicting lower court interpretations of the prior ruling and a remand ruling by the Ninth Circuit U.S. Court of Appeals that it says undermines the 2016 decision (Spokeo Inc. v. Thomas Robins, No. 17-806, U.S. Sup.).
NEW YORK — An insurer asked the Second Circuit U.S. Court of Appeals on Dec. 5 to reverse a lower court’s finding that coverage for a firm's multimillion-dollar loss due to a fraudulent wire transfer scheme existed under the computer fraud provision of the company's executive protection insurance policy (Medidata Solutions Inc. v. Federal Insurance Co., No. 17-2492, 2nd Cir.).
MONTGOMERY, Ala. — An Alabama federal judge on Dec. 1 granted the U.S. government’s motion to reconsider limitations that were previously imposed on search methods to be used with certain email accounts, with the judge concluding that the specifics of the case require flexibility with the usual particularity requirements for warrants required by the Fourth Amendment to the U.S. Constitution (In re Search of Information Associated with 15 Email Addresses Stored at Premises Owned, Maintained, Controlled or Operated by 1&1 Media, Inc., et al., No. 2:17-cm-03152, M.D. Ala.).
WASHINGTON, D.C. — The Office of Inspector General (OIG) on Nov. 28 rescinded a 2006 advisory opinion for the drug patient assistance program Caring Voice Coalition Inc. after determining that the program provided patient-specific data to one or more supporting drug companies, according to an OIG letter and a company statement.
SEATTLE — One week after Uber Technologies Inc. revealed a massive data breach that went unreported for a year, Washington Attorney General (AG) Robert W. Ferguson filed suit against the ride-hailing firm in Washington state court for violating the state’s Consumer Protection Act (CPA) (Washington v. Uber Technologies Inc., No. NA, Wash. Super., King Co.).
PASADENA, Calif. — A plaintiff failed to properly plead a violation of the Video Privacy Protection Act (VPPA) by ESPN Inc., a Ninth Circuit U.S. Court of Appeals panel ruled Nov. 29, finding that user data purportedly shared by ESPN via its app did not qualify as personally identifiable information (PII) (Chad Eichenberger v. ESPN Inc., No. 15-35449, 9th Cir.).
WASHINGTON, D.C. — The U.S. Supreme Court heard arguments Nov. 29 on implications under the Fourth Amendment to the U.S. Constitution over the government’s collection of historical cell site location information (CSLI) records via an order issued under the Stored Communications Act (SCA), with the parties debating the expectation of privacy in such records and the application of decades-old legislation and case law to situations involving modern technology (Timothy Ivory Carpenter v. United States of America, No. 16-402, U.S. Sup.).
OAKLAND, Calif. — A California federal judge on Nov. 28 denied the U.S. government’s motion to reconsider a ruling in which she found possible constitutional violations in the FBI’s prohibiting Twitter Inc. from publicly reporting on its involvement in the bureau’s surveillance program, holding that a subsequent Ninth Circuit U.S. Court of Appeals ruling on national security letters (NSLs) did not alter controlling law or compel reconsideration (Twitter Inc. v. Jefferson B. Sessions III, et al., No. 4:14-cv-04480, N.D. Calif., 2017 U.S. Dist. LEXIS 195360).
TAMPA, Fla. — A Florida federal judge on Nov. 17 held that a commercial general liability insurer has no duty to defend against a putative class action alleging that an insured failed to adequately protect the plaintiffs’ personal private information (PPI) and timely disclose a data breach to end users (Innovak International Inc. v. The Hanover Insurance Co., No. 16-2453, M.D. Fla., 2017 U.S. Dist. LEXIS 191271).
PITTSBURGH — In a Nov. 27 brief, a Pittsburgh area hospital asks the Pennsylvania Supreme Court to affirm rulings by a trial and appeals court that a negligence suit brought after a breach of its network is precluded by the economic loss doctrine due to the attenuated nature of the claimed damages, as well as the lack of a statutory duty to provide foolproof protection of electronically stored information (ESI) (Barbara A. Dittman, et al. v. UPMC, et al., No. 43 WAP 2017, Pa. Sup.).
NEW YORK — Mostly affirming a trial court’s dismissal ruling, a Second Circuit U.S. Court of Appeals panel on Nov. 21 held that the lead plaintiffs in a class action alleging violation of an Illinois biometrics statute failed to establish any concrete harm from a software firm’s use of their facial scans in basketball video games, thus defeating their standing under Article III of the U.S. Constitution (Ricardo Vigil, et al. v. Take-Two Interactive Software Inc., No. 17-303, 2nd Cir., 2017 U.S. App. LEXIS 23446).
LOS ANGELES — The same day Uber Technologies Inc. revealed in a Nov. 21 statement that it had experienced a data breach in late 2016, a class action complaint was filed against the ride-hailing firm in California federal court, alleging negligence, invasion of privacy and unfair competition (Alejandro Flores v. Rasier LLC, et al., No. 2:17-cv-08503, C.D. Calif.).
CHARLOTTE, N.C. — An insurer has no duty to defend its insured in two underlying class actions alleging violations of the federal Driver’s Privacy Protection Act (DPPA) because the business liability policy’s statutory violation exclusion clearly bars coverage, a North Carolina federal judge said Nov. 17 in granting the insurer’s motion for judgment on the pleadings (Hartford Casualty Insurance Co. v. Ted A. Greve & Associates, P.A., et al., No. 17-183, W.D. N.C., 2017 U.S. Dist. LEXIS 190603).
ST. LOUIS — Following a Nov. 20 fairness hearing, a Missouri federal judge issued an order that same day granting final approval to an $11.2 million settlement between the operators of the Ashley Madison website and users of the site whose personally identifiable information (PII) was exposed in a 2015 data breach, with the judge deeming the settlement “to be the product of thorough, serious, informed, and non-collusive negotiations” (In re Ashley Madison Customer Data Security Breach Litigation, No. 4:15-cv-02669, E.D. Mo.).
WASHINGTON, D.C. — A health insurer on Oct. 30 filed a petition for certiorari urging the U.S. Supreme Court to provide guidance as to what constitutes an “imminent” injury to support a plaintiff’s standing under Article III of the U.S. Constitution to file suit after a data breach (CareFirst Inc., et al. v. Chantal Attias, et al., No. 17-641, U.S. Sup.).
MONTGOMERY, Ala. — Responding to the U.S. government’s objection to a court-imposed requirement that keyword searches be utilized in searching email accounts targeted by warrants, an Alabama federal judge on Nov. 17 directed the government to submit a brief explaining the search framework it would rather use (In re Search of Information Associated with 15 Email Addresses Stored at Premises Owned, Maintained, Controlled or Operated by 1&1 Media, Inc., et al., No. 2:17-cm-03152, M.D. Ala.).
SAN JOSE, Calif. — In the wake of orders partly dismissing their claims and compelling arbitration of some parties’ claims, the plaintiffs in a putative class action against Intuit Inc. filed an amended complaint in California federal court Nov. 17, restating negligence and unfair competition claims related to the filing of fraudulent tax returns by criminals that exploited purported lax security in Intuit’s TurboTax software (In re Intuit Data Litigation, No. 5:15-cv-01778, N.D. Calif.).
COLUMBUS, Ohio — Asserting that they properly pleaded their bailment claim against Nationwide Mutual Insurance Co. related to a 2012 data breach, two policyholders filed an objection in Ohio federal court Nov. 14 to a magistrate’s dismissal recommendation (Mohammad S. Galaria, et al. v. Nationwide Mutual Insurance Co., No. 2:13-cv-00118, S.D. Ohio).