Mealey's Data Privacy

  • July 08, 2020

    Magistrate Declines To Compel Biometric Unlocking Of Devices By Warrant

    LEXINGTON, Ky. — Although a Kentucky federal magistrate judge concluded that a search warrant compelling an individual to unlock an electronic device via a biometric input can comport with the protections of the Fourth Amendment to the U.S. Constitution, the magistrate in a July 2 ruling declined to compel such production in a warrant requested by the federal government because the application did not establish the necessary reasonable suspicion (In re Search Warrant No. 5165, No. 5:20-mj-05165, E.D. Ky., 2020 U.S. Dist. LEXIS 117049).

  • July 07, 2020

    Yahoo Claims District Court Erred In Enforcing Deductible Coverage Endorsement

    SAN FRANCISCO — A California federal judge erred in allowing a commercial general liability insurer to enforce its policy’s deductible coverage endorsement because enforcing the endorsement in the data privacy coverage dispute ignores the plan language of the policy, the insured contends in a May 18 brief to the Ninth Circuit U.S. Court of Appeals (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 19-16475, 9th Cir.).

  • July 07, 2020

    AT&T, Customers Argue Jurisdictional Discovery Scope In Location Data Sharing Row

    SAN FRANCISCO — In a July 1 joint discovery letter, three AT&T Services Inc. customers ask a California federal court to compel the wireless carrier to provide documents regarding details of its now-discontinued practice of sharing customers’ geolocation data with third parties, arguing that such information is necessary to establish the risk of future harm to respond to AT&T’s assertion that they lack jurisdiction to bring their putative privacy and consumer class claims (Katherine Scott, et al. v. AT&T Inc., et al., No. 3:19-cv-04063, N.D. Calif.).

  • July 06, 2020

    Rehab Facility Moves To Arbitrate Patient’s Lawsuit Over Data Breach

    SANTA ANA, Calif. — The operator of a chain of substance abuse rehabilitation facilities filed a motion in California federal court on June 30 to compel arbitration of privacy and negligence claims brought against it by a former patient over a 2019 data breach, arguing that a contractual provision mandated that his claims be resolved via arbitration rather than litigation (Hector Fuentes v. Sunshine Behavioral Health Group LLC, No. 8:20-cv-00487, C.D. Calif.).

  • July 02, 2020

    Banks’ Negligence Claim Over Sonic Data Breach Survives Dismissal

    CLEVELAND — Partly denying a motion to dismiss putative class claims brought by financial institutions (FIs) over a 2017 data breach experienced by Sonic Corp., an Ohio federal judge on July 1 found that the FIs sufficiently alleged that the fast food chain acted affirmatively in not updating the data security systems for the franchises that were affected by the breach (In re:  Sonic Corp. Customer Data Security Breach, No. 1:17-md-02807, N.D. Ohio, 2020 U.S. Dist. LEXIS 114891).

  • July 01, 2020

    Kentucky Federal Judge Dismisses Suit Over Theft Of Employees’ Personal Data

    COVINGTON, Ky. — A federal judge in Kentucky on June 26 dismissed two class claims under the Fair Credit Reporting Act (FCRA) brought against employers by employees after their personal information was stolen, finding that the employers are not consumer reporting agencies (CRAs), and declined to exercise supplemental jurisdiction over state law claims (Keram J. Christensen, et al. v. Saint Elizabeth Medical Center, Inc., et al., No. 19-43, E.D. Ky., 2020 U.S. Dist. LEXIS 112353).

  • July 01, 2020

    Georgia Hospital Employees Allege COVID-19 Testing Manipulation, Seek TRO

    LAWRENCEVILLE, Ga. — An Athens, Ga., hospital is manipulating COVID-19 tests to obtain “false negative” results to keep space for new admissions and avoid negative publicity and oversight, four current and former employees allege in an amended petition for an emergency temporary restraining order (TRO) and interlocutory injunction filed June 22 in a Georgia state court (Jane Doe 1, et al. v. Landmark Hospital of Athens, LLC, No. 20-A-04131-3, Ga. Super., Gwinnett Co.).

  • June 30, 2020

    Analytics Firm Opposes LinkedIn’s Certiorari Bid, Defends Antitrust Claims

    WASHINGTON, D.C. — The collection of publicly available data from a website does not violate the Computer Fraud and Abuse Act (CFAA), a data analytics firm tells the U.S. Supreme Court in a June 25 brief opposing LinkedIn Corp.’s petition for certiorari over an injunction preventing the professional network operator from blocking such data collection (LinkedIn Corp. v. hiQ Labs Inc., No. 19-1116, U.S. Sup.).

  • June 25, 2020

    New Jersey High Court: Bathroom Spycam Plaintiffs Did Not Establish Recording

    TRENTON, N.J. — Although the New Jersey Supreme Court found that women suing over a janitor’s use of hidden cameras were not required to provide proof that they were actually filmed to support a claim for intrusion on seclusion, the state high court on June 16 ruled that they failed to provide sufficient evidence to establish a reasonable inference that they used the particular bathrooms where the filming occurred (Jaime Friedman, et al. v. Teodoro Martinez, et al., No. A-37/81, N.J. Sup., 2020 N.J. LEXIS 678).

  • June 24, 2020

    Insurer Seeks Protective Order From Officer’s Deposition In Data Breach Suit

    ROCHESTER, N.Y. — A health insurance provider that has been sued by a group of its policyholders over a 2013 data breach moved for a protective order in New York federal court on June 16, seeking to prevent the plaintiffs from deposing its chief information officer (CIO) for a third time (Matthew Fero, et al. v. Excellus Health Plan Inc., et al., No. 6:15-cv-06569, W.D. N.Y.).

  • June 24, 2020

    9th Circuit Won’t Rehear Privacy, Wiretap Claims Over Facebook’s Internet Tracking

    SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel’s reversal of the dismissal of some privacy and intrusion class claims against Facebook Inc. will stand, the panel decided June 23 as it denied the social network’s petition for rehearing in a lawsuit over Facebook’s tracking of users’ internet activity after they have logged out of their account (In re:  Facebook Inc. Internet Tracking Litigation, No. 17-17486, 9th Cir.).

  • June 23, 2020

    Personal Data Is Not A ‘Plan Asset,’ Fidelity Says In Bid To Toss ERISA Claims

    GALVESTON, Texas — In a June 15 motion to exit a dispute over the management of an ERISA-governed plan for Shell Oil Co. employees, a group of Fidelity-related companies argue that claims that it violated fiduciary duties and committed prohibited transactions as the plan’s record-keeper by marketing product to participants rest on the “faulty premise” that participants’ personal data is a plan asset (Charles Harmon v. Shell Oil Co., No. 3:20cv21, S.D. Texas).

  • June 23, 2020

    Comcast, Customer Debate Arbitration Clause In 9th Circuit Privacy Lawsuit

    PORTLAND, Ore. — In a June 18 brief responding to citation of additional authority by a subscriber who alleges privacy violations against it, Comcast Cable Communications LLC tells the Ninth Circuit U.S. Court of Appeals that a recent ruling regarding the so-called McGill rule related to contractual arbitration provisions does not support a trial court’s finding that the company’s arbitration requirement for customer disputes was invalid (Brandon Hodges v. Comcast Cable Communications LLC, No. 19-16483, 9th Cir.).

  • June 19, 2020

    FDIC Seeks Reconsideration Of Privilege Ruling In Capital One Data Breach Suit

    ALEXANDRIA, Va. — The Federal Deposit Insurance Corp. on June 16 asked a Virginia federal court to reconsider a ruling in which it denied the agency’s motion to intervene in a discovery matter in a multidistrict litigation over a 2019 data breach experienced by Capital One Financial Corp., contending that it is entitled to defend as privileged certain documents requested by the plaintiffs (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va.).

  • June 18, 2020

    Magistrate Finds Attorney Fees Not Merited In FOIA Suit Over Facebook Reports

    WASHINGTON, D.C. — A civil liberties organization that sued the Federal Trade Commission under the Freedom of Information Act (FOIA) regarding documents filed with the commission by Facebook Inc. over its data privacy practices received an unfavorable ruling in its quest for attorney fees on June 16 by a District of Columbia federal magistrate judge, who opined in a report and recommendation that the plaintiff did not establish entitlement to fees under the catalyst theory of causation (Electronic Privacy Information Center v. Federal Trade Commission, No. 1:18-cv-00942, D. D.C.).

  • June 15, 2020

    Airbnb Announces Revised Record Submission Law, Settlement With New York

    NEW YORK — An enjoined New York City ordinance that required online home-sharing platform operators to submit certain homeowner data to the city will be revised in accordance with the city’s settlement of a lawsuit filed by Airbnb Inc. under the Fourth Amendment to the U.S. Constitution, the parties reported in a June 12 letter motion seeking a stay of proceedings in New York federal court (Airbnb Inc. v.  New York, No. 1:18-cv-07712; HomeAway.com Inc. v.  New York, No. 1:18-cv-07742, S.D. N.Y.).

  • June 15, 2020

    Banks’ $5.5 Million Settlement Over Equifax Data Breach Preliminarily Approved

    ATLANTA — Three weeks after a group of financial institutions (FIs) announced a $5.5 million settlement with Equifax Inc. over the credit-reporting giant’s 2017 data breach, a Georgia federal judge on June 4 granted preliminary approval to the agreement as being “fair, reasonable, and adequate” and greenlighting the class notification program (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-02800, N.D. Ga.).

  • June 12, 2020

    Facebook Needn’t Produce Full Messenger Source Code In Data-Scraping Suit

    SAN FRANCISCO — A discovery request for all source code related to Facebook Inc.’s Messenger app was deemed too broad by a California federal magistrate judge, who on June 11 instead directed the social network to just submit source code related to the app’s features at issue in the privacy and data access claims over data-scraping activities carried out by the app (Lawrence Olin, et al. v. Facebook Inc., No. 3:18-cv-01881, N.D. Calif.).

  • June 09, 2020

    1st Circuit:  Call Interception Violation Under Wiretap Act Must Be Intentional

    BOSTON— Affirming a trial court’s ruling that reversed the quashing of a subpoena for recordings of an employee’s phone calls, a First Circuit U.S. Court of Appeals panel on June 5 found that the calls were recorded unintentionally and thus did not run afoul of the prohibitions of the Federal Wiretap Act (In re HIPAA Subpoena, No. 19-1424, 1st Cir.).

  • June 09, 2020

    Coverage Not Barred By Invasion Of Privacy Exclusion, Assignee Says To 11th Circuit

    ATLANTA — An insured’s assignee recently asked the 11th Circuit U.S. Court of Appeals to reverse a federal district court’s finding that coverage for an underlying $60,413,112 consent judgment entered against the insured in a Telephone Consumer Protection Act (TCPA) violation dispute is barred by the insurance policy's “invasion of privacy” exclusion (Jacob Horn, et al. v. Liberty Insurance Underwriters, Inc., No. 19-12525, 11th Cir.).