We use cookies on this site to enable your digital experience. By continuing to use this site, you are agreeing to our cookie policy. close

Mealey's Data Privacy

  • September 19, 2018

    Settlement Denied, Class Decertified In Neiman Marcus Data Breach Suit

    CHICAGO — An Illinois federal judge on Sept. 17 denied approval of a $1.2 million settlement by Neiman Marcus Group LLC in a data breach lawsuit without prejudice and decertified the settlement class, citing intraclass conflicts (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 14-1735, N.D. Ill., 2018 U.S. Dist. LEXIS 158250).

  • September 19, 2018

    Altaba To Pay $47 Million In Settlement Of All Yahoo Data Breach Claims

    WASHINGTON, D.C. — The rebranded Yahoo Inc. will pay approximately $47 million in a global settlement of all litigation arising from its historic data breach, the company said Sept. 17 in a filing with the Securities and Exchange Commission, which already fined the company $35 million for its handling of the breach.

  • September 13, 2018

    Equifax Says Data Breach Plaintiffs Failed To Plead FCRA, Contract Claims

    ATLANTA — In a Sept. 12 reply brief supporting its motion to dismiss a consolidated class action over its 2017 data breach, Equifax Inc. tells a Georgia federal court that a group of consumer plaintiffs did not plead necessary elements of their contract, negligence and Fair Credit Reporting Act (FCRA) claims, also asserting that a host of claims brought under other states’ laws cannot apply to conduct that occurred only in Georgia (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).

  • September 12, 2018

    Plaintiffs Seek Sanctions For Premera’s Spoliation In Data Breach Suit

    PORTLAND, Ore. — The plaintiffs in a putative class action against Premera Blue Cross over a 2014 data breach filed a motion Aug. 30 for sanctions for discovery misconduct in Oregon federal court, claiming that the insurer willfully spoliated evidence that the hackers exfiltrated policyholders’ data (In Re:  Premera Blue Cross Customer Data Security Breach Litigation, No. 3:15-md-02633, D. Ore.).

  • September 11, 2018

    Withheld NSA Documents Ruled Privileged In Wikimedia Upstream Surveillance Suit

    BALTIMORE — Concluding that an in camera review provision in the Foreign Intelligence Surveillance Act (FISA) does not apply, a Maryland federal judge on Aug. 20 denied a motion by Wikimedia Foundation to compel documents withheld from discovery by the National Security Agency (NSA) in a lawsuit over purported constitutional violations in the agency’s upstream surveillance activities (Wikimedia Foundation v. National Security Agency, et al., No. 1:15-cv-00662, D. Md., 2018 U.S. Dist. LEXIS 141418).

  • September 10, 2018

    Google Asks 9th Circuit To Dismiss, Remand Appeal Over Foreign-Stored Emails

    SAN FRANCISCO — Citing the U.S. Supreme Court’s disposal of a similar case as moot in light of recent legislation, Google LLC on Sept. 7 moved for the Ninth Circuit U.S. Court of Appeals to dismiss and remand its presently stayed appeal of a trial court order requiring the company to comply with a governmental warrant seeking production of emails stored outside the United States (In re:  Search of Content That is Stored at Premises Controlled by Google, No. 17-17393, 9th Cir.).

  • September 7, 2018

    Divided Argument Sought, Amicus Briefs Filed In Google Privacy Cy Pres Suit

    WASHINGTON, D.C. — The same day that 13 amicus curiae briefs were filed supporting a cy pres settlement in a privacy class action over Google LLC’s sharing of referrer header information, both the respondents and the federal government filed briefs with the U.S. Supreme Court Sept. 5, requesting that the Oct. 31 oral arguments be divided (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).

  • September 6, 2018

    Zappos Asks High Court To Address Article III Standard For Data Breach Suits

    WASHINGTON, D.C. — Online retailer Zappos.com Inc. filed a petition for certiorari on Aug. 20, urging the U.S. Supreme Court to address a deepening circuit split on the “recurring and important issue” of what constitutes whether a concrete injury sufficient to confer an individual whose personally identifiable information (PII) was compromised in a data breach with standing to sue the breached business under Article III of the U.S. Constitution (Zappos.com Inc. v. Theresa Stevens, et al., No. 18-225, U.S. Sup.).

  • September 5, 2018

    Nonmonetary Class Claims Settled In TurboTax Data Theft Suit

    SAN JOSE, Calif. — Three months after most of the asserted class claims against Intuit Inc. were dismissed, the plaintiffs in a putative class action over 2014 data theft incidents associated with the TurboTax line of tax preparation software filed a motion in California federal court Aug. 23 seeking preliminary approval of a settlement that would dispose of nonmonetary claims, while permitting class members to pursue claims over actual damages from fraudulent tax return filings (In re Intuit Data Litigation, No. 5:15-cv-01778, N.D. Calif.).

  • September 4, 2018

    Employee: Supreme Court Lacks Jurisdiction To Hear Federal Arbitration Act Appeal

    WASHINGTON, D.C. — The U.S. Supreme Court has no jurisdiction to hear an employer’s appeal of a class arbitration ruling because the original, two-part decision by the trial court was not appealable; however, if the high court decides to reach the merits, it should hold that the Federal Arbitration Act (FAA) doesn’t preempt state law, an employee argues in his respondent brief filed Aug. 30 in the high court (Lamps Plus, Inc., et al. v. Frank Varela, No. 17-988, U.S. Sup.).

  • September 4, 2018

    Google, Privacy Class Defend Cy Pres Settlement In Supreme Court Briefs

    WASHINGTON, D.C. — In a pair of Aug. 29 respondent briefs, Google LLC and a class with which it settled privacy claims tell the U.S. Supreme Court that cy pres settlements, when subject to certain guidelines, are a useful way to settle certain class actions, like the one below, in which distribution of funds to class members is infeasible (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).

  • August 27, 2018

    6th Circuit Upholds Use Of Cell Tower Expert Testimony In Robbery Case

    CINCINNATI — The admittance of expert testimony on the use of cell tower data to track mobile phones of robbery suspects does not taint the convictions of the suspects enough to overcome the wealth of other evidence against them, the Sixth Circuit U.S. Court of Appeals held Aug. 23 (United States v. Shawn Pearson, et al., Nos. 17-1724, 17-1962, 6th Cir., 2018 U.S. App. LEXIS 23797).

  • August 27, 2018

    Southwest Workers’ Biometric Data Class Suit Is Dismissed For Improper Venue

    CHICAGO — An Illinois federal judge on Aug. 23 dismissed a class complaint by airline workers suing over the collection of their biometric data, ruling that their claims are preempted by the Railway Labor Act (RLA) and must be submitted to arbitration (Jennifer Miller, et al. v. Southwest Airlines Co., No. 18-86, N.D. Ill.).

  • August 24, 2018

    Credit Union Must Produce Factual Work Product In Eddie Bauer Data Breach Suit

    SEATTLE — Determining that a credit union placed its communications with certain technical witnesses at issue by citing them in its complaint over Eddie Bauer LLC’s data breach, a Washington federal judge on Aug. 23 deemed the work product privilege waived, leading him to grant in part the retailer’s motion to compel (Veridian Credit Union v. Eddie Bauer LLC, No. 2:17-cv-00356, W.D. Wash., 2018 U.S. Dist. LEXIS 143788).

  • August 22, 2018

    Chipotle, Plaintiffs Object To Magistrate’s Recommendations In Data Breach Suit

    DENVER — Two weeks after a Colorado federal magistrate judge recommended granting in part Chipotle Mexican Grill Inc.’s motion to dismiss a putative class action over a 2017 data breach, both the restaurant chain and the plaintiffs filed objections Aug. 15, raising arguments related to injury, choice of law and the economic-loss doctrine (Todd Gordon, et al. v. Chipotle Mexican Grill Inc., No. 1:17-cv-01415, D. Colo.).

  • August 22, 2018

    California High Court Finds 2 Statutes Applying To Background Checks May Coexist

    SAN FRANCISCO — Two California statutes that apply to background checks performed on school bus drivers may “coexist because both acts are sufficiently clear” and any partial overlap does not render either “superfluous” or “unconstitutionally vague” as each statute “regulates information that the other does not,” the California Supreme Court ruled Aug. 20 (Eileen Connor v. First Student, Inc., et al., No. S229428, Calif. Sup., 2018 Cal. LEXIS 6266).

  • August 22, 2018

    7th Circuit: Smart Meter Data Collection Is 4th Amendment Search, But Reasonable

    CHICAGO — Although a Seventh Circuit U.S. Court of Appeals panel on Aug. 16 found that electric usage data collection via smart meters qualifies as a search under the Fourth Amendment to the U.S. Constitution, it found such a search to be reasonable, and not requiring a warrant, because the data collection is of substantial interest to the Naperville, Ill., government (Naperville Smart Meter Awareness v. City of Naperville, No. 16-3766, 7th Cir., 2018 U.S. App. LEXIS 22834).

  • August 21, 2018

    Google Sued For Tracking Smartphones Despite Disabled Location History

    SAN FRANCISCO — Google Inc. was hit with a putative class complaint in California federal court Aug. 17 for “the surreptitious location tracking of millions of mobile phone users,” which a smartphone user says is contrary to the tech giant’s representations that users could opt out of such tracking via privacy settings on their devices (Napoleon Patacsil v. Google Inc., No. 3:18-cv-05062, N.D. Calif.).

  • August 20, 2018

    J. Crew Tells 3rd Circuit FACTA Receipt Suit Based On Conjectural Harm

    PHILADELPHIA — Calling a plaintiff’s citation of additional authority inapplicable, J. Crew Group Inc. took the opportunity in an Aug. 16 response brief to highlight a recent ruling that it says bolsters its position that the suing customer has not established harm under the Fair and Accurate Credit Transactions Act (FACTA) because he did not allege that the credit card number digits printed on retail receipts were intercepted by anyone (Ahmed Kamal v. J. Crew Group Inc., et al., No. 17-2345 and 17-2453, 3rd Cir.).

  • August 20, 2018

    Consumer Plaintiffs Oppose Dismissal In Equifax Data Breach Suit

    ATLANTA — Asserting that they adequately pleaded such elements as injury, a contractual relationship, legal duties and misrepresentations, a putative class of consumer plaintiffs in an Aug. 13 brief in Georgia federal court oppose a motion by Equifax Inc. to dismiss their complaint over the credit reporting agency’s 2017 data breach (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).