Newsletter RSS

Mealey's Data Privacy

  • October 03, 2024

    Vermont Health Provider Pays $540,000 To Settle Data Breach Class Claims

    BURLINGTON, Vt. — A federal judge in Vermont granted final approval of a $540,000 settlement to be paid by an integrated health provider in that state, ending a class suit by a patient over a 2022 data breach that allegedly exposed the personal information of more than 60,000 people.

  • October 02, 2024

    Judge Partly Dismisses Hunter Biden’s Suit Against IRS, Won’t Let Agents Intervene

    WASHINGTON, D.C. — A District of Columbia federal judge partly granted the United States and U.S. Internal Revenue Service’s motion to dismiss claims brought against them by Hunter Biden for failure to protect the privacy of his tax returns, but declined to dismiss Biden’s claim for damages and denied a motion to intervene filed by two IRS agents who were involved in the disclosure of Biden’s tax information.

  • October 01, 2024

    Judge Dismisses Suit Disputing Coverage For BIPA Claims Over AI Food Phone Orders

    CHICAGO — Following receipt of a businessowners insurer’s notice of voluntary dismissal, a federal judge in Illinois dismissed the insurer’s lawsuit seeking a declaratory judgment that it owes no coverage for two underlying putative class action lawsuits alleging that its insured and two franchise restaurants violated the Illinois Biometric Information Privacy Act (BIPA) when they used the insured’s voice artificial intelligence technology to handle phone orders from customers.

  • September 27, 2024

    Plaintiff Consents To Hacked Facebook Accounts Suit Being Heard By Magistrate

    SAN FRANCISCO — A plaintiff bringing a putative class action against Meta Platforms Inc. in California federal court for breach of contract and violation of California’s unfair competition law (UCL) due to it allegedly allowing “hackers to abscond with hundreds of thousands of Facebook accounts” while barring hacked users from regaining access to their accounts consented to magistrate jurisdiction over the suit on Sept. 26.

  • September 26, 2024

    In Camera Review Showed Amazon Used Privilege Designation Too Broadly

    SEATTLE — Saying that almost 80% of the documents produced for in camera review “were improperly designated or over-designated as” subject to attorney-client privilege, a Washington federal judge ordered Amazon.com Inc. to make a variety of productions to plaintiffs who sued it over the unauthorized recording and retention of private conversations.

  • September 25, 2024

    Plaintiffs, Google Update Status Of Suit Over $5.5M Cookie Privacy Suit Settlement

    WILMINGTON, Del. — Following the lifting of a stay in a lawsuit where the plaintiffs sued Google LLC for purported privacy violations, the parties filed a joint status report in a Delaware federal court saying the 12-year-old case is “essentially at the same procedural posture as in 2015” after the court denied final approval of a $5.5 million settlement.  The plaintiffs noted that they have prepared discovery to address class issues and proceed to class certification, asserting that if they are able to demonstrate that the putative class is ascertainable, then the settlement should be granted final approval.

  • September 25, 2024

    Investors, Facebook Agree On Risk Question, Disagree On What High Court Should Do

    WASHINGTON, D.C. — Meta Platforms Inc., formerly Facebook Inc., investors tell the U.S. Supreme Court in a Sept. 24 respondent brief that they agree with Facebook as to the answer to the limited question before the justices regarding disclosure of immaterial past risks but argue that the Ninth Circuit U.S. Court of Appeals’ ruling should be upheld as it was correct when it opined that Facebook issued misleading statements about the risk of potential misuse of user data because the company was aware that it had already occurred.

  • September 25, 2024

    Most Claims Survive Dismissal In Forta Data Breach MDL Case

    MIAMI — Ruling that the plaintiffs in a consolidated putative class action arising from a 2023 data security breach adequately allege standing, a Florida federal judge granted dismissal for failure to state a claim only as to all or part of 11 of the 27 claims; he said he would allow repleading on four of the claims, but the plaintiffs opted to forgo repleading.

  • September 25, 2024

    Judge Dismisses ‘Magic Avatars’ AI Biometric Data Case After Period To Amend Ends

    CHICAGO — A federal judge in Illinois dismissed an action in which a man claimed that his photographs and other biometric information are included in datasets used to train a third-party artificial intelligence that powers an image rendering application after the man failed to file an amended complaint in the wake of dismissal of his action.

  • September 24, 2024

    Google Partially Granted Summary Judgment In Ovulation Tracking App Suit

    SAN FRANCISCO — Female consumers who used the Flo Period & Ovulation Tracker app and are now suing the app creator and third parties for privacy and contract violations as well as unfair competition law (UCL) claims under California law abandoned their defense of their UCL claims against Google LLC and failed to show that Google has actual knowledge of the alleged practices, a federal judge in California ruled Sept. 23, partially granting Google’s motion for summary judgment.

  • September 24, 2024

    Data Breach Class Suit Against Casino Operator May Proceed, Judge Rules

    LAS VEGAS — A Nevada federal judge granted in part and denied in part a casino operator’s motion to dismiss putative class action claims against it for negligence, violation of California’s unfair competition law (UCL) and other statutes on behalf of a nationwide class and a California subclass in relation to a 2022 breach of its servers that led to the leak of more than 200,000 people’s personal identifying information (PII).

  • September 19, 2024

    5th Circuit Dismisses Government’s Appeal In Health Information Privacy Row

    NEW ORLEANS — The Fifth Circuit U.S. Court of Appeals dismissed the government’s appeal of a Texas federal judge’s ruling that two hospitals and two hospital associations were correct that  a standard established in two recent U.S. Department of Health and Human Services (HHS) subagency bulletins for determining when online tracking technology has unlawfully gathered internet users’ individually identifiable health information (IIHI) exceeded HHS’s authority, after the government moved to voluntarily dismiss its appeal.

  • September 19, 2024

    Judge Approves $6.5M Settlement For Breach Of Prisoners’ Health Data

    LEXINGTON, Ky. — A Kentucky federal judge on Sept. 17 granted final approval of a nearly $6.5 million class action settlement including $2.1 million in attorney fees against a claims administrator for correctional facilities for a 2022 data breach that led to the personal health data of nearly 600,000 people being posted online.

  • September 19, 2024

    Preliminary Approval Of Settlement Granted In Payroll Processor Data Breach Suit

    LOS ANGELES — A California state court judge granted preliminary approval of a settlement in a putative class action suit against an entertainment industry payroll processor whose alleged failure to implement cybersecurity measures to protect the plaintiffs’ personally identifiable information (PII) resulted in a data breach impacting more than 450,000 individuals, staying litigation in the case pending final approval of the settlement.

  • September 19, 2024

    Sending Google Settlement Funds To Only Cy Pres Groups ‘Legal Error,’ Objectors Say

    SAN FRANCISCO — Approval of a plan to distribute most of a $62 million settlement in a consolidated class action over Google Inc.’s collection of users’ location data to cy pres organizations while class members receive nothing runs afoul of a revised rule of federal procedure, warranting reversal and remand, three settlement objectors tell the Ninth Circuit U.S. Court of Appeals in their opening brief.

  • September 19, 2024

    Failure To Allege NFL Prerecorded Videos Were Viewed Deemed ‘Fatal’ To VPPA Claim

    NEW YORK — A federal judge in New York dismissed a putative class complaint accusing the National Football League of violating the Video Privacy Protection Act (VPPA) by sharing personal data about users of the NFL’s website, mobile application and video service with a third party, opining that the lead plaintiff’s failure to allege that prerecorded videos were viewed was “fatal” to the complaint.

  • September 19, 2024

    Planned Parenthood’s $6M Data Breach Class Settlement Given Final OK

    LOS ANGELES — A $6 million settlement by Planned Parenthood Los Angeles (PPLA) to end a consolidated class complaint accusing the reproductive health care provider of failing to protect patients’ personally identifiable information and protected health information from being accessed and stolen was granted final approval by a California judge, following the submission of additional documentation.

  • September 18, 2024

    Class Action Alleges Insurance Provider Negligently Failed To Prevent Data Breach

    NEW YORK —A class action complaint was filed in a New York federal court against a financial organization that offers insurance, retirement and investment services primarily to teachers, alleging that the defendant failed to prevent a May 2023 data breach that resulted in the theft of the personally identifiable information (PII) of its current and former clients.

  • September 17, 2024

    New Mexico Officials Appeal Ruling That Voter Data Was Wrongfully Withheld

    ALBUQUERQUE, N.M. — New Mexico’s attorney general and secretary of state filed a notice of appeal to the 10th Circuit U.S. Court of Appeals following a New Mexico federal judge’s ruling that the state violated the rights of a nonprofit voter participation organization under the First Amendment to the U.S. Constitution by withholding publicly available state voter data from the nonprofit organization.

  • September 17, 2024

    23andMe Asks MDL Judge To Approve $30M Data Breach Settlement

    SAN FRANCISCO — Genetic data company 23andMe Inc. filed a brief urging the U.S. District Court for the Northern District of California to grant preliminary approval to a $30 million settlement to resolve claims in a multidistrict litigation brought by plaintiffs whose genetic data on 23andMe’s website was hacked and offered for sale online and asking the court to enjoin separate litigation and arbitrations brought against it for the breach that it says could “jeopardize . . . the Settlement.”

  • September 17, 2024

    Pa. Health Provider’s $65M Data Breach Settlement Granted Preliminary Approval

    SCRANTON, Pa. — A Pennsylvania judge granted preliminary approval of a $65 million settlement to be paid by Lehigh Valley Health Network Inc. (LVHN) to end a class complaint alleging that a February 2023 data breach resulted in the disclosure of personal information and medical records, including nude photographs.

  • September 16, 2024

    Reconsideration Denied On Issue Of Mitigation Costs In Plaintiffs’ Data Breach Suit

    WASHINGTON, D.C. — A District of Columbia federal judge denied a motion for reconsideration and motion for leave to file an interlocutory appeal filed by plaintiff policyholders whose personally identifiable information (PII) was stolen in a 2014 data breach because the finding that mitigation costs are not recoverable in a breach of contract action under District of Columbia law has been the law of the case since 2019.

  • September 13, 2024

    Judge Grants Injunction In 1st Amendment Row Over Utah Social Media Moderation Law

    SALT LAKE CITY — In a decision addressing two cases challenging Utah state legislation to moderate social media content for minors, a Utah federal judge in the first case granted a preliminary injunction to an internet trade association company seeking to prevent enforcement of the legislation, finding that the trade association is likely to succeed on the merits of its claim that the law violates the First and 14th amendments to the U.S. Constitution.

  • September 13, 2024

    Utah Judge Rules For Insurer In Coverage Dispute Over Ill. BIPA Violation Claims

    SALT LAKE CITY — A Utah judge entered judgment in favor of a general liability insurer in its declaratory judgment lawsuit disputing coverage for an underlying action alleging its insured violated the Illinois Biometric Information Privacy Act (BIPA), finding that various policy exclusions bar coverage.

  • September 13, 2024

    Judge Finds Jurisdiction, Standing In Medical Provider Data Breach Class Action

    SHERMAN, Texas — Plaintiffs who claim to have suffered loss of value in data and emotional distress from a breach of personal information at a medical provider’s practice correctly sued in federal court because they have standing and have adequately linked their damages to the breach, a federal judge in Texas said in partly denying and partly granting the provider’s motion to dismiss.