Newsletter RSS

Mealey's Data Privacy

  • February 05, 2025

    FBI Workers Involved In Trump Cases File 2 Suits To Keep Identities Private

    WASHINGTON, D.C. — Two complaints, one of which is a putative class action, and two motions for temporary restraining orders (TROs) were filed Feb. 4 by current and former employees of the Federal Bureau of Investigation and the Federal Bureau of Investigation Agents Association (FBIAA) in a federal court in the District of Columbia seeking to stop the publication or dissemination of a list allegedly being compiled of FBI employees who were involved in investigating two events involving President Donald J. Trump; the complaints allege that releasing the workers’ identifies will violate their privacy rights and put them at risk of retribution.

  • February 04, 2025

    Home Depot Asks 6th Circuit To Rehear No Coverage Ruling In Data Breach Dispute

    CINCINNATI — Home Depot filed a petition in the Sixth Circuit U.S. Court of Appeals seeking a panel rehearing of a majority ruling that affirmed an Ohio federal court’s finding that a commercial general liability insurance policy’s electronic data exclusion bars coverage for Home Depot’s losses stemming from a 2014 data breach.

  • February 04, 2025

    Florida Judge Gives Final OK To $6.8 Million Settlement Of Hospital Data Breach Row

    TAMPA, Fla. — A $6.8 million settlement of class claims over a hospital’s 2023 data breach achieved final approval from a Florida judge on Feb. 3, with attorney fees, costs and service awards also getting the thumbs up.

  • February 04, 2025

    Plastic Surgeon Allegedly Failed To Protect Patient Data And Nude Photos From Hackers

    LOS ANGELES — Eight patients on Feb. 3 filed suit in California federal court accusing a plastic surgeon and his medical practice of violating California’s unfair competition law (UCL) and other laws by failing to protect their data or prevent a cyberattack by hackers who obtained data including nude photographs of patients, some of which the hackers have allegedly posted online.

  • February 04, 2025

    2 Unions, Group Sue Treasury Department Over Elon Musk’s Alleged Privacy Intrusion

    WASHINGTON, D.C. — Less than two weeks after the Jan. 20 inauguration, Elon Musk and/or other members of the newly formed “Department of Government Efficiency” (DOGE) were provided unfettered access U.S. Treasury Department records in violation of the Privacy Act of 1974 and the Internal Revenue Code, an advocacy group and two unions, each with members that are current or former federal employees, allege in a complaint filed Feb. 3 in a federal court in the District of Columbia.

  • February 04, 2025

    8th Circuit Upholds Remand Of Putative Class Suit Alleging Sharing Of Health Info

    ST. LOUIS — A trial court’s remand of a putative class suit accusing a health care company of violating Missouri law by sharing private health information with third parties was upheld by an Eighth Circuit U.S. Court of Appeals panel that opined that federal jurisdiction did not exist under the federal officer removal statute of the Class Action Fairness Act (CAFA).

  • February 04, 2025

    Federal Government Employees File Privacy Class Suit Over OPM ‘Test’ Emails

    WASHINGTON, D.C. — Two federal workers referred to only as Jane Does filed a class complaint in a federal court in the District of Columbia accusing the Office of Personnel Management (OPM) of failing to conduct and publish a privacy impact assessment (PIA) before allegedly sending out “test” emails that the workers claim are being used to collect information on workers that is being sent to someone working for Elon Musk.

  • February 03, 2025

    User Dismisses Class Suit Claiming LinkedIn Trained AI On Users’ Private Messages

    SAN FRANCISCO — Less than two weeks after filing a putative class action in California federal court accusing LinkedIn of violating federal law and California’s unfair competition law (UCL) by accessing its premium users’ private messages to train artificial intelligence models without their consent, the plaintiff, a premium user of LinkedIn’s professional networking and social media site, filed a notice of voluntary dismissal without prejudice.

  • January 30, 2025

    Kids’ Privacy Claims Over YouTube Data Collection Trimmed Further

    SAN JOSE, Calif. — In the latest ruling in favor of Google LLC over its purported collection of personally identifiable information (PII) from minor users of YouTube, a California federal magistrate judge found that although a sixth amended complaint corrected a handful of the deficiencies identified in a previous dismissal ruling, the plaintiffs’ state law unjust enrichment claims and some of their consumer protection claims merited dismissal without leave to amend.

  • January 28, 2025

    Video Game Player, Amazon Announce Settling Of BIPA Suit; Judge Stays Deadlines

    SEATTLE — The same day that Amazon Web Services Inc. (AWS) and Amazon.com Inc. (Amazon, collectively) and a plaintiff announced the settlement of claims under Illinois’ Biometric Information Privacy Act (BIPA) related to a basketball video game, a Washington federal judge stayed proceedings in the putative class action while the settlement is finalized.

  • January 28, 2025

    Indiana High Court: Discovery Of Smartphone Data Requires ‘Some’ Evidence Of Use

    INDIANAPOLIS — Weighing the need for requested discovery from a smartphone in an auto accident lawsuit with the phone owner’s privacy rights, an Indiana Supreme Court majority established an analytical framework in which it held that the party requesting such discovery “must provide ‘some evidence’” of the smartphone’s use before a court can grant a corresponding discovery motion.

  • January 28, 2025

    Judge OKs $1.07 Million Settlement Of Pharmacy Service Data Breach Class Action

    BOSTON — A proposed $1,075,000 settlement of class action negligence and breach of fiduciary duty claims over a pharmacy service’s 2021 data breach received final approval from a Massachusetts federal judge, who found that the agreement satisfied the requirements of Federal Rule of Civil Procedure 23.

  • January 27, 2025

    Supreme Court Won’t Consider Service Awards, Attorney Fees In Meta Privacy Suit

    WASHINGTON, D.C. — An objector to the $90 million settlement of a multidistrict litigation over Meta Platforms Inc.’s purported online tracking of Facebook users saw his petition for certiorari denied Jan. 27, with the U.S. Supreme Court declining to take up his questions over the propriety of plaintiff service awards and attorney fees in the settlement.

  • January 27, 2025

    Oklahoma Supreme Court: Litigant Can’t Subpoena An Expert’s Financial Records

    OKLAHOMA CITY — Although a litigant may discover an expert witness’ compensation on a current lawsuit, the Oklahoma Supreme Court ruled that a party may not subpoena an expert to learn compensation on past cases for the purpose of uncovering potential bias, stating that there are other methods of discovering bias that do not invade a witness’s privacy.

  • January 23, 2025

    Judge Gives Final OK To $2.2M Settlement Of Data Breach Suit Against Health Care Firm

    ORLANDO, Fla. — A Florida federal judge granted final approval to a dual-fund settlement of a class complaint over a health care provider’s 2021 data breach, concluding that the $2.2 million total settlement, as well as an accompanying request for more than $424,000 in attorney fees, is reasonable.

  • January 23, 2025

    LinkedIn Used Private Messages To Train Generative AI, User Claims

    SAN FRANCISCO — A user of the professional networking and social media site LinkedIn filed a putative class action lawsuit in California federal court accusing the company that operates the site of violating federal law and California’s unfair competition law (UCL) by accessing Premium users’ private messages to train artificial intelligence models without their consent.

  • January 23, 2025

    Former Meta COO Sanctioned Over Lost E-Mails In Fiduciary Breach Suit

    WILMINGTON, Del. — A Delaware Court of Chancery vice chancellor granted in part a motion for sanctions filed by plaintiffs in a breach of fiduciary suit against Facebook Inc. (now known as Meta Platforms Inc.) CEO Mark Zuckerberg, former chief operating officer (COO) Sheryl Sandberg and specified board members and related parties over Meta’s alleged “deceptive” privacy settings resulting in sharing users information without their consent, finding that because Sandberg failed to preserve emails resulting in prejudice to the plaintiffs, the court will increase the burden of proof against her on any relevant issue.

  • January 23, 2025

    State Privacy Claim Against LinkedIn Dismissed For Lack Of Jurisdiction

    SAN JOSE, Calif. — Two weeks after dismissing a woman’s Driver’s Privacy Protection Act (DPPA) putative class claim against LinkedIn Corp. for the second time, a California federal judge dismissed her remaining state law claim over the online professional network operator’s purported data sharing for lack of jurisdiction under the Class Action Fairness Act (CAFA).

  • January 22, 2025

    On Review, ECPA Claim Over Health Care Firm’s Tracking Deemed Properly Pleaded

    RIVERSIDE, Calif. — Reversing his previous dismissal of an Electronic Communications Privacy Act (ECPA) claim against a health care provider, a California federal judge granted a patient’s reconsideration motion and found that she sufficiently alleged that the defendant acted with improper purpose by using Facebook pixels to purportedly gather and share her protected health information (PHI) with third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

  • January 22, 2025

    Partial Stay Granted In Software Data Breach MDL To Finalize Agreement

    MIAMI — The Florida federal judge overseeing a four-track multidistrict litigation over a 2023 data breach attributed to vulnerabilities in a file-transfer software application granted a motion by some of the parties to stay any deadlines related to two insurance company defendants to allow the corresponding parties to hammer out details of a written settlement agreement.

  • January 21, 2025

    9th Circuit Dismisses Inmate’s Appeal Of $725M Facebook Profile-Sharing Suit

    SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals issued a mandate, stating that a judgment in which it dismissed as untimely an inmate’s appeal of the $725 million settlement of the consolidated class action over Facebook Inc. (now known as Meta Platforms Inc.) sharing users’ profile data with Cambridge Analytica, was now in effect.

  • January 21, 2025

    New DOJ Final Rule Prohibits Certain Data Transactions With ‘Countries Of Concern’

    WASHINGTON, D.C. — Complying with an executive order issued by President Joe Biden in February 2024, the U.S. Department of Justice issued a final rule to address national security risks the United States faces from “the continued efforts of countries of concern to access, exploit, and weaponize Americans’ bulk sensitive personal and U.S. government-related data.” 

  • January 21, 2025

    MOVEit Data Breach MDL Plaintiffs Oppose Review Of Dismissal Denial

    BOSTON — A December ruling that denied dismissal of three lawsuits against one of the defendants in a multidistrict litigation over a 2023 data security incident related to MOVEit software does not merit reconsideration, the consolidated plaintiffs argue in an opposition brief, telling a Massachusetts federal court that a health tech firm did not offer any new arguments or evidence to support its quest for dismissal under the home-state exception of the Class Action Fairness Act (CAFA).

  • January 21, 2025

    Judge Dismisses Class Action Alleging Insurer Violated Insureds’ Right To Privacy

    CHICAGO — A federal judge in Illinois granted an insurer and an association of insurance companies’ motions to dismiss a putative class action alleging that they retained and disclosed the insureds’ protected health information in violation of their right to privacy pursuant to Illinois state law, finding the negligence and invasion of privacy claims barred by the immunity provision in the Illinois Insurance Code.

  • January 17, 2025

    FTC Announces New COPPA Rule Requiring Parental Consent For Targeted Ads

    WASHINGTON, D.C. — In a new final rule announced Jan. 16, the Federal Trade Commission disclosed new amendments to a rule it uses to enforce the Children's Online Privacy Protection Act (COPPA), including a requirement to obtain parents’ consent for the use of their children’s personal information for targeted advertising.