Newsletter RSS

Mealey's Data Privacy

  • December 20, 2024

    After Partial Dismissal, Garda Data Breach Suit Settled, Stayed, Closed

    WEST PALM BEACH, Fla. — On the heels of a ruling in which she partly granted a security firm’s motion to dismiss privacy and negligence claims over a data breach that exposed employees’ personally identifiable information (PII), a Florida federal judge granted the plaintiffs’ motion to stay the suit in light of a postruling announcement that the parties reached a conditional settlement of the putative class action.

  • December 19, 2024

    $1.25 Million Settlement Approved In Onix Group Data Breach Class Action

    PHILADELPHIA — A Pennsylvania federal judge presiding over a consolidated class action for negligence and consumer protection violations related to a 2023 data breach experienced by a Pennsylvania firm granted final approval to a $1.25 million settlement of the suit, overruling two objections and mostly granting requested attorney fees and service awards.

  • December 18, 2024

    2 Objectors To Oracle Data Collection Suit Settlement Appeal To 9th Circuit

    SAN FRANCISCO — One month after a California federal judge granted final approval to a $115 million settlement of a privacy and wiretap class action against Oracle America Inc., two class members who had lodged objections to the settlement filed notices that they were appealing the trial court’s approval ruling to the Ninth Circuit U.S. Court of Appeals.

  • December 18, 2024

    9th Circuit Denies Saudi Dissident Rehearing Over Hacked Twitter Account

    SAN FRANCISCO — A divided Ninth Circuit U.S. Court of Appeals panel’s decision to uphold the dismissal of negligence claims against Twitter Inc. will stand, per the panel’s denial of a petition for rehearing en banc by a political dissident from the Kingdom of Saudi Arabia (KSA) who blamed the social network company for allowing KSA moles to access his account for the purpose of obtaining personal information to be used against him.

  • December 17, 2024

    Dismissal Motions Mostly Denied In MOVEit Data Breach MDL

    BOSTON — In a pair of rulings, a Massachusetts federal judge declined to dismiss six of the consolidated lawsuits filed over the theft of medical data that occurred due to vulnerabilities in a file-transfer software program, finding that the home-state exception to the Class Action Fairness Act (CAFA) did not apply and concluding that plaintiffs in all but four of the hundreds of cases in the multidistrict litigation had sufficiently established standing under Article III of the U.S. Constitution.

  • December 16, 2024

    Patients, Employees Settle Data Breach Suit Against Dental Chain For $2.7 Million

    DETROIT — A Michigan federal judge granted final approval to a $2.7 million agreement that settles negligence and implied contract claims brought by the employees and patients of a multistate dental chain related to a February 2023 data breach that exposed the personally identifiable information (PII) of almost 2 million people.

  • December 13, 2024

    Privacy Claims Over Web Marketer’s Online Tracking Dismissed By Federal Judge

    PHILADELPHIA — Privacy and wiretap putative class claims alleged against an online marketer and two of its clients were dismissed by a Pennsylvania federal judge, who found that the two plaintiffs did not plead the necessary damages because the purported tracking of their web browsing did not constitute interception of communications.

  • December 11, 2024

    FTC Announces Refunds Under Epic Games $245M Settlement For Fortnite Purchases

    WASHINGTON, D.C. — The Federal Trade Commission (FTC) announced that it is sending the first round of refunds that will total more than $72 million as part of Epic Games Inc.’s agreement to pay $245 million to resolve allegations that users were tricked into purchasing items while playing the popular online game Fortnite and that children playing the game were allowed to purchase items without parental consent.

  • December 11, 2024

    Health Data Clearinghouse Fined $250,000 By HHS For Exposure Of Patients’ Info

    WASHINGTON, D.C. — The U.S. Department of Health and Human Services (HHS) on Dec. 10 announced that it had resolved “longstanding” failures by a health data clearinghouse to comply with the security rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

  • December 11, 2024

    Employee Seeks Reconsideration Of Ruling On Retroactivity Of BIPA Limits Act

    CHICAGO — A worker moved for reconsideration of a federal judge’s ruling that an August amendment to Illinois’ Biometric Information Privacy Act (BIPA) that places limits on an individual’s recovery for certain data release violations applies retroactively, citing a Nov. 22 ruling he says reached the opposite conclusion.

  • December 11, 2024

    Credit Unions Ask Court To Deny Wawa Discovery, Approve Data Breach Suit Agreement

    PHILADELPHIA — A group of financial institutions (FIs) suing Wawa Inc. over its 2019 data breach filed a motion asking a Pennsylvania federal court to deny the defendant’s motion to compel certain communications related to the claims filing process for class members and to grant final approval to a three-tiered settlement agreement that received preliminary approval more than a year ago.

  • December 10, 2024

    Saudi Dissident Seeks En Banc 9th Circuit Rehearing Of Twitter Negligence Suit

    SAN FRANCISCO — Arguing that a trial court improperly dismissed his negligence claims against Twitter Inc. at the pleadings stage based on the statute of limitations and constructive notice, a Saudi dissident who blames Twitter for the hacking of his account asks the Ninth Circuit U.S. Court of Appeals to rehear his appeal en banc in light of a panel decision that split on the timeliness of his complaint.

  • December 10, 2024

    Insured, 2nd CGL Insurer Seek Dismissal Of Coverage Suit Over BIPA Violation Claim

    CHICAGO — An insured and the remaining commercial general liability insurer in its lawsuit seeking a declaration as to coverage for an underlying putative class lawsuit alleging that it violated the Illinois Biometric Privacy Act (BIPA) filed a stipulation asking an Illinois federal court to dismiss with prejudice all claims between them.

  • December 03, 2024

    COMMENTARY: The Future Of Work: Exploring The Employment And Data Protection Law Implications Of The Use Of Artificial Intelligence (AI) In European Workplaces

    By Matthew Howse, Louise Skinner, Vishnu Shankar and William Mallin

  • December 06, 2024

    Google, Advertising Developer Denied Early Appeal Of Minors’ Data Collection Claims

    SAN FRANCISCO — A California federal judge denied Google LLC and its advertising subsidiaries’ motion to certify for interlocutory appeal the court’s earlier order denying their motion to dismiss a nationwide putative class action brought by minors under 13 who say their personal data was unlawfully collected, finding that the issues involved don’t warrant an early appeal.

  • December 05, 2024

    Lobstermen’s Constitutional Challenge To Maine Electronic Tracking Rule Dismissed

    BANGOR, Maine — Although a Maine federal judge sympathized with some of the privacy concerns raised by a group of lobstermen who sought to have a new electronic tracking rule declared unconstitutional, he found that their claims were precluded under sovereign immunity and that the rule meets with requirements for conducting warrantless searches in a closely regulated industry.

  • December 05, 2024

    Judge Urges Immediate Appeal Of Ruling On Law Protecting Info Of Judges, Police

    CAMDEN, N.J. — On the heels of denying a consolidated motion to dismiss claims against dozens of data brokers and related companies under a New Jersey law that enhances privacy protection for personal data of law enforcement and court personnel, a New Jersey federal judge issued an order recommending an immediate appeal of his ruling because it “involves a controlling question of law as to which there is a substantial ground for difference of opinion.”

  • December 05, 2024

    $30M 23andMe Data Breach Settlement Gets Court’s Conditional Preliminary OK

    SAN FRANCISCO — The California federal judge overseeing a multidistrict litigation involving claims against genetic testing company 23andMe Inc. for failing to protecting users’ data from hackers granted preliminary approval on Dec. 4 to a $30 million settlement of the claims on the condition that the plaintiffs amend their definition of the settlement class to exclude parties who are pursuing arbitration and despite “serious concerns” with the plaintiffs’ $7.5 million attorney fees request.

  • December 05, 2024

    Target Denied Dismissal, Sanctions In Facial Scanning Privacy Class Complaint

    CHICAGO — Four customers of Target Corp. have sufficiently alleged violation of Illinois’ Biometric Information Privacy Act (BIPA) via the use of in-store facial recognition technology, an Illinois federal judge found, denying the retail giant’s motions to dismiss and for sanctions in light of the early stage of litigation and the undeveloped record.

  • December 04, 2024

    FTC Announces Actions Over Data Brokers’ Sale Of Precise Location Data

    WASHINGTON, D.C. — The Federal Trade Commission on Dec. 3 announced agency actions it has taken against data brokers that bought and sold individuals’ precise location data in violation of the Federal Trade Commission Act, simultaneously filing complaints and decisions in both actions.

  • December 04, 2024

    Policy Exclusion Bars Coverage For BIPA Suit, Illinois Panel Rules In Reversal

    CHICAGO — An Illinois appeals panel held that insurers have no duty to defend their insured against an underlying class action lawsuit alleging that the insured violated the Illinois Biometric Information Privacy Act (BIPA) because the policies’ “Recording and Distribution” exclusion barred coverage, reversing a lower court’s judgment in favor of the insured and remanding.

  • December 03, 2024

    Judge Rules On Cross-Motions For Summary Judgment In BIPA Violation Coverage Suit

    CHICAGO — A federal judge in Illinois granted in part and denied in part cross-motions for summary judgment filed by an excess insurer and a franchisee of the Burger King chain in its breach of contract lawsuit seeking a declaration that the insurer has a duty to defend it against an underlying putative class lawsuit alleging that it violated the Illinois Biometric Information Protection Act (BIPA).

  • December 03, 2024

    Judge Chides Data Breach Attorneys For ‘Sub-Par’ Work, Reduces Fees Award

    NEW HAVEN, Conn. — Despite granting final approval to a $1.5 million settlement of a lawsuit over a health care services provider’s 2022 data breach, as well as the plaintiffs’ requests for service awards and cost reimbursements, a Connecticut federal judge reduced the requested attorney fees award for using “very, very high” rates in light of “significant errors” by plaintiffs’ counsel.

  • December 02, 2024

    Insurers To Pay $11.3 Million To New York State Over Data Breaches

    ALBANY, N.Y. — New York Attorney General Letitia James and the New York State Department of Financial Services (DFS) have reached agreements with two national auto insurance companies under which they will pay a total of $11.3 million in penalties for “having poor data security,” which the attorney general said led to data breaches that exposed the personally identifiable information (PII) of their policyholders.

  • November 25, 2024

    Supreme Court Declines To Consider Res Judicata In Data Breach Arbitration Suit

    WASHINGTON, D.C. — A Texas company’s petition for certiorari on issues of the preclusive effect of a judgment on an arbitration, both related to a 2019 data breach, was denied without comment by the U.S. Supreme Court in its Nov. 25 order list.