Newsletter RSS

Mealey's Data Privacy

  • March 20, 2026

    $7.75 Million Class Action Settlement Approved In Data Breach Dispute

    GREENVILLE, S.C. — A South Carolina federal judge granted final approval to a $7.75 million class action settlement resolving claims that a financial services company and its affiliated lending subsidiaries failed to safeguard consumers’ names and Social Security numbers in a February 2023 data breach.

  • March 19, 2026

    $5M Class Deal In Geisinger Data Breach Case Wins Final Approval

    WILLIAMSPORT, Pa. — A Pennsylvania federal judge granted final approval of a $5 million settlement agreement between a Pennsylvania health care provider and its tech services vendor who were sued over a 2023 data breach, while separately approving $2,000 service awards for each of the named plaintiffs.

  • March 19, 2026

    $5M Class Deal In Geisinger Data Breach Case Wins Final Approval

    WILLIAMSPORT, Pa. — A Pennsylvania federal judge granted final approval of a $5 million settlement agreement between a Pennsylvania health care provider and its tech services vendor who were sued over a 2023 data breach, while separately approving $2,000 service awards for each of the named plaintiffs.

  • March 19, 2026

    Judge Denies Dismissal For Lack Of Standing In Stolen PII Data Breach Class Suit

    HOUSTON — A Texas federal judge adopted a magistrate judge’s memorandum and recommendation advising denying dismissal for lack of standing of a motion filed by a utility company and third-party benefits administrator in a putative class action against them and an employee benefit plan services company for failure to secure personally identifiable information (PII) in a data breach, finding that some of the plaintiffs sufficiently alleged injury from identity thefts to establish standing.

  • March 19, 2026

    Tenn. Federal Judge OKs Final Approval Of Settlement In Data Breach Class Action

    KNOXVILLE, Tenn. — A Tennessee federal judge granted final approval of an $807,500 class action settlement resolving consolidated claims that a restaurant franchisee failed to safeguard employees’ personally identifiable information (PII), resulting in a January 2023 data breach that exposed the data of more than 100,000 current and former workers.

  • March 17, 2026

    122K Cy Pres Award Approved In $27.5M Thomson Reuters Data-Selling Settlement

    SAN FRANCISCO — A California federal judge approved the cy pres distribution of $122,101.51 in remaining funds to a nonprofit consumer advocacy organization from a $27.5 million settlement of a class action over Thomson Reuters Corp.’s online gathering and sale of personally identifiable information (PII) of Californians, holding that the nonprofit has the requisite nexus to the privacy claims asserted on behalf of the class.

  • March 17, 2026

    Amici Supporting Neither Party Weigh In On High Court’s Geofence Warrant Case

    WASHINGTON, D.C. — As merits briefing continues in a case where the petitioner was convicted of armed robbery through cell phone location evidence obtained through a geofence warrant that he argues was an unconstitutional violation of the Fourth Amendment to the U.S. Constitution, the latest batch of amicus curiae briefs comes from entities that say they support neither party, including Microsoft Corp. and software and computer industry associations.

  • March 16, 2026

    Video Game Distributor To Pay $2.7M In Class Settlement For Privacy Violations

    NEW YORK — A video game distributor will pay $2.72 million to settle a class action complaint alleging that it sent personally identifiable information to Facebook and other third parties without its users’ knowledge or consent in violation of the Video Privacy Protection Act (VPPA) after a New York federal magistrate judge gave final approval to the settlement agreement.

  • March 13, 2026

    Final Approval Granted For Injunctive Settlement In PII Free Trial Case

    LOS ANGELES — A California federal judge granted final approval of a class action settlement resolving allegations that a corporation violated the Illinois Right of Publicity Act (IRPA) by displaying individuals’ personally identifiable information (PII) in seven-day free trials of its data aggregation products, which the plaintiffs contended were used to market paid subscriptions; the settlement provides injunctive relief barring the use of Illinois class members’ PII in free trials, includes $2,500 service awards for two class representatives and $492,500 in attorney fees and costs.

  • March 13, 2026

    Summary Judgment For Miami Hospital, EMT Affirmed In Patient Privacy Dispute

    MIAMI — A Florida appellate panel affirmed summary judgment for a Miami hospital and an emergency medical technician, holding that the father of a deceased hospital patient could not pursue claims for intentional infliction of emotional distress, invasion of privacy or vicarious liability arising from the unauthorized social media posting of his son’s leg injury because the conduct was not legally outrageous, the father was neither present nor the direct target of the photo and the image did not identify the patient or invade a privacy interest.

  • March 13, 2026

    Parties File Briefs In High Court Supporting Verizon Challenge To FCC Forfeitures

    WASHINGTON, D.C. — More than a dozen parties filed amicus curiae briefs in the U.S. Supreme Court supporting Verizon Communications Inc. and AT&T Inc. in consolidated cases where Verizon and AT&T asserted constitutional challenges to the Federal Communications Commission’s enforcement of monetary forfeitures under the Communications Act.

  • March 13, 2026

    Amazon Pledges To Seek High Court Review Of Class Certification In BIPA Suit

    CHICAGO — Amazon on March 12 told the Seventh Circuit U.S. Court of Appeals that it plans to file a petition for a writ of certiorari with the U.S. Supreme Court following the circuit court’s refusal to reconsider its ruling that a lower court did not err in certifying a class of users of its “virtual try-on” (VTO) feature and asked the Seventh Circuit to hold off on issuing its mandate.

  • March 11, 2026

    Judge Grants Final Approval Of Hospital Data Breach Class Action Settlement

    NEW HAVEN, Conn. — A Connecticut federal judge issued an order granting final approval of a class action settlement comprising an $18 million cash settlement fund from which awards will be paid to settlement class counsel for $6 million in attorney fees and $40,223.84 for litigation costs in a suit over a cyberattack and data breach at a Connecticut health system, finding the settlement “reasonable” and the relief “adequate.”

  • March 11, 2026

    Judge Declines To Certify Class Of AirTag ‘Stalking’ Victims Suing Apple

    SAN FRANCISCO — A California federal judge denied a motion that was filed by plaintiffs who claim that Apple Inc.’s “AirTag” tracking devices were used to stalk them in violation of California’s unfair competition law (UCL) and other laws, in which they sought to certify three nationwide classes of people allegedly “tracked without consent by Apple’s AirTag,” and directed the parties to prepare to discuss whether the cases should be severed.

  • March 11, 2026

    En Banc Rehearing Bid Rejected In Dispute Over Medical Data Given To Facebook

    PHILADELPHIA — A Third Circuit U.S. Court of Appeals panel denied the motion of two plaintiff-appellants to file a rehearing en banc petition out of time, leaving intact a panel decision that held that Meta Inc.’s receipt of users’ website communications through Quest Diagnostics Inc.’s Facebook tracking pixel did not constitute third-party eavesdropping under California’s Invasion of Privacy Act (CIPA).

  • March 10, 2026

    Missouri Panel: Sovereign Immunity Inapplicable In Hospital Tracking Device Suit

    KANSAS CITY, Mo.  — A Missouri appellate court reversed and remanded a lower court’s dismissal of claims against a hospital board of trustees in a putative class action alleging that the board and the hospital installed tracking devices on the hospital website and patient portal and violated patients’ privacy, finding that the lower court erred in determining that the claims against the board were barred by sovereign immunity.

  • March 09, 2026

    Ill. Federal Judge Certifies Question On ECPA’s Crime-Tort Exception To 7th Circuit

    CHICAGO — An Illinois federal judge refused to reconsider his ruling that denied a health care provider’s motion to dismiss a putative class action complaint alleging that it improperly shared confidential medical information with Facebook but allowed “an early trip to the Seventh Circuit” U.S. Court of Appeals by certifying a question for an interlocutory appeal.

  • March 09, 2026

    Dismissal Reversed, Remanded On Jurisdiction Grounds In Crypto Data Breach Case

    SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel reversed and remanded the dismissal of a putative data breach class action against an overseas cryptocurrency trading platform, holding that specific personal jurisdiction in California was proper because the company purposefully directed its commercial and data collection activities at the state and the class action claims arose from those contacts; one judge dissented in the dispute, which centers on alleged security failures that exposed the application programming interface (API) credentials of the trading platform’s users and resulted in millions of dollars in losses.

  • March 06, 2026

    Class Action DOGE Data Privacy Suit Survives Dismissal Motion

    WASHINGTON, D.C. — A District of Columbia federal judge denied a motion filed by a federal agency and the U.S. Department of Treasury to dismiss an amended putative class complaint alleging unlawful disclosure of federal employees’ personal data to the Department of Governmental Efficiency (DOGE), holding that the employees sufficiently alleged damages under the U.S. Privacy Act of 1974 by asserting that they purchased identity theft protection services following public concerns about DOGE’s access to government records.

  • March 06, 2026

    Judge Approves $2.2M Settlement In Data Breach Suit Against Radiology Practice

    MINNEAPOLIS — Finding it “reasonable,” a Minnesota judge approved a settlement with a cap of $2.2 million in a data breach class action suit against a radiology practice involving more than 580,000 class members related to a February 2024 data breach where plaintiffs’ private information “had been potentially accessed by computer hackers.”

  • March 06, 2026

    Judge Appoints Referee To Review Attorney Fees In $3.2M Data Breach Settlement

    GREENVILLE, N.C. — A North Carolina judge deferred ruling on a motion by plaintiffs in a data breach class action for $1.5 million in attorney fees, comprising approximately 47% of a $3.2 million settlement fund for patients affected by a medical company data breach, and appointed a referee to review the fees sought by plaintiffs after their attorneys provided “inadequate” billing records.

  • March 04, 2026

    USDA SNAP Data Request Blocked In Part Over Statutory Limitations

    SAN FRANCISCO — A California federal judge partially granted a coalition of states’ motion to enforce or expand a previously issued preliminary injunction in their challenge to the U.S. Department of Agriculture’s demand for the personal data of their residents who receive Supplemental Nutrition Assistance Program (SNAP) benefits, ruling that although the agency’s renewed data request was not covered by the earlier order, the states are likely to succeed on their claim that the request violates disclosure safeguards and preliminarily barring the agency from withholding funding based on noncompliance.

  • March 03, 2026

    Amici To High Court In Merits Briefs: Rule Geofence Warrant Unconstitutional

    WASHINGTON, D.C. — In 17 amicus curiae merits briefs filed in the U.S. Supreme Court on March 2, amici including X Corp., NetChoice, the Cato Institute and the American Civil Liberties Union support the petitioner, who was convicted of armed robbery through cell phone location evidence obtained through a geofence warrant that he argues was an unconstitutional violation of the Fourth Amendment to the U.S. Constitution; additionally, amicus Google LLC supports neither side but opines that “law enforcement was required to obtain a warrant to access that data.”

  • March 03, 2026

    Judge Dismisses Complaint Alleging Abbott Shared Medical Data With Google, Meta

    CHICAGO — An Illinois federal judge on March 2 dismissed with prejudice a complaint filed by three individuals who alleged that the manufacturer of continuous glucose monitoring devices for diabetes management shared sensitive information about them to third parties through tracking tools on its website.

  • March 03, 2026

    Judge: Ransomware Sublimit Does Not Limit Insurer’s Liability For Malware Attack

    DALLAS — Noting that the court has not located any case law interpreting a ransomware sublimit endorsement or any similar policy provision, a federal judge in Texas held that a cyber liability insurance policy’s $250,000 Ransomware Sub-Limit Endorsement is not applicable on its face to the policy’s cyber extortion insurance and, as a result, the insurer’s liability is not limited as to the insured’s claim for $1.2 million in losses arising from a malware attack.