Mealey's Data Privacy
-
November 05, 2025
Health Care Data Breach Settlement Giving Up To $5,000 Per Claimant Wins Approval
NASHVILLE, Tenn. — A federal judge in Tennessee has determined that a settlement of class claims over a health care provider’s 2023 data security incident is “fair, reasonable, and adequate,” making official the judge’s prior ruling that granted preliminary approval to an agreement that provides payments of up to $5,000 for each claimant in the settlement class. The judge also approved attorney fees and expenses totaling $3.1 million.
-
November 04, 2025
Judge Dismisses Coverage Suit Over Claims Dental Office Violated Privacy Rights
CHICAGO — Four days after a commercial general liability insurer filed a notice of voluntary dismissal, a federal judge in Illinois on Nov. 3 dismissed without prejudice the insurer’s lawsuit seeking a declaration that it has no duty to defend or indemnify for an underlying putative class action alleging that its dental office insured violated privacy rights through its use of internet tracking that collected private information without notice and without consent.
-
November 04, 2025
California, Sling TV Settle Action Alleging Violations Of Data Privacy Laws
LOS ANGELES — California Attorney General Rob Bonta announced a settlement between the state of California and streaming service Sling TV LLC in an action alleging that the streaming service violated the California Consumer Privacy Act (CCPA) by not providing easy-to-use opt-out methods for consumers who choose to stop the sale of their personal information and not providing sufficient privacy protections for children.
-
November 03, 2025
DOJ Subpoena Seeking Gender- Affirming Care Patient Data Quashed By Federal Judge
SEATTLE — A Washington federal judge granted a gender-affirming care provider’s motion to quash a U.S. Department of Justice subpoena that sought patient medical and communications data, holding that the subpoena was politically motivated, overbroad and an abuse of investigative authority; in the same order, the judge denied the provider’s motion to seal proceedings but granted its motion to strike a DOJ praecipe that improperly introduced new evidence in violation of local rules.
-
November 03, 2025
Parties In Workers’ Duty-Free Shops Data Breach Case Stipulate To Dismissal
CENTRAL ISLIP, N.Y. — A federal judge in New York on Oct. 31 dismissed a putative class action by two former employees against the operators of airport duty-free shops after the parties stipulated to dismissal of the individual and class claims without prejudice; the stipulation of dismissal was filed two months after the case was stayed pending mediation.
-
October 31, 2025
Trio Of Dismissal Rulings Issued In Data Breach Snowflake MDL
BUTTE, Mont. — Less than a week after granting final approval of two class settlements totaling $13.5 million, a federal judge in Montana issued a trio of orders addressing motions to dismiss filed in a multidistrict litigation over data breaches experienced by Snowflake Inc., a data storage firm, that impacted a number of its clients.
-
October 31, 2025
N.J. High Court Will Consider Whether Data Shield Law Liability Needs Mens Rea
TRENTON, N.J. — The New Jersey Supreme Court accepted two certified questions from the Third Circuit U.S. Court of Appeals, agreeing to consider whether a finding of liability under a New Jersey law that provides for deletion of public officials’ private information from data brokers’ records requires a determination of a defendant’s mental state.
-
October 29, 2025
Sports Streaming Company Tells High Court Circuit Split Over VPPA Is ‘Illusory’
WASHINGTON, D.C. — A sports streaming company filed a brief urging the U.S. Supreme Court to deny a Texas woman’s petition for certiorari in which she asks the court to determine what constitutes “personally identifiable information” (PII) under the Video Privacy Protection Act (VPPA), writing that the issue is of “dwindling importance” and that the petitioner’s claimed circuit split over the issue is “illusory” and “merely semantic.”
-
October 29, 2025
Medical Center Did Not Violate Privacy Act, California Federal Judge Says
SAN FRANCISCO — A California federal judge entered judgment in favor of a medical center following the issuance of two summary judgment orders in which the judge determined that a claim alleging violation of the California Invasion of Privacy Act (CIPA) based on the center’s use of Meta Platforms Inc.’s code to track website activity and later target ads to Facebook users cannot proceed because the medical center did not violate the statute, which the judge described in one of the orders as “badly drafted.”
-
October 29, 2025
Merits Briefing In Subpoena Case Concludes; High Court Sets Argument
WASHINGTON, D.C. — The U.S. Supreme Court has scheduled oral argument for Dec. 2 in a dispute concerning a non-self-executing subpoena for information including the identity of pregnancy center donors, and merits briefing concluded with the filing of three amicus curiae briefs by entities that — like the respondent, New Jersey’s attorney general — urge the high court to affirm the challenged ruling against the center operator.
-
October 28, 2025
2 Settlements Totaling $13.5M Approved In Snowflake MDL
BUTTE, Mont. — A federal judge in Montana issued two orders granting final approval of $3.5 million and $10 million settlements with The Neiman Marcus Group LLC and Advance Auto Parts Inc. and Advance Stores Co. Inc. (together, Advance), respectively, in a multidistrict litigation over data breaches experienced by a data storage firm.
-
October 28, 2025
Speedway’s $12.1M Settlement Approved In Worker’s Finger-Scan Class Case
CHICAGO — A federal judge in Illinois granted final approval of a more than $12.1 million class settlement by Speedway LLC, ending a worker’s complaint accusing the company of unlawfully collecting, using, storing and disclosing workers’ biometric data.
-
October 27, 2025
Judge Joins Cases Against Otter.ai Related To Notetaker App Privacy Concerns
SAN FRANCISCO — A judge in California federal court has consolidated litigation brought by individuals who argue that Otter.ai Inc. does not obtain prior consent of all participants in a virtual meeting before its Notetaker transcription app is engaged to record a conversation, ruling that claims brought by multiple plaintiffs involve substantially similar allegations and claims.
-
October 27, 2025
Use Of Pseudonyms OK’d In Proposed Class Action Over Medical Data Privacy
CHICAGO — An Illinois federal judge granted the plaintiffs permission to proceed under pseudonyms in a proposed class action against a health information technology provider, finding that revealing their identities in their suit alleging unlawful disclosure of patient health information to Google would exacerbate the privacy risks at issue.
-
October 23, 2025
Consumer Files VPPA Petition As High Court Justices Mull Earlier VPPA Petitions
WASHINGTON, D.C. — A California man filed a petition for a writ of certiorari in the U.S. Supreme Court asking the justices to decide the definition of “goods or services from a video tape service provider” in the Video Privacy Protection Act (VPPA) in a class case he filed against Paramount Global, doing business as 247Sports, over the release of his video viewing history to Facebook; the petition was filed as the justices continue to consider two other VPPA-related petitions, one of which was filed by the National Basketball Association (NBA) in a case brought by the same individual over a similar release of information to Facebook.
-
October 22, 2025
Judge Grants Injunction, Remittitur In Meta Fraud Suit Against Spyware Firm
OAKLAND, Calif. — A California federal judge granted a permanent injunction to WhatsApp Inc. (now known as WhatsApp LLC) and its parent company Facebook Inc. (now known as Meta Platforms Inc.) to prevent alleged continued violation of California computer fraud laws after a jury found that the defendant, an Israel-based manufacturer of spyware, violated one of those laws.
-
October 22, 2025
Bank Of Canton’s $300,000 Settlement Approved In MOVEit Data Breach MDL
BOSTON — A federal judge in Massachusetts on Oct. 21 granted final approval to a $300,000 class settlement to be paid by The Bank of Canton, ending claims against it related to a security incident due in part to a vulnerability in the MOVEit Transfer application; the settlement is one of several reached in the multidistrict litigation over a 2023 ransomware attack that affected users of the MOVEit file-transfer app.
-
October 22, 2025
Judge Approves $600,000 Pharmacy Data Breach Class Settlement
TACOMA, Wash. — A federal judge in Washington granted final approval to a $600,000 settlement in a data breach case involving a pharmacy and found the $198,000 request for attorney fees reasonable.
-
October 22, 2025
United States, FCC Defend $57M Fine Against AT&T In High Court Petition
WASHINGTON, D.C. — The Federal Communications Commission and United States urge the U.S. Supreme Court in a petition for a writ of certiorari to find that the FCC acted properly under federal law and the U.S. Constitution when it imposed a more than $57 million fine on a telecommunications company for improper handling of customers’ location data, writing that the case is distinguishable from SEC v. Jarkesy because the company had the option to challenge the fine in a jury trial.
-
October 21, 2025
6th Circuit Holds In Abeyance Motions To File Briefs In FCC Data Rule Challenge
CINCINNATI — A Sixth Circuit U.S. Court of Appeals panel held in abeyance motions to file amicus curiae briefs in support of a petition for rehearing of the court’s prior ruling denying internet provider trade associations’ consolidated petitions for review of a Federal Communications Commission rule requiring reporting by telecommunications carriers of data breaches involving personally identifiable information (PII).
-
October 21, 2025
$1.9M Settlement Approved In Class Action Over Medical Patient Data Breach
CLARKSVILLE, Ark. — An Arkansas judge granted final approval of a $1.9 million class settlement resolving claims that a health system failed to adequately protect patient information compromised in a March 2024 cybersecurity breach and awarded $665,000 in attorney fees and $22,055.26 in expenses to class counsel and $2,500 service awards for each of the 11 named plaintiffs.
-
October 17, 2025
No Coverage Owed For BIPA Class Action Against Insured, Illinois Panel Affirms
CHICAGO — An Illinois appeals panel concluded that an insurer has no duty to defend or indemnify its information technology services and consulting firm insured against an underlying putative class lawsuit brought under the Illinois Biometric Information Privacy Act (BIPA), affirming the lower court’s finding that the insured’s “wrongful acts” and “enterprise security events” were not covered because they occurred prior to the policy's retroactive date.
-
October 17, 2025
3 Data Breach Class Actions Consolidated By Texas Federal Judge
SHERMAN, Texas — A Texas federal judge has consolidated three putative class actions filed by employees or former employees of a janitorial service who claim that their personally identifiable information (PII) was stolen in a January data breach, finding that all three actions arise from a common set of alleged operative facts and that the plaintiffs assert overlapping claims and seek similar relief.
-
October 17, 2025
2 Named Plaintiffs Have Standing To Pursue Claims Stemming From Data Breach
RICHMOND, Va. — Two of four named plaintiffs in a consolidated class action stemming from a data breach incident have standing to pursue their claims against the insurance companies whose network was hacked because their allegation that their driver's license numbers were posted on the dark web after the breach constitutes a concrete injury, the Fourth Circuit U.S. Court of Appeals said in partially reversing a district court’s opinion dismissing the case.
-
October 16, 2025
Motion To Compel Discovery Partly Granted In Software Data Sharing Class Dispute
MINNEAPOLIS — A Minnesota federal magistrate judge on Oct. 15 granted in part a motion to compel discovery for production of documents and responses to interrogatories by a health care provider in a putative class suit filed by former and current patients alleging that the provider collected and shared patient medical data with third parties through use of pixel software developed by Meta Platform Inc., finding that the request for production related to social media use is “relevant to” the claims of the patients and the provider’s defenses.