Newsletter RSS

Mealey's Data Privacy

  • December 03, 2025

    Judge Grants Arbitration, Stays Wiretap Class Action Against Toyota, Progressive

    SHERMAN, Texas — A federal judge in Texas on Dec. 2 granted Toyota Motor North America Inc.’s motion to compel arbitration and stay a class action alleging that Toyota, Progressive Casualty Insurance Co. and a provider of data analytics services in the automotive industry violated the Federal Wiretap Act and are responsible for injuries they inflicted on tens of thousands of class members because of their unauthorized collection and dissemination of private information from Toyota vehicles.

  • December 02, 2025

    Standing Is Focus Of High Court Argument In Suit Over Pregnancy Center Subpoena

    WASHINGTON, D.C. — The U.S. Supreme Court heard oral arguments on Dec. 2 in a dispute concerning the New Jersey attorney general’s subpoena for information including the identity of pregnancy center donors, with the petitioner contending that the center operator had standing to sue in federal court as soon as the subpoena was issued and the respondent countering that standing requirements are still unsatisfied.

  • December 02, 2025

    Minnesota High Court Told Hospital’s Disclosing Room Number Violated Records Act

    ST. PAUL, Minn. — In a respondent brief, a man asks the Minnesota Supreme Court to affirm an appeals court’s finding that a health system’s disclosure of his hospital room number and location violated the Minnesota Health Records Act (MHRA) because this information was connected with his receipt of health care from the hospital.

  • December 01, 2025

    Illinois Panel: No Extra Expense Coverage Owed For Loss Arising From Cyberattack

    CHICAGO — An Illinois appeals court panel held that a management company for multiple nursing care facilities is not entitled to recover the expenses it incurred following a cyberattack on one of its payroll vendors, affirming a lower court’s ruling in favor of an insurer in the management company’s declaratory judgment lawsuit.

  • November 26, 2025

    Judge Halts DOJ From Obtaining Minors’ Gender Dysphoria Treatment Info

    PHILADELPHIA — The U.S. Department of Justice will not be permitted to obtain the personal information of minors seeking treatment for gender-affirming care from a Philadelphia hospital, a Pennsylvania federal judge ruled, granting the hospital’s motion to limit a subpoena in which the DOJ sought information about certain drugs and treatments.

  • November 26, 2025

    Dismissal Of Lobsterman’s Constitutional Challenge To Maine Tracking Rule Upheld

    BOSTON — The First Circuit U.S. Court of Appeals affirmed a lower court’s dismissal of a Maine lobsterman’s Fourth Amendment challenge to a lobster vessel tracking rule, holding that commercial lobstering is a closely regulated industry and that the rule satisfies all three elements of the administrative search standard, finding that it advances a governmental interest in fishery conservation, relies on warrantless monitoring and provides a constitutionally adequate substitute for a warrant through notice and narrowly tailored data collection.

  • November 25, 2025

    DOJ Opposes Armed Robber’s Certiorari Petition Over Google Geofence Warrant

    WASHINGTON, D.C. — The U.S. Department of Justice filed a brief on behalf of the U.S. government on Nov. 24, opposing a petition for a writ of certiorari filed by a convicted bank robber, asserting that any mistakes that were potentially made in serving a geofence location-tracking warrant on Google LLC were outweighed by the good faith exception to the exclusionary rule of the Fourth Amendment to the U.S. Constitution under which the petitioner sought to exclude this evidence.

  • November 25, 2025

    Judge Stops IRS From Sharing Taxpayer Data With ICE For Immigration Enforcement

    WASHINGTON, D.C. — A nonprofit, a business association and two labor unions succeeded in preventing the Internal Revenue Service from sharing the addresses of immigrant taxpayers with Immigration and Customs Enforcement, when a District of Columbia federal judge granted their motion to stay the IRS’s new data-sharing policy, which the judge found to be unlawful under the Administrative Procedure Act (APA) and the Internal Revenue Code (IRC).

  • November 24, 2025

    Federal Judge Dismisses Cybercrime Coverage Suit After Parties Reach Settlement

    SEATTLE — Following a settlement that was announced in October, a federal judge in Washington dismissed with prejudice a law firm insured’s lawsuit seeking commercial cyber insurance coverage for a breach of the firm’s security measures.

  • November 24, 2025

    Hanover Foods To Pay $1.15M To Settle Federal CWA Suit After U.S. Intervenes

    HARRISBURG, Pa. — The owner and operator of a Pennsylvania food processing facility sued by an environmental nonprofit in federal court for allegedly violating the Clean Water Act (CWA) and its National Pollutant Discharge Elimination System (NPDES) permit by unlawfully discharging polluted industrial wastewater into a tributary of the Susquehanna River agreed to pay $1.15 million in civil penalties and implement remediation efforts to settle the claims following intervention by the United States.

  • November 21, 2025

    Wis. Appeals Court: Identity Theft Threat Doesn’t Create Data Breach Suit Standing

    WAUSAU, Wis. — Workers who filed a class complaint against their employer following a data breach alleged only a risk of future harm, which was insufficient to show standing for their negligence, breach of contract and other putative class claims, a Wisconsin appellate court ruled, affirming the trial court’s dismissal of the case.

  • November 21, 2025

    1st Circuit Rejects Insurer’s Appeal In Health Data Breach Dispute

    BOSTON — The First Circuit U.S. Court of Appeals on Nov. 20 affirmed a lower federal court’s summary judgment ruling in favor of a cybersecurity company in a lawsuit arising from a 2018 health data breach, rejecting an insurer’s argument that the lower court erred in denying it equitable indemnification from the cybersecurity company.

  • November 20, 2025

    $6.4M Data Breach Settlement With Medical Equipment Vendor Given Final Approval

    INDIANAPOLIS — An Indiana federal judge granted final approval and entered judgment in a data breach class action against a sleep apnea product supply company for a nonreversionary $6.38 million settlement that provides up to $2,000 per claimant and awards $1,699,212.44 in attorney fees, $39,897.57 in litigation expenses and $3,000 service awards to each of the 21 class representatives.

  • November 20, 2025

    $5M Class Deal In Geisinger Data Breach Case Wins Preliminary Approval

    WILLIAMSPORT, Pa. — A Pennsylvania federal judge granted conditional certification of an opt-out settlement class and preliminary approval of a $5 million deal with a Pennsylvania health care provider and its tech services vendor who were sued over a 2023 data breach.

  • November 20, 2025

    $3.25 Million Settlement, Injunctive Relief Approved In Student Data Breach Case

    LOS ANGELES — A California judge granted the state’s unopposed ex parte application for final judgment and a permanent injunction against a data storage provider, requiring the company to implement enhanced data security measures, undergo third-party audits for five years and pay $3.25 million in penalties after the state alleged that the provider failed to maintain data privacy safeguards that led to a 2022 breach exposing sensitive student information in at least 49 school districts.

  • November 19, 2025

    Consolidated Class Suit Over College Data Breach Stayed Pending Settlement

    CHATTANOOGA, Tenn. — A federal judge in Tennessee on Nov. 18 stayed a consolidated class action to allow for the finalization of a settlement in the case filed against Lee University after its system containing personally identifiable information (PII) of students and prospective students was hacked.

  • November 19, 2025

    3rd Circuit Agrees Data Transmitted To Facebook By Quest Wasn’t Medical

    PHILADELPHIA — A trial court correctly dismissed a putative class complaint accusing Quest Diagnostics Inc. of violating two California laws by transmitting users’ browsing data to Facebook as “none of that data was substantive medical information,” a Third Circuit U.S. Court of Appeals panel ruled in a nonprecedential opinion.

  • November 19, 2025

    Verizon Seeks U.S. Supreme Court Review Of FCC Forfeiture Order, $46.9M Penalty

    WASHINGTON, D.C. — Verizon Communications Inc. filed a petition for writ of certiorari in the U.S. Supreme Court seeking review of a Second Circuit U.S. Court of Appeals ruling denying review of a Federal Communications Commission forfeiture order imposing a $46.9 million penalty for violating the Communications Act and related regulations regarding Verizon’s alleged failure to safeguard certain customer proprietary network information.

  • November 18, 2025

    Stay Denied Due To No Irreparable Injury Showing In Centralized Database Case

    WASHINGTON, D.C. — A federal judge in the District of Columbia in a Nov. 17 opinion noted doubt about “the lawfulness of” the federal government’s centralized database of Americans’ personal data but denied a motion for a stay filed by several nonprofits and individuals based on the failure to demonstrate irreparable injury as the database changes have already been made.

  • November 18, 2025

    N.C. Judge Approves $2.45M Website Tracking Software Settlement With Health System

    RALEIGH, N.C.  — A North Carolina state court judge on Nov. 17 approved a class action settlement between patients and former patients of a hospital system and the hospital system in a suit asserting that software on the hospital’s website captured their information and sent it to Facebook without their consent, finding that the $2.45 million settlement “is fair, reasonable, adequate, and in the best interest of the settlement class.”

  • November 18, 2025

    Texas Dental Practice Will Pay $1M To End Patients’ Data Breach Class Suit

    AMARILLO, Texas — A Texas-based dental and orthodontic care practice accused of failing to protect the personally identifiable information (PII) and private health information (PHI) of more than 3,800 patients will pay $1 million to settle two patients’ class action complaint, according to a final settlement approval signed by a judge in Texas.

  • November 14, 2025

    ‘Opt-Outs’ From $95 Million Siri Eavesdropping Settlement Appeal To 9th Circuit

    OAKLAND, Calif. — Nearly 13,000 purported class members and objectors who allegedly opted out of a $95 million settlement of a 6-year-old class action accusing Apple Inc. of collecting unauthorized recordings of Apple device users via its Siri digital assistant filed notice in California federal court that they will appeal the court’s final approval of the settlement to the Ninth Circuit U.S. Court of Appeals.

  • November 13, 2025

    Judge Issues $4.4 Million Final Judgment In Meta Fraud Suit Against Spyware Firm

    OAKLAND, Calif. — A California federal judge on Nov. 12 issued a final judgment of $4,447,190 in favor of WhatsApp Inc. (now known as WhatsApp LLC) and its parent company Facebook Inc. (now known as Meta Platforms Inc.) and against NSO Group Technologies Ltd. and its parent company after a jury found that the defendants violated a California computer fraud law in a suit accusing the defendants of acquiring unauthorized access to individuals’ WhatsApp accounts.

  • November 12, 2025

    Panel Affirms Denial Of Motion For Surveillance, GPS Evidence In Drug Arrest Appeal

    MIAMI — An 11th Circuit U.S. Court of Appeals panel affirmed a lower court judge’s denial of a defendant’s motion to compel production of evidence that was the basis for a search warrant of his home, comprising audio/video surveillance, GPS data and the identity of a confidential informant, finding that the defendant failed to show on appeal the evidence sought was material and that he “only speculated that the evidence would be exculpatory.”

  • November 12, 2025

    University Of Pennsylvania Alumna Files Class Suit Following Data Breach

    PHILADELPHIA — The University of Pennsylvania (UPenn) failed to protect its network containing personally identifiable information (PII) of students, alumni, faculty and donors, resulting in cybercriminals obtaining access to the university’s systems and sending “‘a series of mass emails’” to more than 700,000 people that were critical of the university’s security practices and institutional culture, a UPenn alumna alleges in a putative class complaint filed against the school’s trustees in a federal court in Pennsylvania.