Mealey's Data Privacy
-
August 28, 2025
Texas Appeals Court: Hospital Is Immune From Data Breach Suit, Subsidiary Isn’t
HOUSTON — Partly affirming the dismissal of a consolidated lawsuit brought by patients over the exposure of their personally identifiable information (PII) in a hospital’s data breach, a Texas appeals court panel found that the hospital sufficiently established that it was immune from the claims due to its status as a government entity.
-
August 27, 2025
Judge Issues Mixed Ruling On Federal Preemption Of New Jersey Data Shield Law
CAMDEN, N.J. — Addressing an argument that was not covered in a June memorandum, a New Jersey federal judge delivered a mixed ruling on certain defendants’ arguments that a state law protecting law enforcement and court personnel’s private information is preempted by federal laws.
-
August 27, 2025
Judge Dismisses Civil Rights Claims In Privacy Suit Over Educational Software
CHICAGO — An Illinois federal judge found no jurisdiction over one defendant, dismissing it from a putative class action alleging improper collection of students’ personal information via an educational software platform, and also dismissed claims brought against other defendants under federal civil rights law.
-
August 26, 2025
Illinois Panel Reverses Class Certification In Pepperidge Farm BIPA Case
CHICAGO — A trial court must “make explicit findings as to whether any possible conflict of interest” exists as to class counsel in an Illinois Biometric Information Privacy Act (BIPA) case brought against Pepperidge Farm Inc. by an employee, an Illinois appellate panel ruled Aug. 25, reversing class certification after the sole named plaintiff’s daughter’s firm was permitted to remain as class counsel.
-
August 26, 2025
BIPA Suit Against Coinbase Stayed Pending 7th Circuit Ruling In Parallel Suit
CHICAGO — Granting a motion by Coinbase Inc., an Illinois federal judge stayed a putative class action accusing the cryptocurrency exchange operator of violating the Illinois Biometric Information Privacy Act (BIPA) by using photos in its user authentication process, with the judge concluding that the Seventh Circuit U.S. Court of Appeals’ upcoming ruling in another case pertaining to user authentication using biometric identifiers is likely to affect the issues in the present case.
-
August 25, 2025
Plaintiffs Suing Therapy App For Privacy Violations May Proceed Anonymously
SAN FRANCISCO — The anonymity of putative class plaintiffs accusing online therapy company BetterHelp Inc. of violating privacy laws by selling their personal data to third parties in violation of California’s unfair competition law (UCL) does not require dismissal, a California federal judge ruled in denying the company’s motion to dismiss, citing the nature of the plaintiffs’ privacy protection claims.
-
August 22, 2025
Pregnancy Center To High Court: Federal Suit Doesn’t Require State Court Ruling
WASHINGTON, D.C. — In its Aug. 21 merits brief, a nonprofit, faith-based pregnancy center asks the U.S. Supreme Court to overturn a Third Circuit U.S. Court of Appeals ruling that the center’s constitutional challenge of a government investigative subpoena seeking donors’ personal information is not ripe because a state court had not ruled on the matter.
-
August 22, 2025
Judge Tosses Online Privacy Class Suits Against ‘People Search’ Providers
CLARKSBURG, W.Va. — A federal judge dismissed with prejudice putative class action suits filed by a retired law enforcement officer alleging violations of West Virginia’s Daniel’s Law, which provides a private right of action for disclosure of home addresses or unpublished phone numbers of current or former judicial officials, finding that a certain provision of the statute “regulates speech based on its content” and “cannot survive strict scrutiny” under the U.S. Constitution “because it is not narrowly tailored.”
-
August 21, 2025
Apex Doctrine At Issue In Mandamus Petition Over Zuckerberg Deposition
SAN FRANCISCO — Meta Platforms Inc. asked the Ninth Circuit U.S. Court of Appeals to grant its petition for mandamus and provide guidance on application of the apex doctrine as the tech company seeks to avoid a lower court’s order that Chief Executive Officer Mark Zuckerberg be deposed in a suit over the purported collection of Facebook users’ protected health information (PHI).
-
August 20, 2025
YouTube, Minor Users Announce $30 Million Settlement Of Privacy Row
SAN JOSE, Calif. — Seeking to end an almost 6-year-old lawsuit over YouTube LLC’s purported collection of the personally identifiable information (PII) of minor users, a group of plaintiffs who sued YouTube and Google LLC for such alleged privacy violations moved in California federal court for preliminary approval of a $30 million settlement.
-
August 20, 2025
Man Says Otter Notetaker Records, Saves Conversations Without Consent
SAN JOSE, Calif. — A California man alleges that Otter.ai Inc. does not obtain prior consent of all participants in a virtual meeting before its Notetaker transcription app is engaged to record a conversation, leveling claims of computer fraud, invasion of privacy and unfair competition against the artificial intelligence (AI) technology firm in California federal court.
-
August 20, 2025
‘Coverage Position Is Frivolous And Unfounded,’ Insured Argues In Data Breach Suit
GAINESVILLE, Fla. — An insured sued its insurer in a federal court in Georgia for breach of contract and bad faith seeking cyber defense coverage for putative class actions brought as a result of a 2024 data breach.
-
August 20, 2025
College Gets Final OK To Settle Data Breach Suit For Up To $3,500 Per Person
SYRACUSE, N.Y. — Almost five months after preliminarily approving the settlement of a putative class action over a 2023 data breach experienced by an upstate New York college, a New York federal judge granted final approval to the settlement, which boasts an uncapped settlement with an estimated value of $44,720,782.68, including out-of-pocket expenses, credit monitoring and injunctive relief in the form of enhanced data privacy measures on the school’s part.
-
August 20, 2025
Insurer Disputes Coverage For Suit Alleging Dental Office Violated Privacy Rights
CHICAGO — A commercial general liability and umbrella insurer filed suit in a federal court in Illinois seeking a declaration that it has no duty to defend or indemnify for an underlying putative class action alleging that its dental office insured violated privacy rights through its use of internet tracking that collected private information without notice and without consent, arguing that the policy exclusion for access to/disclosure of private information bars coverage.
-
August 19, 2025
Genetic Data Privacy Suit Against Porta Potty Firm Survives Dismissal
CHICAGO — A job applicant’s putative class action against a sanitation company under the Illinois Genetic Information Privacy Act (GIPA) may proceed, an Illinois federal judge ruled, concluding that the plaintiff sufficiently pleaded that interview questions about his family’s medical histories constituted a request for genetic information under the statute.
-
August 18, 2025
NBA To Supreme Court: D.C. Circuit Ruling Confirms Split On VPPA Application
WASHINGTON, D.C. — A recent District of Columbia Circuit U.S. Court of Appeals ruling further solidified a circuit split and the “increasingly obvious need” for a grant of certiorari in a dispute over how to define a “consumer” under the Video Privacy Protection Act (VPPA), the National Basketball Association (NBA) says in a supplemental brief, again urging the U.S. Supreme Court to resolve the dispute in a lawsuit accusing the NBA of sharing the personal viewing information (PVI) of its website’s users.
-
August 12, 2025
COMMENTARY: Shifting Cyber Risk: The Critical Role Of Indemnification In Vendor Contracts
By Latosha M. Ellis and Veronica P. Adams
-
August 15, 2025
D.C. Circuit Affirms VPPA Protects Only ‘Consumers’ Of Video Service Providers
WASHINGTON, D.C. — The Video Privacy Protection Act (VPPA) applies only to those who rent, purchase or subscribe to goods or services offered by a provider of video tape services, the District of Columbia Circuit U.S. Court of Appeals ruled, affirming a lower court’s dismissal of claims that a newspaper publisher violated the law by sending information about the video viewing habits of visitors to its online website to a third party.
-
August 15, 2025
Timeclock Seller Prevails On Employer’s Cross-Claims In Illinois Privacy Action
CHICAGO — A company facing an ongoing class action involving finger-scan timeclocks that it sold has had an employer’s cross-claims against it dismissed with prejudice in an Illinois federal court, where a judge recently found that under the Illinois Biometric Information Privacy Act (BIPA), “the templates at issue in this case constitute biometric information.”
-
August 14, 2025
Split 4th Circuit Vacates Preliminary Injunction In Unions’ DOGE Data Access Suit
RICHMOND, Va. — A trial court abused its discretion when it found that unions and veterans were likely to prevail on each issue raised in a lawsuit opposing the sharing of individuals’ personally identifiable information (PII) with the U.S. Department of Government Efficiency (DOGE), split Fourth Circuit U.S. Court of Appeals panel ruled, vacating a preliminary injunction and remanding for further proceedings.
-
August 14, 2025
Split 6th Circuit Won’t Review Petitions Challenging FCC Telecom Data Breach Rule
CINCINNATI — A split Sixth Circuit U.S. Court of Appeals panel on Aug. 13 denied consolidated petitions for review of a Federal Communications Commission rule requiring reporting by telecommunications carriers of data breaches involving personally identifiable information (PII), finding that pursuant to the Communications Act, the FCC has the authority to implement reporting requirements related to data breaches involving customer PII.
-
August 12, 2025
Law Firm Credibly Alleges Breach Of Duty To Indemnify In Cyber Crime Coverage Suit
SEATTLE — A federal judge in Washington held that a law firm insured plausibly alleges that a commercial cyber insurance policy covers its liability under the Security Breach Liability provision, refusing to dismiss the insured’s claim that the insurer breached its duty to indemnify.
-
August 08, 2025
Judge Approves Settlement Of Shareholder Action Against Zoom For Privacy Policies
WILMINGTON, Del. — A federal judge in Delaware approved a settlement in a shareholder derivative action against Zoom Video Communications Inc. that alleged that certain current and former directors of the company misrepresented the company’s privacy and securities practices; under the terms of the settlement, Zoom will adopt and implement several governance reforms including establishing a cybersecurity committee and enhancing Zoom’s guidelines relating to stock trading plans.
-
August 07, 2025
Woman’s Suit Over Disclosed Medical Info, Harassment Remanded To State Court
BOSTON — Signing and adopting an order that accompanied a plaintiff’s motion to remand, a Massachusetts federal judge agreed that the dismissal of the United States as a defendant from a lawsuit over the purported intentional dissemination of her private medical information lacked the necessary diversity of citizenship to retain federal jurisdiction.
-
August 07, 2025
Judge Approves $6.8 Million Settlement Of Rite Aid Data Breach Class Action
PHILADELPHIA — A $6.8 million settlement of a consolidated class action over a 2024 data breach experienced by Rite Aid Corp. satisfied the requirements of Federal Rule of Civil Procedure 23 and relevant case law, a Pennsylvania federal judge found, granting final approval to the settlement as well as to the plaintiffs’ requests for attorney fees, costs and service awards.