Newsletter RSS

Mealey's Data Privacy

  • December 04, 2024

    FTC Announces Actions Over Data Brokers’ Sale Of Precise Location Data

    WASHINGTON, D.C. — The Federal Trade Commission on Dec. 3 announced agency actions it has taken against data brokers that bought and sold individuals’ precise location data in violation of the Federal Trade Commission Act, simultaneously filing complaints and decisions in both actions.

  • December 04, 2024

    Policy Exclusion Bars Coverage For BIPA Suit, Illinois Panel Rules In Reversal

    CHICAGO — An Illinois appeals panel held that insurers have no duty to defend their insured against an underlying class action lawsuit alleging that the insured violated the Illinois Biometric Information Privacy Act (BIPA) because the policies’ “Recording and Distribution” exclusion barred coverage, reversing a lower court’s judgment in favor of the insured and remanding.

  • December 03, 2024

    Judge Rules On Cross-Motions For Summary Judgment In BIPA Violation Coverage Suit

    CHICAGO — A federal judge in Illinois granted in part and denied in part cross-motions for summary judgment filed by an excess insurer and a franchisee of the Burger King chain in its breach of contract lawsuit seeking a declaration that the insurer has a duty to defend it against an underlying putative class lawsuit alleging that it violated the Illinois Biometric Information Protection Act (BIPA).

  • December 03, 2024

    Judge Chides Data Breach Attorneys For ‘Sub-Par’ Work, Reduces Fees Award

    NEW HAVEN, Conn. — Despite granting final approval to a $1.5 million settlement of a lawsuit over a health care services provider’s 2022 data breach, as well as the plaintiffs’ requests for service awards and cost reimbursements, a Connecticut federal judge reduced the requested attorney fees award for using “very, very high” rates in light of “significant errors” by plaintiffs’ counsel.

  • December 02, 2024

    Insurers To Pay $11.3 Million To New York State Over Data Breaches

    ALBANY, N.Y. — New York Attorney General Letitia James and the New York State Department of Financial Services (DFS) have reached agreements with two national auto insurance companies under which they will pay a total of $11.3 million in penalties for “having poor data security,” which the attorney general said led to data breaches that exposed the personally identifiable information (PII) of their policyholders.

  • November 25, 2024

    Supreme Court Declines To Consider Res Judicata In Data Breach Arbitration Suit

    WASHINGTON, D.C. — A Texas company’s petition for certiorari on issues of the preclusive effect of a judgment on an arbitration, both related to a 2019 data breach, was denied without comment by the U.S. Supreme Court in its Nov. 25 order list.

  • November 22, 2024

    COMMENTARY: 2024 Key Insurance Decisions, Trends & Developments & A Look Ahead To 2025

    By Scott M. Seaman, Pedro E. Hernandez and Lisa M. Roccanova

  • November 22, 2024

    Federal Judge: Illinois Act Placing Limits On BIPA Recovery Applies Retroactively

    CHICAGO — An August amendment to Illinois’ Biometric Information Privacy Act (BIPA) that placed limits on an individual’s recovery for certain data release violations applies retroactively, a federal judge in Illinois ruled, dismissing for lack of subject matter jurisdiction an employee’s complaint against his employer.

  • November 22, 2024

    Judge Strikes Insurer’s Counterclaim Against Burger King Franchisee As Redundant

    CHICAGO — A federal judge in Illinois granted a franchisee of the Burger King chain’s motion to strike an excess insurer’s declaratory judgment counterclaim in its breach of contract lawsuit seeking a declaration that the insurer has a duty to defend it against an underlying putative class lawsuit alleging that it violated the Illinois Biometric Information Protection Act (BIPA), finding that the counterclaim is redundant and “serves no useful purpose.”

  • November 22, 2024

    U.S. High Court:  Data-Sharing Incident Disclosure Petition Improvidently Granted

    WASHINGTON, D.C. — The U.S. Supreme Court on Nov. 22 “dismissed as improvidently granted” a petition for a writ of certiorari filed by Meta Platforms Inc. (formerly Facebook Inc.) and the company’s senior executives after the Ninth Circuit U.S. Court of Appeals held that the company issued misleading statements about the risk of potential misuse of user data because the company was aware that it had already occurred; the one-page per curiam opinion was filed a little over two weeks after the justices heard oral arguments.

  • November 22, 2024

    California Appeals Panel Finds Tech Firm’s Claims Over Ransomware Attack Untimely

    SAN JOSE, Calif. — A trial court properly dismissed a cloud solutions firm’s amended contractual cross-claims over its client’s ransomware attack as barred by the statute of limitations, a California appeals panel ruled, finding that the company’s decision to originally name its client’s insurer and subrogee as cross-defendant was intentional and not a mistake.

  • September 17, 2024

    23andMe Asks MDL Judge To Approve $30M Data Breach Settlement

    SAN FRANCISCO — Genetic data company 23andMe Inc. filed a brief urging the U.S. District Court for the Northern District of California to grant preliminary approval to a $30 million settlement to resolve claims in a multidistrict litigation brought by plaintiffs whose genetic data on 23andMe’s website was hacked and offered for sale online and asking the court to enjoin separate litigation and arbitrations brought against it for the breach that it says could “jeopardize . . . the Settlement.”

  • November 21, 2024

    Some 23andMe Users Seek Arbitration, Not Class Action, For Data Breach Claims

    SAN FRANCISCO — In a brief filed in California federal court, several users of 23andMe Inc.’s website defend their right to pursue arbitration against the company for the theft of their genetic information by hackers, arguing that their decision to arbitrate defeats any typicality of claims between them and class members in a multidistrict litigation (MDL) over the theft and makes preliminary approval of a settlement of the MDL inappropriate.

  • November 21, 2024

    Texas Judge OKs Settlement Reimbursing University Data Breach Victims’ Losses

    SAN ANTONIO — An agreement in which a university agrees to reimburse ordinary and extraordinary losses that class members suffered due to a 2022 data breach was deemed “fair, reasonable, and adequate” by a Texas judge as she granted final approval to the settlement of negligence and privacy class claims over the incident.

  • November 20, 2024

    Final Approval Given To $115 Million Settlement Of Oracle Data Collection Suit

    SAN FRANCISCO — A $115 million settlement of privacy class claims over data collection and brokerage activities conducted by Oracle America Inc. was found to provide “substantial benefits” to the class by a California federal judge, who granted final approval of the settlement over 28 objections received by class members.

  • November 20, 2024

    Data Brokers Settle With Calif. Privacy Agency For Not Complying With ‘Delete Act’

    SACRAMENTO, Calif. — The California Privacy Protection Agency (CPPA) announced its first two settlements with data brokers that did not comply with the requirements of the newly enacted law known as “The Delete Act.”

  • November 19, 2024

    $65 Million Data Breach Settlement By Pennsylvania Health Provider Given Final OK

    SCRANTON, Pa. — A Pennsylvania judge granted final approval of a $65 million settlement to be paid by Lehigh Valley Health Network Inc. (LVHN) to end a class complaint alleging that a February 2023 data breach resulted in the disclosure of personal information and medical records, including nude photographs.

  • November 19, 2024

    2 Claims Over Hospitals’ Data Sharing Dismissed; 4 Claims Survive

    PORTLAND, Ore. — A woman’s claims over a hospital chain’s purported sharing of her protected health information (PHI) were partly dismissed, with an Oregon federal judge finding claims for breach of implied contract and intrusion upon seclusion not sufficiently alleged, while giving the green light to four other putative class claims related to such data being allegedly shared with Meta Platforms Inc. and Google Inc.

  • November 19, 2024

    Federal Class Action Complaint Accuses Auto Insurer, Law Firm Of Barratry

    HOUSTON — Insureds filed a class action complaint in a Texas federal court against an automobile insurer and a law firm alleging that they committed barratry, conspiracy and statutory violations by illegally sharing the personal information of car accident victims for solicitation.

  • November 18, 2024

    Panel Reverses Dismissal Of State’s Data Breach UCL Claim, Citing Discovery Rule

    SAN DIEGO — A California appellate panel addressing a question of first impression on Nov. 15 reversed a trial court’s ruling in favor of Experian Data Corp. barring claims brought by the San Diego District Attorney’s Office accusing Experian of violating California’s unfair competition law (UCL) by failing to protect more than 400,000 California customers whose data was hacked, writing that the state adequately alleged that its UCL claim accrued within the statute of limitations period.

  • November 18, 2024

    Service Awards, Attorney Fees At Issue In Meta Privacy Suit Certiorari Petition

    WASHINGTON, D.C. — Meta Platforms Inc. (formerly Facebook Inc.) and a group of Facebook users who sued over the social network’s tracking of their online activity were both given additional time by the U.S. Supreme Court to respond to a petition for certiorari by a class member who objects to awards for attorney fees and class representative service awards that were part of a $90 million settlement of the privacy class action.

  • November 14, 2024

    Class, Wawa Ask 3rd Circuit To Affirm Attorney Fees Award In Data Breach Suit

    PHILADELPHIA — Wawa Inc. and a group of consumers who sued it over a 2019 data breach filed briefs with the Third Circuit U.S. Court of Appeals defending a $3 million attorney fees award that is part of a $9 million class action settlement agreement, asserting that the award was not the product of collusion and satisfies Federal Rule of Civil Procedure 23 and asking the court to affirm the award and to reject objections a class member raises on his second appeal of the matter.

  • November 14, 2024

    Ovulation App Privacy Claims Against Analytics Firm Stayed Pending Settlement

    SAN FRANCISCO — Putative class privacy claims against an analytics firm related to purported data sharing via the Flo Period & Ovulation Tracker app were stayed by a California federal judge, who granted a joint motion by the company and a group of the app’s users after they jointly announced a settlement of the claims.

  • November 13, 2024

    Law Firm’s $8M Global Data Breach Settlement Granted Final Approval

    SAN FRANCISCO — An $8 million global class settlement to be paid by a law firm after its network was breached and the personally identifiable information (PII) of more than 630,000 individuals was potentially accessed was granted final approval on Nov. 12 by a federal judge in California.

  • November 12, 2024

    Law Firm’s $8M Data Breach Settlement Tentatively Approved; Fees Reviewed

    SAN FRANCISCO — A federal judge in California issued a tentative ruling approving an $8 million class global settlement to be paid by a law firm after its network was breached and the personal identifiable information (PII) of more than 630,000 individuals was potentially accessed but questioned the specifics of the settlement terms and indicated that attorney fees were still being reviewed, according to civil minutes.

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.