Newsletter RSS

Mealey's Data Privacy

  • November 11, 2024

    Plaintiffs, Law Firm Seek Initial Approval Of $8.5M Data Breach Suit Settlement

    WEST PALM BEACH, Fla. — A former client and a former employee of a law firm filed a motion for preliminary approval of an $8.5 million settlement of their putative class claims over a 2022 data breach experienced by the firm, telling a Florida federal court that the proposed agreement provides for such remedies as credit monitoring and identity theft protection, in addition to monetary claims.

  • November 11, 2024

    Converse Website User Asks 9th Circuit To Find Wiretap Law Applies To Internet

    SAN FRANCISCO — A California woman who claimed wiretap and privacy violations related to the customer chat feature on Converse Inc.’s website asks the Ninth Circuit U.S. Court of Appeals to reinstate her putative class action, arguing that a trial court improperly disregarded her evidence that a third-party vendor intercepted and read chat communications in violation of the California Invasion of Privacy Act (CIPA).

  • November 08, 2024

    Tentative Settlement Announced In CareFirst Data Breach Class Action

    WASHINGTON, D.C. — Eight days after a group of policyholders whose personally identifiable information (PII) was exposed in a data breach experienced by their insurer was denied the opportunity to appeal a class certification ruling, the plaintiffs and the insurer informed a District of Columbia federal court that a tentative settlement of the nine-year-old suit had been reached.

  • November 08, 2024

    Insurers Dispute Coverage For BIPA Violation Class Action Against Taco Bell Owners

    NEW ORLEANS — Commercial general liability and umbrella insurers filed a complaint in an Illinois federal court seeking a declaratory judgment that they have no duty to defend and indemnify against an underlying class action lawsuit alleging that the owners and operators of Taco Bell restaurants in Illinois violated the state’s Biometric Information Privacy Act (BIPA).

  • November 07, 2024

    9th Circuit Affirms Dismissal Of Saudi Dissident’s Suit Over Twitter Info Theft

    SAN FRANCISCO — Almost a year after hearing oral argument, a Ninth Circuit U.S. Court of Appeals panel majority on Nov. 6 upheld a trial court’s dismissal of a political dissident’s negligence claims against Twitter Inc., finding that his assertion that the social network operator was liable for the theft and sharing of his personal information by two employees, which endangered him and his family, was barred by the statute of limitations.

  • November 07, 2024

    Justices Question Facebook, Investors Over Disclosing Data-Sharing Incident

    WASHINGTON, D.C. — In oral arguments held Nov. 6 in the U.S. Supreme Court, attorneys for Facebook Inc. (now known as Meta Platforms Inc.) and a group of its investors fielded queries about whether Facebook’s failure to disclose its past sharing of users’ data with a third-party analytics firm in risk statements constituted securities fraud because the incident amounted to a risk of future harm.

  • November 06, 2024

    Winning Firm In Data Breach Arbitration Waives Response To Res Judicata Cert Petition

    WASHINGTON, D.C. — A company that experienced a 2019 data breach, which led to a canceled business agreement, a trade secret lawsuit and an arbitration in which it prevailed, waived its right to respond to a petition for certiorari in which its former client asks the U.S. Supreme Court to weigh in on when a court should decide the preclusive effect of a judgment on a related arbitration.

  • November 04, 2024

    Supreme Court Won’t Hear Suit Over Privacy Of Nevada Family Court Records

    WASHINGTON, D.C. — The U.S. Supreme Court on Nov. 4 declined to review a case in which a father involved in a custody dispute challenged a ruling in which a divided Nevada Supreme Court declared state laws to be unconstitutional because they presumptively sealed child custody court proceedings.

  • November 04, 2024

    LinkedIn Seeks Dismissal Of Wiretap, Privacy Claims In California Court

    SAN JOSE, Calif. — In the first of at least five lawsuits accusing LinkedIn Corp. of privacy violations related to its use of tracking pixels on advertisers’ websites, the professional network operator filed a motion in California federal court to dismiss the putative class action, calling it an attempt “to attack routine website analytics tools as a criminal wiretap.”

  • November 01, 2024

    Applying Texas Law To Biometric Privacy Suit, Judge Dismisses Illinois Law Claims

    DALLAS — Finding a Texas forum selection clause on Match Group Inc.’s websites to be valid, a Texas federal judge granted the company’s motion to dismiss putative class claims against it under the Illinois Biometric Information Privacy Act (BIPA), ruling that they failed as a matter of law.

  • October 31, 2024

    Negligence Claim Against Software Firm After Data Breach Dismissed Again

    SAN JOSE, Calif. — The creator of a file transfer program failed to establish that the facts alleged about a negligence claim in an amended class complaint were sufficiently different from the original complaint to merit dismissal of the claim that was previously dismissed, a California federal judge ruled, denying the software firm’s renewed dismissal motion in a lawsuit over a 2020 data breach.

  • October 31, 2024

    Privacy Claims Against YETI Did Not Establish Derivative Liability, Judge Finds

    SAN FRANCISCO — A customer of YETI Coolers LLC failed to show that the company was aware that its payment processing partner was improperly retaining and using consumers’ personally identifiable information (PII) or intentionally participated in these actions, a California federal judge found, granting YETI’s motion to dismiss putative class claims against it for invasion of privacy.

  • October 31, 2024

    Insureds Can’t Appeal Ruling Limiting Class Damages In Data Breach Suit

    WASHINGTON, D.C. — A group of policyholders who are the plaintiffs in a nine-year-old lawsuit over a 2015 data breach experienced by their insurer were denied the right to pursue an interlocutory appeal of a ruling that curtailed their ability to seek mitigation damages related to the theft of their personally identifiable information (PII), with the District of Columbia Circuit U.S. Court of Appeals deeming the damages issue not appealable because it “does not relate to class certification for purposes of” Federal Rule of Civil Procedure 23(f).

  • September 16, 2024

    Reconsideration Denied On Issue Of Mitigation Costs In Plaintiffs’ Data Breach Suit

    WASHINGTON, D.C. — A District of Columbia federal judge denied a motion for reconsideration and motion for leave to file an interlocutory appeal filed by plaintiff policyholders whose personally identifiable information (PII) was stolen in a 2014 data breach because the finding that mitigation costs are not recoverable in a breach of contract action under District of Columbia law has been the law of the case since 2019.

  • October 30, 2024

    10th Circuit Files Notice On Record In Social Media Moderation 1st Amendment Row

    DENVER  —  In an appeal to the 10th Circuit U.S. Court of Appeals by Utah officials of a district court ruling granting a preliminary injunction to an internet trade association to stop the enforcement of Utah legislation to moderate minors’ access to social media due to the law’s purported violation of the First and 14th amendments to the U.S. Constitution, the 10th Circuit clerk of court issued a notice advising that the lower court said its record is complete.

  • October 30, 2024

    Credit Unions Seek Final OK Of Wawa Data Breach Suit Settlement, Fees Award

    PHILADELPHIA — One year after preliminary approval was given to a settlement between a class of financial institutions (FIs) and Wawa Inc. in a suit over a 2019 data breach experienced by the convenience store chain, the FIs filed a motion in Pennsylvania federal court for final approval of the settlement, which is valued at $28.5 million, as well as a motion for an attorney fees and costs award of $8.5 million.

  • October 29, 2024

    Initial OK Given To $525,000 Settlement Of Philadelphia Inquirer Data Breach Suit

    PHILADELPHIA — Granting an unopposed motion to preliminarily approve the settlement of a putative class action brought by past and present employees against the Philadelphia Inquirer over a 2023 data breach, a Pennsylvania federal judge deemed the proposed agreement, which includes a $525,000 settlement fund, to be “fair, reasonable and adequate.”

  • October 28, 2024

    Mass. Supreme Court Finds Tracking Of Web Browsing Doesn’t Violate Wiretap Law

    BOSTON — Concluding that a state wiretapping statute pertains to person-to-person communications, a Massachusetts Supreme Judicial Court majority concluded that the act did not apply to a plaintiff’s claims that two hospitals tracked her web-browsing activities on their websites, leading it to reverse a trial court’s denial of the hospitals’ motions to dismiss.

  • October 25, 2024

    Alexa AI Voice Plaintiffs Seeking Class Certification Point To Recent BIPA Ruling

    CHICAGO — A federal judge recently certified a class action after finding that finger scans fell within the definition of fingerprints and were governed by the Illinois Biometric Information Privacy Act (BIPA), plaintiffs in a federal court in Illinois challenging the capture and use of voices for training the Alexa artificial intelligence said in an unopposed motion for leave to file supplemental authority.

  • October 25, 2024

    Doctor Seeks To Halt Enforcement Of New HIPAA Privacy Law

    AMARILLO, Texas — A Texas doctor filed a complaint against the U.S. Department of Health and Human Services (HHS) in Texas federal court, seeking a declaration that a newly passed modification to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which focuses on privacy for protected health information (PHI) related to reproductive health care, violates the Administrative Procedure Act (APA) and should be permanently enjoined from being enforced.

  • October 22, 2024

    Insurer Says It Owes No Defense, Indemnification For Data Breach Claim, Suit

    SEATTLE — A media tech insurer filed suit in a Washington federal court seeking a declaration that it has no duty to defend or indemnify its financial services firm insured against a bank’s indemnification demand for a data breach incident and a related subrogation lawsuit brought by the bank’s insurer.

  • October 21, 2024

    Magistrate Reduces Data Sample Google Must Produce In Assistant Eavesdropping Row

    SAN JOSE, Calif. — A California federal magistrate judge on Oct. 18 resolved a two-year-old discovery dispute in a class action over Google LLC’s purported eavesdropping of users of its Google Assistant (GA) app, reducing the number of user query samples the defendant must provide to the plaintiffs in light of a subsequent ruling certifying only a single class claim for unfair competition.

  • October 21, 2024

    Plaintiffs Settle Data-Sharing Suit With Univision After Class Certification Denied

    MIAMI — Two months after a Florida federal judge denied a motion to certify a class action against the operator of the Univision NOW website for its purported sharing of private video viewing information of the site’s users, the same judge administratively closed the lawsuit the same day the three named plaintiffs announced that they had reached a settlement with the defendant.

  • October 21, 2024

    Papa John’s Website User Asks 3rd Circuit To Rethink Jurisdiction Ruling

    PITTSBURGH — One month after a split Third Circuit U.S. Court of Appeals panel affirmed dismissal of a wiretapping lawsuit related to purported tracking of website activity by Papa John’s International Inc., the lead plaintiff in the putative class action filed a petition for rehearing, maintaining that he sufficiently established Pennsylvania jurisdiction over the pizza chain and contending that the majority’s ruling conflicted with Third Circuit and U.S. Supreme Court precedent.

  • October 18, 2024

    Delaware High Court Briefed On T-Mobile AI-Program Shareholder Derivative Action

    WILMINGTON, Del. — Instances where a director acts in the interests of a parent while sitting on the board of a subsidiary require a different standard because in such cases, there would be no paper trail evidence of an effort to provide profits only for the parent, a woman leading a shareholder derivative action says in asking the Delaware Supreme Court to revive a case alleging that a parent company directed T-Mobile US Inc. to centralize data for an artificial intelligence project, leaving the latter susceptible to cyberattack.  But in an answering brief, the appellees tell the court that the woman’s appeal was full of challenges she didn’t raise below and therefore had waived and that even on the merits, she could not show that the parent company alone would have profited from the data-sharing program.

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.