Mealey's Data Privacy
-
December 08, 2025
NBA Denied Certiorari In VPPA Suit Over Personal Viewing Data
WASHINGTON, D.C. — A few days after the National Basketball Association filed a supplemental brief maintaining its stance that certiorari was needed to resolve a circuit split over what type of data disclosure is barred under the Video Privacy Protection Act (VPPA), the U.S. Supreme Court denied the NBA’s petition without comment in its Dec. 8 order list.
-
December 08, 2025
$14 Million Settlement Of Data Breach Suit Against Turnkey Payer Gets Final OK
MIAMI — A Florida federal judge deemed the $14 million settlement of a consolidated class action over a turnkey payer service’s 2022 data breach to be “fair, reasonable, and adequate,” granting final approval and issuing final judgment to the plaintiffs.
-
December 05, 2025
NBA Maintains Certiorari Needed In VPPA Suit Over Personal Viewing Data
WASHINGTON, D.C. — Noting a trial court’s dismissal of a subsequent lawsuit filed by an online digital subscriber, who is the respondent in the present case, the National Basketball Association on Dec. 4 filed the latest in a series of supplemental briefs asking the U.S. Supreme Court to grant its petition for certiorari in light of that ruling and others that have created a circuit split as to what type of data disclosure is barred under the Video Privacy Protection Act (VPPA).
-
December 04, 2025
6 More States Sued By U.S. Government For Not Supplying Voter Information
WASHINGTON, D.C. — For the third time in three months, the U.S. Department of Justice, on behalf of the United States, filed complaints in federal courts against states that had not complied with requests for certain voter records that originated from the office of U.S. Attorney General Pam Bondi, with the DOJ alleging violation of the Civil Rights Act of 1960 (CRA) by six more states, bringing the total number of states charged for such violations to 14.
-
December 04, 2025
Judge Certifies Alexa Voice ID Biometric Data Class Suit, Excludes Named Plaintiff
CHICAGO — A named plaintiff who signed up for Amazon.com Inc.’s Voice ID program after the filing of a suit would be subject to unique defenses that render him unfit to be a class representative, a federal judge in Illinois said while certifying claims that the company violated Illinois law by collecting certain biometric data through its Alexa artificial intelligence system.
-
December 04, 2025
Texas’ Challenge Of HIPAA Privacy Rules Dropped After Similar Suit Dismissed
LUBBOCK, Texas — A Texas federal judge granted a joint motion by Texas and the U.S. Department of Health and Human Services to voluntarily dismiss the state’s challenge of two privacy rules that supplemented the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which the parties filed after a similar lawsuit resulted in a ruling against the U.S. government and in the dismissal of an appeal of that ruling by third parties.
-
December 03, 2025
Judge Grants Arbitration, Stays Wiretap Class Action Against Toyota, Progressive
SHERMAN, Texas — A federal judge in Texas on Dec. 2 granted Toyota Motor North America Inc.’s motion to compel arbitration and stay a class action alleging that Toyota, Progressive Casualty Insurance Co. and a provider of data analytics services in the automotive industry violated the Federal Wiretap Act and are responsible for injuries they inflicted on tens of thousands of class members because of their unauthorized collection and dissemination of private information from Toyota vehicles.
-
December 02, 2025
Standing Is Focus Of High Court Argument In Suit Over Pregnancy Center Subpoena
WASHINGTON, D.C. — The U.S. Supreme Court heard oral arguments on Dec. 2 in a dispute concerning the New Jersey attorney general’s subpoena for information including the identity of pregnancy center donors, with the petitioner contending that the center operator had standing to sue in federal court as soon as the subpoena was issued and the respondent countering that standing requirements are still unsatisfied.
-
December 02, 2025
Minnesota High Court Told Hospital’s Disclosing Room Number Violated Records Act
ST. PAUL, Minn. — In a respondent brief, a man asks the Minnesota Supreme Court to affirm an appeals court’s finding that a health system’s disclosure of his hospital room number and location violated the Minnesota Health Records Act (MHRA) because this information was connected with his receipt of health care from the hospital.
-
December 01, 2025
Illinois Panel: No Extra Expense Coverage Owed For Loss Arising From Cyberattack
CHICAGO — An Illinois appeals court panel held that a management company for multiple nursing care facilities is not entitled to recover the expenses it incurred following a cyberattack on one of its payroll vendors, affirming a lower court’s ruling in favor of an insurer in the management company’s declaratory judgment lawsuit.
-
November 26, 2025
Judge Halts DOJ From Obtaining Minors’ Gender Dysphoria Treatment Info
PHILADELPHIA — The U.S. Department of Justice will not be permitted to obtain the personal information of minors seeking treatment for gender-affirming care from a Philadelphia hospital, a Pennsylvania federal judge ruled, granting the hospital’s motion to limit a subpoena in which the DOJ sought information about certain drugs and treatments.
-
November 26, 2025
Dismissal Of Lobsterman’s Constitutional Challenge To Maine Tracking Rule Upheld
BOSTON — The First Circuit U.S. Court of Appeals affirmed a lower court’s dismissal of a Maine lobsterman’s Fourth Amendment challenge to a lobster vessel tracking rule, holding that commercial lobstering is a closely regulated industry and that the rule satisfies all three elements of the administrative search standard, finding that it advances a governmental interest in fishery conservation, relies on warrantless monitoring and provides a constitutionally adequate substitute for a warrant through notice and narrowly tailored data collection.
-
November 25, 2025
DOJ Opposes Armed Robber’s Certiorari Petition Over Google Geofence Warrant
WASHINGTON, D.C. — The U.S. Department of Justice filed a brief on behalf of the U.S. government on Nov. 24, opposing a petition for a writ of certiorari filed by a convicted bank robber, asserting that any mistakes that were potentially made in serving a geofence location-tracking warrant on Google LLC were outweighed by the good faith exception to the exclusionary rule of the Fourth Amendment to the U.S. Constitution under which the petitioner sought to exclude this evidence.
-
November 25, 2025
Judge Stops IRS From Sharing Taxpayer Data With ICE For Immigration Enforcement
WASHINGTON, D.C. — A nonprofit, a business association and two labor unions succeeded in preventing the Internal Revenue Service from sharing the addresses of immigrant taxpayers with Immigration and Customs Enforcement, when a District of Columbia federal judge granted their motion to stay the IRS’s new data-sharing policy, which the judge found to be unlawful under the Administrative Procedure Act (APA) and the Internal Revenue Code (IRC).
-
November 24, 2025
Federal Judge Dismisses Cybercrime Coverage Suit After Parties Reach Settlement
SEATTLE — Following a settlement that was announced in October, a federal judge in Washington dismissed with prejudice a law firm insured’s lawsuit seeking commercial cyber insurance coverage for a breach of the firm’s security measures.
-
November 21, 2025
Wis. Appeals Court: Identity Theft Threat Doesn’t Create Data Breach Suit Standing
WAUSAU, Wis. — Workers who filed a class complaint against their employer following a data breach alleged only a risk of future harm, which was insufficient to show standing for their negligence, breach of contract and other putative class claims, a Wisconsin appellate court ruled, affirming the trial court’s dismissal of the case.
-
November 21, 2025
1st Circuit Rejects Insurer’s Appeal In Health Data Breach Dispute
BOSTON — The First Circuit U.S. Court of Appeals on Nov. 20 affirmed a lower federal court’s summary judgment ruling in favor of a cybersecurity company in a lawsuit arising from a 2018 health data breach, rejecting an insurer’s argument that the lower court erred in denying it equitable indemnification from the cybersecurity company.
-
November 20, 2025
$6.4M Data Breach Settlement With Medical Equipment Vendor Given Final Approval
INDIANAPOLIS — An Indiana federal judge granted final approval and entered judgment in a data breach class action against a sleep apnea product supply company for a nonreversionary $6.38 million settlement that provides up to $2,000 per claimant and awards $1,699,212.44 in attorney fees, $39,897.57 in litigation expenses and $3,000 service awards to each of the 21 class representatives.
-
November 20, 2025
$5M Class Deal In Geisinger Data Breach Case Wins Preliminary Approval
WILLIAMSPORT, Pa. — A Pennsylvania federal judge granted conditional certification of an opt-out settlement class and preliminary approval of a $5 million deal with a Pennsylvania health care provider and its tech services vendor who were sued over a 2023 data breach.
-
November 20, 2025
$3.25 Million Settlement, Injunctive Relief Approved In Student Data Breach Case
LOS ANGELES — A California judge granted the state’s unopposed ex parte application for final judgment and a permanent injunction against a data storage provider, requiring the company to implement enhanced data security measures, undergo third-party audits for five years and pay $3.25 million in penalties after the state alleged that the provider failed to maintain data privacy safeguards that led to a 2022 breach exposing sensitive student information in at least 49 school districts.
-
November 19, 2025
Consolidated Class Suit Over College Data Breach Stayed Pending Settlement
CHATTANOOGA, Tenn. — A federal judge in Tennessee on Nov. 18 stayed a consolidated class action to allow for the finalization of a settlement in the case filed against Lee University after its system containing personally identifiable information (PII) of students and prospective students was hacked.
-
November 19, 2025
3rd Circuit Agrees Data Transmitted To Facebook By Quest Wasn’t Medical
PHILADELPHIA — A trial court correctly dismissed a putative class complaint accusing Quest Diagnostics Inc. of violating two California laws by transmitting users’ browsing data to Facebook as “none of that data was substantive medical information,” a Third Circuit U.S. Court of Appeals panel ruled in a nonprecedential opinion.
-
November 19, 2025
Verizon Seeks U.S. Supreme Court Review Of FCC Forfeiture Order, $46.9M Penalty
WASHINGTON, D.C. — Verizon Communications Inc. filed a petition for writ of certiorari in the U.S. Supreme Court seeking review of a Second Circuit U.S. Court of Appeals ruling denying review of a Federal Communications Commission forfeiture order imposing a $46.9 million penalty for violating the Communications Act and related regulations regarding Verizon’s alleged failure to safeguard certain customer proprietary network information.
-
November 18, 2025
Stay Denied Due To No Irreparable Injury Showing In Centralized Database Case
WASHINGTON, D.C. — A federal judge in the District of Columbia in a Nov. 17 opinion noted doubt about “the lawfulness of” the federal government’s centralized database of Americans’ personal data but denied a motion for a stay filed by several nonprofits and individuals based on the failure to demonstrate irreparable injury as the database changes have already been made.
-
November 18, 2025
N.C. Judge Approves $2.45M Website Tracking Software Settlement With Health System
RALEIGH, N.C. — A North Carolina state court judge on Nov. 17 approved a class action settlement between patients and former patients of a hospital system and the hospital system in a suit asserting that software on the hospital’s website captured their information and sent it to Facebook without their consent, finding that the $2.45 million settlement “is fair, reasonable, adequate, and in the best interest of the settlement class.”