Newsletter RSS

Mealey's Data Privacy

  • December 09, 2025

    8th Circuit Finds Movie Theater Chain Isn’t Video Provider, Didn’t Violate VPPA

    ST. PAUL, Minn. — A trial court’s dismissal of a putative class claim that a movie theater chain violated the Video Privacy Protection Act (VPPA) was affirmed by an Eighth Circuit U.S. Court of Appeals panel on Dec. 8, which concluded that although the chain shares certain consumer information with Meta Platforms Inc., it does not qualify as a video tape service provider (VTSP) under the statute.

  • December 09, 2025

    10th Circuit Affirms Nonprofit’s Right To Seek New Mexico Voter Data

    DENVER — A 10th Circuit U.S. Court of Appeals panel ruled that use restrictions and a data-sharing ban enacted by New Mexico officials over certain voter information are preempted by and run counter to the purposes of the National Voter Registration Act (NVRA), leading it to partly affirm a New Mexico federal court’s ruling in favor of a nonprofit that had requested such voter data from state officials.

  • December 09, 2025

    NetChoice Challenge To Maryland’s Online Safety Act Allowed To Proceed

    BALTIMORE — A Maryland federal judge denied the Maryland attorney general’s motion to dismiss an eight-count amended complaint filed by an internet trade association representing Amazon, Google and others whose “mission is to promote online commerce and speech,” holding that the association plausibly alleges that a Maryland online safety law burdens protected editorial activity, reaches expressive conduct subject to First Amendment scrutiny and conflicts with federal law.

  • December 08, 2025

    Federal Judge Refuses To Dismiss Breach Of Contract Suit Against Cyber Risk Insurer

    ORLANDO, Fla. — A federal judge in Florida on Dec. 5 denied a cyber and data risk insurer’s motion to dismiss an insured’s breach of contract and declaratory judgment lawsuit arising from a 2024 data breach that caused interruption to its financial technology business, holding that the insured’s allegations are sufficient to survive the insurer’s motion to dismiss.

  • December 08, 2025

    AT&T Says FCC’s $57M Fine Was Improper But Still Wants High Court Review

    WASHINGTON, D.C. — AT&T Inc. on Dec. 5 filed a brief in the U.S. Supreme Court responding to a petition for a writ of certiorari filed by the Federal Communications Commission and the United States challenging the Fifth Circuit U.S. Court of Appeals’ ruling vacating a $57 million fine against AT&T for improper handling of customers’ location data, writing that the Fifth Circuit’s ruling was correct under SEC v. Jarkesy but agreeing that certiorari should be granted because of a circuit split on the issue.

  • December 08, 2025

    Sports-Streaming Subscriber Denied Certiorari Over Data Sharing Under VPPA

    WASHINGTON, D.C. — The U.S. Supreme Court declined to hear two cases pertaining to the Video Privacy Protection Act (VPPA) in its Dec. 8 order list, including one in which a Texas woman asked the high court to define what constitutes “personally identifiable information” (PII) under the act.

  • December 08, 2025

    NBA Denied Certiorari In VPPA Suit Over Personal Viewing Data

    WASHINGTON, D.C. — A few days after the National Basketball Association filed a supplemental brief maintaining its stance that certiorari was needed to resolve a circuit split over what type of data disclosure is barred under the Video Privacy Protection Act (VPPA), the U.S. Supreme Court denied the NBA’s petition without comment in its Dec. 8 order list.

  • December 08, 2025

    $14 Million Settlement Of Data Breach Suit Against Turnkey Payer Gets Final OK

    MIAMI — A Florida federal judge deemed the $14 million settlement of a consolidated class action over a turnkey payer service’s 2022 data breach to be “fair, reasonable, and adequate,” granting final approval and issuing final judgment to the plaintiffs.

  • December 05, 2025

    NBA Maintains Certiorari Needed In VPPA Suit Over Personal Viewing Data

    WASHINGTON, D.C. — Noting a trial court’s dismissal of a subsequent lawsuit filed by an online digital subscriber, who is the respondent in the present case, the National Basketball Association on Dec. 4 filed the latest in a series of supplemental briefs asking the U.S. Supreme Court to grant its petition for certiorari in light of that ruling and others that have created a circuit split as to what type of data disclosure is barred under the Video Privacy Protection Act (VPPA).

  • December 04, 2025

    6 More States Sued By U.S. Government For Not Supplying Voter Information

    WASHINGTON, D.C. — For the third time in three months, the U.S. Department of Justice, on behalf of the United States, filed complaints in federal courts against states that had not complied with requests for certain voter records that originated from the office of U.S. Attorney General Pam Bondi, with the DOJ alleging violation of the Civil Rights Act of 1960 (CRA) by six more states, bringing the total number of states charged for such violations to 14.

  • December 04, 2025

    Judge Certifies Alexa Voice ID Biometric Data Class Suit, Excludes Named Plaintiff

    CHICAGO — A named plaintiff who signed up for Amazon.com Inc.’s Voice ID program after the filing of a suit would be subject to unique defenses that render him unfit to be a class representative, a federal judge in Illinois said while certifying claims that the company violated Illinois law by collecting certain biometric data through its Alexa artificial intelligence system.

  • December 04, 2025

    Texas’ Challenge Of HIPAA Privacy Rules Dropped After Similar Suit Dismissed

    LUBBOCK, Texas — A Texas federal judge granted a joint motion by Texas and the U.S. Department of Health and Human Services to voluntarily dismiss the state’s challenge of two privacy rules that supplemented the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which the parties filed after a similar lawsuit resulted in a ruling against the U.S. government and in the dismissal of an appeal of that ruling by third parties.

  • December 03, 2025

    Judge Grants Arbitration, Stays Wiretap Class Action Against Toyota, Progressive

    SHERMAN, Texas — A federal judge in Texas on Dec. 2 granted Toyota Motor North America Inc.’s motion to compel arbitration and stay a class action alleging that Toyota, Progressive Casualty Insurance Co. and a provider of data analytics services in the automotive industry violated the Federal Wiretap Act and are responsible for injuries they inflicted on tens of thousands of class members because of their unauthorized collection and dissemination of private information from Toyota vehicles.

  • December 02, 2025

    Standing Is Focus Of High Court Argument In Suit Over Pregnancy Center Subpoena

    WASHINGTON, D.C. — The U.S. Supreme Court heard oral arguments on Dec. 2 in a dispute concerning the New Jersey attorney general’s subpoena for information including the identity of pregnancy center donors, with the petitioner contending that the center operator had standing to sue in federal court as soon as the subpoena was issued and the respondent countering that standing requirements are still unsatisfied.

  • December 02, 2025

    Minnesota High Court Told Hospital’s Disclosing Room Number Violated Records Act

    ST. PAUL, Minn. — In a respondent brief, a man asks the Minnesota Supreme Court to affirm an appeals court’s finding that a health system’s disclosure of his hospital room number and location violated the Minnesota Health Records Act (MHRA) because this information was connected with his receipt of health care from the hospital.

  • December 01, 2025

    Illinois Panel: No Extra Expense Coverage Owed For Loss Arising From Cyberattack

    CHICAGO — An Illinois appeals court panel held that a management company for multiple nursing care facilities is not entitled to recover the expenses it incurred following a cyberattack on one of its payroll vendors, affirming a lower court’s ruling in favor of an insurer in the management company’s declaratory judgment lawsuit.

  • November 26, 2025

    Judge Halts DOJ From Obtaining Minors’ Gender Dysphoria Treatment Info

    PHILADELPHIA — The U.S. Department of Justice will not be permitted to obtain the personal information of minors seeking treatment for gender-affirming care from a Philadelphia hospital, a Pennsylvania federal judge ruled, granting the hospital’s motion to limit a subpoena in which the DOJ sought information about certain drugs and treatments.

  • November 26, 2025

    Dismissal Of Lobsterman’s Constitutional Challenge To Maine Tracking Rule Upheld

    BOSTON — The First Circuit U.S. Court of Appeals affirmed a lower court’s dismissal of a Maine lobsterman’s Fourth Amendment challenge to a lobster vessel tracking rule, holding that commercial lobstering is a closely regulated industry and that the rule satisfies all three elements of the administrative search standard, finding that it advances a governmental interest in fishery conservation, relies on warrantless monitoring and provides a constitutionally adequate substitute for a warrant through notice and narrowly tailored data collection.

  • November 25, 2025

    DOJ Opposes Armed Robber’s Certiorari Petition Over Google Geofence Warrant

    WASHINGTON, D.C. — The U.S. Department of Justice filed a brief on behalf of the U.S. government on Nov. 24, opposing a petition for a writ of certiorari filed by a convicted bank robber, asserting that any mistakes that were potentially made in serving a geofence location-tracking warrant on Google LLC were outweighed by the good faith exception to the exclusionary rule of the Fourth Amendment to the U.S. Constitution under which the petitioner sought to exclude this evidence.

  • November 25, 2025

    Judge Stops IRS From Sharing Taxpayer Data With ICE For Immigration Enforcement

    WASHINGTON, D.C. — A nonprofit, a business association and two labor unions succeeded in preventing the Internal Revenue Service from sharing the addresses of immigrant taxpayers with Immigration and Customs Enforcement, when a District of Columbia federal judge granted their motion to stay the IRS’s new data-sharing policy, which the judge found to be unlawful under the Administrative Procedure Act (APA) and the Internal Revenue Code (IRC).

  • November 24, 2025

    Federal Judge Dismisses Cybercrime Coverage Suit After Parties Reach Settlement

    SEATTLE — Following a settlement that was announced in October, a federal judge in Washington dismissed with prejudice a law firm insured’s lawsuit seeking commercial cyber insurance coverage for a breach of the firm’s security measures.

  • November 21, 2025

    Wis. Appeals Court: Identity Theft Threat Doesn’t Create Data Breach Suit Standing

    WAUSAU, Wis. — Workers who filed a class complaint against their employer following a data breach alleged only a risk of future harm, which was insufficient to show standing for their negligence, breach of contract and other putative class claims, a Wisconsin appellate court ruled, affirming the trial court’s dismissal of the case.

  • November 21, 2025

    1st Circuit Rejects Insurer’s Appeal In Health Data Breach Dispute

    BOSTON — The First Circuit U.S. Court of Appeals on Nov. 20 affirmed a lower federal court’s summary judgment ruling in favor of a cybersecurity company in a lawsuit arising from a 2018 health data breach, rejecting an insurer’s argument that the lower court erred in denying it equitable indemnification from the cybersecurity company.

  • November 20, 2025

    $6.4M Data Breach Settlement With Medical Equipment Vendor Given Final Approval

    INDIANAPOLIS — An Indiana federal judge granted final approval and entered judgment in a data breach class action against a sleep apnea product supply company for a nonreversionary $6.38 million settlement that provides up to $2,000 per claimant and awards $1,699,212.44 in attorney fees, $39,897.57 in litigation expenses and $3,000 service awards to each of the 21 class representatives.

  • November 20, 2025

    $5M Class Deal In Geisinger Data Breach Case Wins Preliminary Approval

    WILLIAMSPORT, Pa. — A Pennsylvania federal judge granted conditional certification of an opt-out settlement class and preliminary approval of a $5 million deal with a Pennsylvania health care provider and its tech services vendor who were sued over a 2023 data breach.