Newsletter RSS

Mealey's Data Privacy

  • October 23, 2025

    Consumer Files VPPA Petition As High Court Justices Mull Earlier VPPA Petitions

    WASHINGTON, D.C. — A California man filed a petition for a writ of certiorari in the U.S. Supreme Court asking the justices to decide the definition of “goods or services from a video tape service provider” in the Video Privacy Protection Act (VPPA) in a class case he filed against Paramount Global, doing business as 247Sports, over the release of his video viewing history to Facebook; the petition was filed as the justices continue to consider two other VPPA-related petitions, one of which was filed by the National Basketball Association (NBA) in a case brought by the same individual over a similar release of information to Facebook.

  • October 22, 2025

    Judge Grants Injunction, Remittitur In Meta Fraud Suit Against Spyware Firm

    OAKLAND, Calif. — A California federal judge granted a permanent injunction to WhatsApp Inc. (now known as WhatsApp LLC) and its parent company Facebook Inc. (now known as Meta Platforms Inc.) to prevent alleged continued violation of California computer fraud laws after a jury found that the defendant, an Israel-based manufacturer of spyware, violated one of those laws.

  • October 22, 2025

    Bank Of Canton’s $300,000 Settlement Approved In MOVEit Data Breach MDL

    BOSTON — A federal judge in Massachusetts on Oct. 21 granted final approval to a $300,000 class settlement to be paid by The Bank of Canton, ending claims against it related to a security incident due in part to a vulnerability in the MOVEit Transfer application; the settlement is one of several reached in the multidistrict litigation over a 2023 ransomware attack that affected users of the MOVEit file-transfer app.

  • October 22, 2025

    Judge Approves $600,000 Pharmacy Data Breach Class Settlement

    TACOMA, Wash. — A federal judge in Washington granted final approval to a $600,000 settlement in a data breach case involving a pharmacy and found the $198,000 request for attorney fees reasonable.

  • October 22, 2025

    United States, FCC Defend $57M Fine Against AT&T In High Court Petition

    WASHINGTON, D.C. — The Federal Communications Commission and United States urge the U.S. Supreme Court in a petition for a writ of certiorari to find that the FCC acted properly under federal law and the U.S. Constitution when it imposed a more than $57 million fine on a telecommunications company for improper handling of customers’ location data, writing that the case is distinguishable from SEC v. Jarkesy because the company had the option to challenge the fine in a jury trial.

  • October 21, 2025

    6th Circuit Holds In Abeyance Motions To File Briefs In FCC Data Rule Challenge

    CINCINNATI — A Sixth Circuit U.S. Court of Appeals panel held in abeyance motions to file amicus curiae briefs in support of a petition for rehearing of the court’s prior ruling denying internet provider trade associations’ consolidated petitions for review of a Federal Communications Commission rule requiring reporting by telecommunications carriers of data breaches involving personally identifiable information (PII).

  • October 21, 2025

    $1.9M Settlement Approved In Class Action Over Medical Patient Data Breach

    CLARKSVILLE, Ark. — An Arkansas judge granted final approval of a $1.9 million class settlement resolving claims that a health system failed to adequately protect patient information compromised in a March 2024 cybersecurity breach and awarded $665,000 in attorney fees and $22,055.26 in expenses to class counsel and $2,500 service awards for each of the 11 named plaintiffs.

  • October 17, 2025

    No Coverage Owed For BIPA Class Action Against Insured, Illinois Panel Affirms

    CHICAGO — An Illinois appeals panel concluded that an insurer has no duty to defend or indemnify its information technology services and consulting firm insured against an underlying putative class lawsuit brought under the Illinois Biometric Information Privacy Act (BIPA), affirming the lower court’s finding that the insured’s “wrongful acts” and “enterprise security events” were not covered because they occurred prior to the policy's retroactive date.

  • October 17, 2025

    3 Data Breach Class Actions Consolidated By Texas Federal Judge

    SHERMAN, Texas — A Texas federal judge has consolidated three putative class actions filed by employees or former employees of a janitorial service who claim that their personally identifiable information (PII) was stolen in a January data breach, finding that all three actions arise from a common set of alleged operative facts and that the plaintiffs assert overlapping claims and seek similar relief.

  • October 17, 2025

    2 Named Plaintiffs Have Standing To Pursue Claims Stemming From Data Breach

    RICHMOND, Va. — Two of four named plaintiffs in a consolidated class action stemming from a data breach incident have standing to pursue their claims against the insurance companies whose network was hacked because their allegation that their driver's license numbers were posted on the dark web after the breach constitutes a concrete injury, the Fourth Circuit U.S. Court of Appeals said in partially reversing a district court’s opinion dismissing the case.

  • October 16, 2025

    Motion To Compel Discovery Partly Granted In Software Data Sharing Class Dispute

    MINNEAPOLIS — A Minnesota federal magistrate judge on Oct. 15 granted in part a motion to compel discovery for production of documents and responses to interrogatories by a health care provider in a putative class suit filed by former and current patients alleging that the provider collected and shared patient medical data with third parties through use of pixel software developed by Meta Platform Inc., finding that the request for production related to social media use is “relevant to” the claims of the patients and the provider’s defenses.

  • October 15, 2025

    Va. Appeals Court Reverses, Remands Ruling Requiring Camera Data Search Warrant

    RICHMOND, Va. — The Virginia Court of Appeals on Oct. 14 reversed and remanded a lower court ruling that required police to obtain a search warrant before accessing surveillance camera data, holding that officers were not required to do so because the brief, noncontinuous capture of the appellee’s vehicle movements on public roads did not implicate a reasonable expectation of privacy under the Fourth Amendment.

  • October 15, 2025

    Respondent Urges U.S. High Court To Affirm That Subpoena Case Is Unripe

    WASHINGTON, D.C. — Filing an Oct. 14 merits brief in a case the U.S. Supreme Court has agreed to consider, New Jersey’s attorney general argues in part that the ruling the operator of pregnancy centers seeks would turn “every quotidian subpoena dispute into a federal case — a result not even the Federal Government can stomach, as it demands a bespoke exception for its own administrative subpoenas.”

  • October 14, 2025

    Judge Clarifies Partial Dismissal Of Data Sharing Claims Against LinkedIn

    SAN JOSE, Calif. — A California federal judge issued an amended order clarifying a prior order partially dismissing claims under the California Invasion of Privacy Act (CIPA) and dismissing one of four putative class complaints in its entirety regarding allegations that LinkedIn Corp. used a tracking pixel to intercept and share users’ personal data with third-party advertisers.

  • October 14, 2025

    Same Disposition In Firm’s CFAA Suit Against Ex-Workers After 3rd Circuit Rehearing

    PHILADELPHIA — After granting a petition for rehearing of a decision affirming that two former employees of a national debt-collection firm did not commit computer fraud, steal trade secrets or violate other state and federal laws through the creation and sharing of a spreadsheet containing passwords and protected login information, the Third Circuit U.S. Court of Appeals vacated the original opinion and issued an amended opinion but did not ultimately change the disposition of the appeal.

  • October 13, 2025

    Judge: Individuals Who Sued Over U.S. Centralized Database May Face Retaliation

    WASHINGTON, D.C. — A federal judge in the District of Columbia on Oct. 10 granted a sealed motion to proceed under pseudonyms filed by individuals who, along with several nonprofits, sued the federal government on behalf of a putative nationwide class seeking to enjoin the use of their personal data in a centralized database of Americans’ personal data; the judge ruled that the individuals “have demonstrated specific retaliation risks that far outweigh any prejudice to Defendants.”

  • October 13, 2025

    FBI Seeks High Court Review Of Ruling In State Secrets Surveillance Dispute

    WASHINGTON, D.C. — Arguing in a petition for a writ of certiorari that the Ninth Circuit U.S. Court of Appeals “adopted improper and wholly novel procedural requirements that essentially negate the [state secrets] privilege in myriad cases,” the Federal Bureau of Investigation urged the U.S. Supreme Court to again consider a case in which it previously reversed the Ninth Circuit; the ruling established a new procedure for courts to consider information covered by the state secrets privilege rather than simply excluding all such information from a lawsuit alleging improper surveillance of Muslims.

  • October 10, 2025

    Subscriber Says High Court Review Of NBA’s Petition In VPPA Suit May Be Complicated

    WASHINGTON, D.C. — A digital subscriber to the National Basketball Association’s website, nba.com, who claims that his video-watching history was disclosed without his consent in violation of the Video Privacy Protection Act (VPPA) filed a notice of appeal to the Second Circuit U.S. Court of Appeals following a New York federal judge’s dismissal of his second amended complaint and filed a supplemental brief in the U.S. Supreme Court, notifying the high court of the case developments and urging the high court to deny review of the NBA’s petition for writ of certiorari because the competing appeals may complicate the high court’s review.

  • October 10, 2025

    Partial Dismissal Granted In Data Breach Suit Against Chicago Children’s Hospital

    CHICAGO — A federal judge in Illinois partially granted a Chicago children’s hospital’s motion to dismiss a consolidated amended class complaint filed by patients and parents after nearly 800,000 patients’ personal and medical data was accessed by cybercriminals.

  • October 10, 2025

    $2.62M Settlement Over Debt Collection Company Data Breach Gets Final OK

    PHILADELPHIA — A federal judge in Pennsylvania has granted final approval of a $2,625,000 settlement in a consolidated class action over a 2023 data breach experienced by a national debt collection and accounts receivable management company, finding it “fair, reasonable, and adequate.”

  • October 08, 2025

    Valuation, Attorney Fee Issues Lead To Preliminary Denial Of Privacy Settlement

    PHOENIX — An Arizona federal judge denied preliminary approval of a proposed class settlement to resolve claims over a mental health provider’s alleged use of Meta’s Pixel to share patient data, holding that the agreement lacked evidence to establish its overall value and contained an attorney fee structure that was disproportionate to class recovery.

  • October 08, 2025

    Federal Judge Says Law Firm, Insurer Have Settled Cyber Crime Coverage Dispute

    SEATTLE — A federal judge in Washington reported that a settlement has been reached in a law firm insured’s lawsuit seeking commercial cyber insurance coverage for a breach of the firm’s security measures, striking the June 1, 2026, trial date and ordering that dismissal and settlement papers be submitted by Dec. 5.

  • October 06, 2025

    U.S. Supreme Court Won’t Decide Conflict On FERPA Interpretations

    WASHINGTON, D.C. — A school district’s petition for a writ of certiorari that asking U.S. Supreme Court justices to clear up conflicting court interpretations regarding enforcement of the Family Education Rights and Privacy Act of 1974 (FERPA) alongside state public records acts (PRAs) was denied by the high court on Oct. 6.

  • October 06, 2025

    Covert Recordings State Ban Won’t Be Considered By U.S. High Court

    WASHINGTON, D.C. — A petition for a writ of certiorari filed by a pair of nonprofit media organizations that oppose an Oregon statutory ban on most covert recordings was denied Oct. 6 by the U.S. Supreme Court.

  • October 06, 2025

    U.S. High Court Denies Debt Collection Firm’s Petition On Jurisdiction

    WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 6 denied a petition for a writ of certiorari filed by a debt collection firm seeking clarification on whether a single errantly sent letter is sufficiently comparable to the tort of intrusion upon seclusion to establish jurisdiction for a claim under the Fair Debt Collection Practices Act (FDCPA).