Newsletter RSS

Mealey's Data Privacy

  • June 13, 2025

    Initial OK Given To $6.3M Settlement Of Apnea Supply Firm Data Breach Suit

    INDIANAPOLIS — Preliminarily approving an agreement providing more than $6.3 million to settle a class action over data breaches experienced by a sleep apnea supply firm, an Indiana federal judge held that the parties “will likely be able to certify and approve a settlement class under Federal Rule of Civil Procedure 23.”

  • June 12, 2025

    DOGE Enjoined From Further Access To OPM Records By Federal Judge

    NEW YORK — In a 99-page ruling, a New York federal judge granted a preliminary injunction motion filed by two labor unions and a group of federal employees to halt any further access of U.S. Office of Personnel Management (OPM) computer systems and records by U.S. Department of Government Efficiency (DOGE) agents, who have not been sufficiently vetted, credentialed or trained per the Privacy Act.

  • June 12, 2025

    Data Breach Class Action Against Biotech Firm Settles For $7.5 Million

    CENTRAL ISLIP, N.Y. — Four months after preliminarily approving a $7.5 million settlement of a consolidated class action over a 2023 data breach experienced by a biotech firm, a New York federal magistrate judge granted final approval to the settlement, which provides for up to $10,000 in out-of-pocket reimbursements for class members.

  • June 12, 2025

    Class Action Alleges Insurer Intentionally Disclosed Driver’s License Numbers

    NEW YORK — A class action complaint for violation of the Driver’s Privacy Protection Act (DPPA) was brought against Lemonade Inc. in a New York federal court on June 9, alleging that the insurer knowingly and intentionally obtained, used and disclosed class members’ driver’s license numbers and other personal information on its online quoting platform that was ultimately accessed by cybercriminals.

  • June 11, 2025

    Revised, Reduced Attorney Fees Award In CPK Data Breach Suit Approved

    SANTA ANA, Calif. — After an initial attorney fees award of $800,000 was rejected and remanded by the Ninth Circuit U.S. Court of Appeals in a consolidated class action over a data breach experienced by California Pizza Kitchen Inc. (CPK), a California federal judge on June 10 approved a revised fees and costs request, which reduces the original award by more than $500,000.

  • June 11, 2025

    Some Privacy Claims Over Google’s Collection Of Health Data May Proceed

    SAN FRANCISCO — A group of anonymous plaintiffs suing Google LLC over the alleged collection and sharing of users’ health-related data saw most of their privacy and related claims survive the tech company’s second dismissal motion, with a California federal judge finding that in the second amended consolidated complaint (SAC) the plaintiffs corrected defects that led to their previous complaint being completely dismissed.

  • June 10, 2025

    Magistrate Approves $7.25M Settlement Of Patreon Privacy Violation Claims

    SAN FRANCISCO — A California federal magistrate judge granted a motion for final approval of a $7.25 million settlement to resolve claims that Patreon Inc. illegally shared its users’ video-viewing data with social media company Meta Platforms Inc., including more than $2.1 million in attorney fees, and rejected as invalid more than 900 opt-outs filed on behalf of class members by a third-party “recovery company.”

  • June 10, 2025

    1 Plaintiff, 1 Claim Remain In Marsh & McLennan Data Breach Class Action

    NEW YORK — After two dismissal rulings, discovery, an appeal, a class representative substitution and choice-of-law disputes, a 4-year-old putative class action over a 2021 data breach experienced by Marsh & McLennan Cos. Inc. has just a single remaining claim for breach of implied contract in a second amended complaint (SAC) that was filed at the direction of a New York federal judge after the most recent ruling.

  • June 10, 2025

    Emotional Distress Claim Over Hacked Apple Account Again Survives Dismissal

    SAN JOSE, Calif. — A user of Apple Inc. devices and iCloud service sufficiently alleged that the company’s failure to rectify flaws in its recovery key reset process contributed to permitting hackers to gain access to his personal data and files, a California federal judge found, denying the tech company’s motion to dismiss a claim for intentional infliction of emotional distress.

  • June 09, 2025

    Split U.S. Supreme Court Resumes DOGE Access To SSA Records

    WASHINGTON, D.C. — A U.S. Supreme Court majority on June 6 concluded that the Social Security Administration (SSA) must again provide access to agency records to a Department of Government Efficiency (DOGE) SSA team, staying a preliminary injunction issued in April by a federal judge in Maryland.

  • June 06, 2025

    4th Circuit Again Decertifies Marriott Data Breach Classes Without Another Remand

    RICHMOND, Va. — Almost two years after it decertified several classes for claims against Marriott International Inc. and its information technology provider related to a massive data breach, a Fourth Circuit U.S. Court of Appeals panel again decertified the same classes, finding them to be barred under a class action waiver that was part of the hotel chain’s contract with customers.

  • June 05, 2025

    Mass. High Court: Police Review Of Indictee’s GPS Data Didn’t Violate Privacy

    BOSTON — Law enforcement’s use of GPS data, from a man being monitored pursuant to a pretrial release agreement, to connect him with a subsequent crime did not violate his constitutional rights, a unanimous Massachusetts Supreme Judicial Court held June 4, because the man had no expectation of privacy in the data collection to which he had consented.

  • June 05, 2025

    $525,000 Settlement Of Data Breach Suit Against Property Manager Gets Initial OK

    NEW ORLEANS — A proposed agreement that would settle putative class claims brought by a former tenant against a property manager over a 2021 data breach that he says exposed his personally identifiable information (PII) received preliminary approval from a Louisiana federal judge, who deemed the $525,000 settlement fund to be “within the range of what is reasonable.”

  • June 04, 2025

    Wiretapping, Data-Sharing Claims Against Eyewear Website Dismissed For Second Time

    DALLAS — Almost eight months after a Texas federal judge dismissed a putative class action alleging that an eyewear retailer’s website was sharing customers’ private health information (PHI) with Meta Platforms Inc., the judge dismissed an amended complaint, finding that the plaintiffs still failed to allege that any PHI, in the form of eyewear prescriptions, was among the data that was shared.

  • June 03, 2025

    Judge Limits Certain Expert Testimony In Data Collection Case Against Google

    SAN FRANCISCO — A California federal judge on June 2 ruled on competing motions to exclude expert testimony in a case against Google LLC over data collection, finding that certain testimony is inadmissible under Daubert v. Merrell Dow Pharmaceuticals Inc.

  • June 03, 2025

    Dismissal Of BIPA Suit Denied; Amendment Limiting Damages Is Not Retroactive

    CHICAGO — An August 2024 amendment to the Illinois Biometric Information Privacy Act (BIPA) that limits the amount of damages an individual may recover was a change rather than a clarification and was not retroactive, a federal judge in that state ruled, denying a motion to dismiss for lack of jurisdiction filed by the operators of medical facilities accused by employees of collecting and storing their information.

  • June 03, 2025

    IRS Opposes Bitcoin Owner’s Certiorari Bid Over Financial Records Summons

    WASHINGTON, D.C. — Touting its investigative powers, the Internal Revenue Service filed a brief in the U.S. Supreme Court, opposing a petition for certiorari from a man whose financial records were seized from a cryptocurrency exchange via a judicially issued summons, arguing that there was no violation of the Fourth Amendment to the U.S. Constitution because the petitioner had no reasonable expectation of privacy in the seized documents.

  • May 30, 2025

    Ex-Employees’ Claims Over Duty-Free Shops’ Data Breach Partly Survive Dismissal

    CENTRAL ISLIP, N.Y. — Negligence and breach of implied contracts brought by two former employees against the operators of airport duty-free shops may proceed, a New York federal judge ruled, while dismissing unjust enrichment and fiduciary duty claims related to a 2023 data breach.

  • May 30, 2025

    Judgment Partly Granted To Meta, App Maker In Ovulation App Privacy Class Action

    SAN FRANCISCO — A California federal judge delivered a mixed summary judgment ruling to Meta Platforms Inc. and Flo Health Inc., as he partly dismissed privacy and consumer protection claims in a class action over allegations that users’ personally identifiable information (PII) was shared when they used the Flo Period & Ovulation Tracker app.

  • May 29, 2025

    Judge Modifies, But Won’t Dissolve, Injunction Over DOGE Access To Treasury Data

    NEW YORK — A preliminary injunction that originally prevented the U.S. Department of the Treasury from granting access to its data and payment systems to anyone affiliated with the U.S. Department of Government Efficiency (DOGE) was modified by a New York federal judge to permit access to DOGE team members who have been properly vetted and trained and to specifically grant access to four DOGE team members who have satisfied these conditions.

  • May 29, 2025

    Ex-Employee’s Beef With Meatpacker’s Data Breach Response Sent To Arbitration

    SAVANNAH, Ga. — Finding a beef producer’s arbitration agreement to be binding on a former employee that sued the company over a 2024 data breach, a Georgia federal judge directed the plaintiff to submit her putative negligence and breach of contract class claims to an arbitrator.

  • May 29, 2025

    Final OK Given To $3.25 Million Settlement Of Class Action Over USAA Data Breach

    WHITE PLAINS, N.Y. — An almost 4-year-old suit over a 2021 data breach experienced by United Services Automobile Association (USAA) was resolved when a New York federal judge approved a $3.25 million settlement between the insurance company and a lone lead plaintiff, disposing of claims including negligence and violation of the Driver’s Privacy Protection Act (DPPA).

  • May 28, 2025

    Judge Dismisses Trump, Not Musk Or DOGE, From States’ Appointments Clause Suit

    WASHINGTON, D.C. — Granting in part a motion to dismiss filed by President Donald J. Trump, Elon Musk and the U.S. Department of Government Efficiency (DOGE), a District of Columbia federal judge on May 27 dismissed appointments clause and ultra vires claims against the president because the court was not permitted to issue an injunction against the president related to his official duties.

  • May 28, 2025

    7th Circuit Refuses To Reconsider Ruling In Coverage Dispute Over BIPA Violations

    CHICAGO —The Seventh Circuit U.S. Court of Appeals declined a commercial liability insurer’s invitation to reconsider its opinion that vacated and remanded a lower court’s ruling in favor of the insurer in its lawsuit disputing coverage for an underlying putative class action alleging that a food ingredient manufacturer insured violated the Illinois Biometric Information Privacy Act (BIPA).

  • May 28, 2025

    Golden Corral, Employees Settle Data Breach Class Action For $1.85 Million

    RALEIGH, N.C. — A $1.85 million settlement of class claims over a 2013 data breach experienced by Golden Corral Corp. received final approval from a North Carolina federal judge, who deemed the restaurant chain’s agreement with a class of employees whose personally identifiable information (PII) was compromised in the breach to be “fair, reasonable, adequate, and in the best interests of the” class.