Mealey's Data Privacy
-
February 07, 2025
5 Motions To Dismiss Bellwether Complaint Filed In MOVEit Data Breach MDL
BOSTON — The software company that designed the MOVEit file-transfer app filed a motion in Massachusetts federal court to dismiss the bellwether complaint in the massive multidistrict litigation over a 2023 ransomware attack that targeted the app, as did four of its clients, whose customers had their personal information exposed in the incident.
-
August 02, 2024
Data Breach Class Suits Against Health Care Provider, IT Vendor Consolidated
SCRANTON, Pa. — A federal judge in Pennsylvania has consolidated nine putative class actions against Geisinger Health and its third-party information technology services vendor stemming from the Nov. 29 discovery that a former employee of the vendor had accessed and acquired the personally identifiable information (PII) and personal health information (PHI) of individuals who received health care from the provider.
-
February 06, 2025
6th Circuit Stands By No Coverage Ruling In Home Depot’s Suit Over Data Breach
CINCINNATI — The Sixth Circuit U.S. Court of Appeals on Feb. 5 denied Home Depot’s petition seeking a panel rehearing of a majority ruling that affirmed an Ohio federal court’s finding that a commercial general liability insurance policy’s electronic data exclusion bars coverage for Home Depot’s losses stemming from a 2014 data breach.
-
February 06, 2025
Unions, Groups Allege DOGE Is Seizing Private Info While Dismantling Government
WASHINGTON, D.C. — Personnel from the newly formed Department of Government Efficiency (DOGE) have entered several federal agencies in the last two weeks, seized data, including “sensitive personnel data,” taken employment action against those who resist the efforts and started to transform or “fully dismantle” the agencies, five unions and one nonprofit think tank allege in a complaint filed in a federal court in the District of Columbia on Feb. 5, the same day the unions and group moved for a temporary restraining order to halt the seizure of data from the U.S. Department of Labor (DOL).
-
February 05, 2025
Privacy Suit Over Mental Health Site’s Data Sharing Mostly Survives Dismissal
PHOENIX — Two users of a mental health firm’s website adequately pleaded putative class claims for wiretapping, unfair competition and privacy over the site operator’s use of Meta Platforms Inc’s Pixel to collect and share users’ personal data, an Arizona federal judge ruled, mostly denying the operator’s dismissal motion.
-
February 05, 2025
CareFirst Data Breach Suit Settlement For Injunctive Relief Gets Initial OK
WASHINGTON, D.C. — A District of Columbia federal judge on Feb. 4 granted preliminary approval to a settlement of a decade-old putative class action over a health insurer’s 2014 data breach that offers only injunctive relief to class members.
-
February 05, 2025
FBI Workers Involved In Trump Cases File 2 Suits To Keep Identities Private
WASHINGTON, D.C. — Two complaints, one of which is a putative class action, and two motions for temporary restraining orders (TROs) were filed Feb. 4 by current and former employees of the Federal Bureau of Investigation and the Federal Bureau of Investigation Agents Association (FBIAA) in a federal court in the District of Columbia seeking to stop the publication or dissemination of a list allegedly being compiled of FBI employees who were involved in investigating two events involving President Donald J. Trump; the complaints allege that releasing the workers’ identifies will violate their privacy rights and put them at risk of retribution.
-
February 04, 2025
Home Depot Asks 6th Circuit To Rehear No Coverage Ruling In Data Breach Dispute
CINCINNATI — Home Depot filed a petition in the Sixth Circuit U.S. Court of Appeals seeking a panel rehearing of a majority ruling that affirmed an Ohio federal court’s finding that a commercial general liability insurance policy’s electronic data exclusion bars coverage for Home Depot’s losses stemming from a 2014 data breach.
-
February 04, 2025
Florida Judge Gives Final OK To $6.8 Million Settlement Of Hospital Data Breach Row
TAMPA, Fla. — A $6.8 million settlement of class claims over a hospital’s 2023 data breach achieved final approval from a Florida judge on Feb. 3, with attorney fees, costs and service awards also getting the thumbs up.
-
February 04, 2025
Plastic Surgeon Allegedly Failed To Protect Patient Data And Nude Photos From Hackers
LOS ANGELES — Eight patients on Feb. 3 filed suit in California federal court accusing a plastic surgeon and his medical practice of violating California’s unfair competition law (UCL) and other laws by failing to protect their data or prevent a cyberattack by hackers who obtained data including nude photographs of patients, some of which the hackers have allegedly posted online.
-
February 04, 2025
2 Unions, Group Sue Treasury Department Over Elon Musk’s Alleged Privacy Intrusion
WASHINGTON, D.C. — Less than two weeks after the Jan. 20 inauguration, Elon Musk and/or other members of the newly formed “Department of Government Efficiency” (DOGE) were provided unfettered access U.S. Treasury Department records in violation of the Privacy Act of 1974 and the Internal Revenue Code, an advocacy group and two unions, each with members that are current or former federal employees, allege in a complaint filed Feb. 3 in a federal court in the District of Columbia.
-
February 04, 2025
8th Circuit Upholds Remand Of Putative Class Suit Alleging Sharing Of Health Info
ST. LOUIS — A trial court’s remand of a putative class suit accusing a health care company of violating Missouri law by sharing private health information with third parties was upheld by an Eighth Circuit U.S. Court of Appeals panel that opined that federal jurisdiction did not exist under the federal officer removal statute or the Class Action Fairness Act (CAFA).
-
February 04, 2025
Federal Government Employees File Privacy Class Suit Over OPM ‘Test’ Emails
WASHINGTON, D.C. — Two federal workers referred to only as Jane Does filed a class complaint in a federal court in the District of Columbia accusing the Office of Personnel Management (OPM) of failing to conduct and publish a privacy impact assessment (PIA) before allegedly sending out “test” emails that the workers claim are being used to collect information on workers that is being sent to someone working for Elon Musk.
-
February 03, 2025
User Dismisses Class Suit Claiming LinkedIn Trained AI On Users’ Private Messages
SAN FRANCISCO — Less than two weeks after filing a putative class action in California federal court accusing LinkedIn of violating federal law and California’s unfair competition law (UCL) by accessing its premium users’ private messages to train artificial intelligence models without their consent, the plaintiff, a premium user of LinkedIn’s professional networking and social media site, filed a notice of voluntary dismissal without prejudice.
-
January 30, 2025
Kids’ Privacy Claims Over YouTube Data Collection Trimmed Further
SAN JOSE, Calif. — In the latest ruling in favor of Google LLC over its purported collection of personally identifiable information (PII) from minor users of YouTube, a California federal magistrate judge found that although a sixth amended complaint corrected a handful of the deficiencies identified in a previous dismissal ruling, the plaintiffs’ state law unjust enrichment claims and some of their consumer protection claims merited dismissal without leave to amend.
-
January 28, 2025
Video Game Player, Amazon Announce Settling Of BIPA Suit; Judge Stays Deadlines
SEATTLE — The same day that Amazon Web Services Inc. (AWS) and Amazon.com Inc. (Amazon, collectively) and a plaintiff announced the settlement of claims under Illinois’ Biometric Information Privacy Act (BIPA) related to a basketball video game, a Washington federal judge stayed proceedings in the putative class action while the settlement is finalized.
-
January 28, 2025
Indiana High Court: Discovery Of Smartphone Data Requires ‘Some’ Evidence Of Use
INDIANAPOLIS — Weighing the need for requested discovery from a smartphone in an auto accident lawsuit with the phone owner’s privacy rights, an Indiana Supreme Court majority established an analytical framework in which it held that the party requesting such discovery “must provide ‘some evidence’” of the smartphone’s use before a court can grant a corresponding discovery motion.
-
January 28, 2025
Judge OKs $1.07 Million Settlement Of Pharmacy Service Data Breach Class Action
BOSTON — A proposed $1,075,000 settlement of class action negligence and breach of fiduciary duty claims over a pharmacy service’s 2021 data breach received final approval from a Massachusetts federal judge, who found that the agreement satisfied the requirements of Federal Rule of Civil Procedure 23.
-
January 27, 2025
Supreme Court Won’t Consider Service Awards, Attorney Fees In Meta Privacy Suit
WASHINGTON, D.C. — An objector to the $90 million settlement of a multidistrict litigation over Meta Platforms Inc.’s purported online tracking of Facebook users saw his petition for certiorari denied Jan. 27, with the U.S. Supreme Court declining to take up his questions over the propriety of plaintiff service awards and attorney fees in the settlement.
-
January 27, 2025
Oklahoma Supreme Court: Litigant Can’t Subpoena An Expert’s Financial Records
OKLAHOMA CITY — Although a litigant may discover an expert witness’ compensation on a current lawsuit, the Oklahoma Supreme Court ruled that a party may not subpoena an expert to learn compensation on past cases for the purpose of uncovering potential bias, stating that there are other methods of discovering bias that do not invade a witness’s privacy.
-
January 23, 2025
Judge Gives Final OK To $2.2M Settlement Of Data Breach Suit Against Health Care Firm
ORLANDO, Fla. — A Florida federal judge granted final approval to a dual-fund settlement of a class complaint over a health care provider’s 2021 data breach, concluding that the $2.2 million total settlement, as well as an accompanying request for more than $424,000 in attorney fees, is reasonable.
-
January 23, 2025
LinkedIn Used Private Messages To Train Generative AI, User Claims
SAN FRANCISCO — A user of the professional networking and social media site LinkedIn filed a putative class action lawsuit in California federal court accusing the company that operates the site of violating federal law and California’s unfair competition law (UCL) by accessing Premium users’ private messages to train artificial intelligence models without their consent.
-
January 23, 2025
Former Meta COO Sanctioned Over Lost E-Mails In Fiduciary Breach Suit
WILMINGTON, Del. — A Delaware Court of Chancery vice chancellor granted in part a motion for sanctions filed by plaintiffs in a breach of fiduciary suit against Facebook Inc. (now known as Meta Platforms Inc.) CEO Mark Zuckerberg, former chief operating officer (COO) Sheryl Sandberg and specified board members and related parties over Meta’s alleged “deceptive” privacy settings resulting in sharing users information without their consent, finding that because Sandberg failed to preserve emails resulting in prejudice to the plaintiffs, the court will increase the burden of proof against her on any relevant issue.
-
January 23, 2025
State Privacy Claim Against LinkedIn Dismissed For Lack Of Jurisdiction
SAN JOSE, Calif. — Two weeks after dismissing a woman’s Driver’s Privacy Protection Act (DPPA) putative class claim against LinkedIn Corp. for the second time, a California federal judge dismissed her remaining state law claim over the online professional network operator’s purported data sharing for lack of jurisdiction under the Class Action Fairness Act (CAFA).
-
January 22, 2025
On Review, ECPA Claim Over Health Care Firm’s Tracking Deemed Properly Pleaded
RIVERSIDE, Calif. — Reversing his previous dismissal of an Electronic Communications Privacy Act (ECPA) claim against a health care provider, a California federal judge granted a patient’s reconsideration motion and found that she sufficiently alleged that the defendant acted with improper purpose by using Facebook pixels to purportedly gather and share her protected health information (PHI) with third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).