Mealey's Data Privacy : Mealey's : Legal News & Analysis

Mealey's Data Privacy

February 20, 2025
5 Federal Workers’ Class Suit Alleges Info Access Is Largest Breach Since Watergate

WASHINGTON, D.C. — Federal officials’ decision to allow individuals from outside the U.S. government to access the “personal sensitive information” (PSI) of millions of federal workers “is the biggest breach of American trust by political actors since Watergate,” five federal employees allege in a class complaint filed in a federal court in the District of Columbia.
February 19, 2025
Media Tech Insurer, Financial Services Firm Settle Data Breach Coverage Dispute

SEATTLE — A media tech insurer that filed suit and its financial services firm insured filed a notice in a Washington federal court indicating they have settled the insurer’s lawsuit seeking a declaration that it has no duty to defend or indemnify the insured for a bank’s indemnification demand for a data breach incident and a related subrogation lawsuit brought by the bank’s insurer.
February 18, 2025
Excess Insurer Appeals Ruling In BIPA Violation Coverage Dispute

CHICAGO — An excess insurer filed a notice indicating that it is appealing an Illinois federal court’s ruling granting in part and denying in part cross-motions for summary judgment in a franchisee of the Burger King chain’s breach of contract lawsuit seeking a declaration that the insurer has a duty to defend against an underlying putative class lawsuit alleging that the insured violated the Illinois Biometric Information Protection Act (BIPA).
February 18, 2025
TRO Denied In Federal Workers’ Privacy Suit Over OPM ‘Test’ Emails

WASHINGTON, D.C. — Federal workers suing under pseudonyms who accuse the Office of Personnel Management (OPM) of failing to conduct and publish a privacy impact assessment (PIA) before allegedly sending out “test” emails the workers claim are being used to collect information on them failed to show “that they are likely to incur some irreparable injury” without a temporary restraining order (TRO), a federal judge in the District of Columbia ruled Feb. 17, denying a renewed TRO motion in the putative class case.
February 18, 2025
Class Action Alleges Allstate Collected, Sold Data Without Plaintiffs’ Consent

CHICAGO — A class action complaint filed in Illinois federal court alleges that The Allstate Corp. and its subsidiaries collected and sold the plaintiffs’ personal data and “‘trillions of miles’ worth of ‘driving behavior’” data without their consent.
February 18, 2025
Minor Surveilled In Hospital Had Reasonable Expectation Of Privacy, Judge Rules

SAN DIEGO — Finding that a hospital patient had a reasonable expectation to not be subjected to 24-hour surveillance in her hospital room, a California federal judge delivered a mixed-bag ruling to the hospital and other parties seeking dismissal of a complaint alleging privacy and civil rights violation, with many of the defendants being dismissed for failure to specify how they contributed to the claimed acts.
February 14, 2025
Class Complaint Alleges Computer Fraud, Privacy Violations By Musk, Agencies

WASHINGTON, D.C. — Six U.S. citizens filed a putative class complaint in District of Columbia federal court over purported privacy violations by the access to government systems and citizens’ personal data given to Elon Musk and the Department of Government Efficiency (DOGE).
February 14, 2025
9th Circuit Rejects Appeal Of $725 Million Facebook Data-Sharing Suit Settlement

SAN FRANCISCO — More than a year after a trial court approved the $725 million settlement of a consolidated class action over the 2015 sharing of Facebook users’ profiles with Cambridge Analytica, a Ninth Circuit U.S. Court of Appeals panel on Feb. 13 affirmed the approval over an appeal of the settlement and attorney fees amounts by two class members.
February 14, 2025
14 States Sue Musk, Trump Alleging DOGE Violates Appointments Clause

WASHINGTON, D.C. — Comparing Elon Musk’s recent actions, accessing of sensitive data from federal agencies’ computer systems, to “the abuses of an 18th century monarch,” a group of 14 U.S. states filed a complaint on Feb. 13 in a District of Columbia federal court, claiming that the free reign given to Musk and the U.S. Department of Government Efficiency (DOGE) violates the appointments clause of the U.S. Constitution.
February 13, 2025
Preliminary Approval Given To $95 Million Settlement Of Siri Eavesdropping Suit

OAKLAND, Calif. — A class action accusing Apple Inc. of collecting unauthorized recordings of Apple device users via its digital assistant Siri moved closer to resolution, with a California federal judge granting preliminary approval to a proposed $95 million settlement of the 5-1/2-year-old lawsuit.
February 13, 2025
Labor Groups, Veterans Sue Federal Agencies Over DOGE Access To Private Info

GREENBELT, Md. — A group of four labor organizations and six individuals who served in the U.S. armed forces filed a complaint against three federal agencies in Maryland federal court, contending that the access to federal files and systems granted to the recently formed Department of Government Efficiency (DOGE), including “Elon Musk and a cadre of loyalists,” runs counter to the protections of the Privacy Act and violates the Administrative Procedure Act (APA).
February 12, 2025
Precious Metals Company Data Breach Class Claims Dismissed By Plaintiff

DALLAS — A putative class action plaintiff filed a notice of voluntary dismissal in Texas federal court of his lawsuit accusing a Texas-based precious metals refiner of violating California’s unfair competition law (UCL) and other consumer protection laws by failing to take cybersecurity measures to stop a data breach that allowed access to the personally identifiable information (PII) of himself and class members.
February 12, 2025
Fortra Data Breach MDL Judge OK’s 1 Settlement, Stays Case For Global Settlement

MIAMI — The Florida federal judge overseeing the multidistrict litigation over a 2023 software app data breach granted final approval to the settlement of one of the MDL’s tracks on Feb. 11, while staying proceedings for the remaining parties while details of an announced global settlement are finalized.
February 12, 2025
Group: DOGE Access Of OPM Treasury Data Is Largest ‘Data Breach In U.S. History’

ALEXANDRIA, Va. — In a complaint filed in Virginia federal court, the Electronic Privacy Information Center (EPIC) faults the U.S. Department of Personnel Management (OPM) and the Department of the Treasury for allowing “the unlawful misuse of critical data systems” by the newly formed Department of Government Efficiency (DOGE).
July 22, 2024
Claims Trimmed From Remanded Crypto Wallet Data Breach Suit

SAN FRANCISCO — A cryptocurrency wallet firm and two of its business partners saw their motions to dismiss a suit over a 2020 data breach partly granted, as a California federal judge found some claims to be preempted by a forum selection clause and others to be insufficiently pleaded.
February 12, 2025
Judge Dismisses Contractor, Allows Only UCL Claim In Crypto Wallet Data Breach Row

SAN FRANCISCO — A California federal judge granted a subcontractors’ motion to dismiss claims against it related to a crypto wallet data breach incident after finding the claims fall under a forum selection clause requiring exclusive jurisdiction in France despite it being a nonsignatory to the contract, but declined to dismiss the plaintiffs’ putative class claim accusing the French parent company of violating California’s unfair competition law (UCL).
February 11, 2025
Federal Worker Union Files 2 Complaints Over CFPB Halted Work, Data Access

WASHINGTON, D.C. — The National Treasury Employees Union (NTEU) filed two complaints in a federal court in the District of Columbia against the Consumer Financial Protection Bureau (CFPB) acting director, one seeking to halt the access to CFPB systems, including employee information, for members of the Department of Government Efficiency (DOGE) and one challenging the directive for CFPB employees to stop their supervision and enforcement work.
February 11, 2025
United States To High Court: Health Center Data Security Not ‘Related Function’

WASHINGTON, D.C. — The Fourth Circuit U.S. Court of Appeals correctly found that a federally funded community health center (CHC) is not entitled to immunity from a lawsuit over a data breach, the United States asserted in a brief opposing a South Carolina CHC’s petition for certiorari, because action taken to safeguard patients’ data is not a “related function” to its primary health care duties.
February 10, 2025
Trump, Treasury Oppose TRO Halting Expanded Access To Federal Funds Recipients’ Info

NEW YORK — President Donald J. Trump and the Treasury Department filed an emergency motion on Feb. 10 seeking to “dissolve, clarify, or modify” an ex parte temporary restraining order (TRO) that a New York federal judge issued in the wee hours of Feb. 8 that halts the implementation of a new policy that would expand access to the payment systems of the Treasury’s Bureau of Fiscal Services (BFS) from just the bureau’s employees to newly appointed special government employees (SGEs).
February 10, 2025
Class Suit Alleges 2 Genders-Only Passport Policy Violates U.S. Constitution

BOSTON — The removal of the option to designate “X” on passports for those individuals who do not identify as female or male or who wish to keep a specified gender off their passport in response to a Jan. 20 executive order (EO) violates the U.S. Constitution, seven U.S. citizens allege in a putative class complaint filed Feb. 7 in a federal court in Massachusetts.
February 10, 2025
TRO Request Denied In Suit Seeking To Halt DOGE’s Access To DOL’s Private Info

WASHINGTON, D.C. — A federal judge in the District of Columbia in a Feb. 7 memorandum opinion and order expressed “concerns” about the alleged access to nonpublic U.S. Department of Labor (DOL) information and data being provided to personnel from the newly formed Department of Government Efficiency (DOGE), but denied a motion for a temporary restraining order (TRO) filed by five unions and one nonprofit think tank for failure to establish standing.
February 10, 2025
TRO Ruling Deferred After Government Agrees Not To ID FBI Workers On Trump Cases

WASHINGTON, D.C. — The federal government will not publicly release the identities of Federal Bureau of Investigation workers involved in investigating two events involving President Donald J. Trump at least until after ruling is issued on anticipated motions for a preliminary injunction in two cases seeking to stop such disclosures, according to a consent decree signed by a federal judge in the District of Columbia on Feb. 7.
February 10, 2025
Judge Again Denies Data Analytics Firm’s Motion To Dismiss FTC Complaint

BOISE, Idaho — A data analytics company’s third motion to dismiss an unfair business practices complaint brought against it by the Federal Trade Commission recycled arguments already rejected in previous rulings, an Idaho federal court judge held, again finding that the commission sufficiently alleges substantial privacy and discrimination consumer harms from the collection and sale of their geolocation data.
February 10, 2025
Class Counsel Assigned In Consolidated Geisinger Health Data Theft Suit

WILLIAMSPORT, Pa. — A Pennsylvania federal judge concluded that the plaintiffs in a putative class action over a data theft incident experienced by Geisinger Health “would undoubtedly be well-served by either group of experienced and accomplished attorneys” proposed in competing motions to appoint class counsel; however, he selected the attorneys proposed by the plaintiff in the first-filed suit, finding them to be “best positioned to represent the interests of the class.”
February 07, 2025
5 Motions To Dismiss Bellwether Complaint Filed In MOVEit Data Breach MDL

BOSTON — The software company that designed the MOVEit file-transfer app filed a motion in Massachusetts federal court to dismiss the bellwether complaint in the massive multidistrict litigation over a 2023 ransomware attack that targeted the app, as did four of its clients, whose customers had their personal information exposed in the incident.