Mealey's Data Privacy
-
November 22, 2024
Federal Judge: Illinois Act Placing Limits On BIPA Recovery Applies Retroactively
CHICAGO — An August amendment to Illinois’ Biometric Information Privacy Act (BIPA) that placed limits on an individual’s recovery for certain data release violations applies retroactively, a federal judge in Illinois ruled, dismissing for lack of subject matter jurisdiction an employee’s complaint against his employer.
-
November 22, 2024
Judge Strikes Insurer’s Counterclaim Against Burger King Franchisee As Redundant
CHICAGO — A federal judge in Illinois granted a franchisee of the Burger King chain’s motion to strike an excess insurer’s declaratory judgment counterclaim in its breach of contract lawsuit seeking a declaration that the insurer has a duty to defend it against an underlying putative class lawsuit alleging that it violated the Illinois Biometric Information Protection Act (BIPA), finding that the counterclaim is redundant and “serves no useful purpose.”
-
November 22, 2024
U.S. High Court: Data-Sharing Incident Disclosure Petition Improvidently Granted
WASHINGTON, D.C. — The U.S. Supreme Court on Nov. 22 “dismissed as improvidently granted” a petition for a writ of certiorari filed by Meta Platforms Inc. (formerly Facebook Inc.) and the company’s senior executives after the Ninth Circuit U.S. Court of Appeals held that the company issued misleading statements about the risk of potential misuse of user data because the company was aware that it had already occurred; the one-page per curiam opinion was filed a little over two weeks after the justices heard oral arguments.
-
November 22, 2024
California Appeals Panel Finds Tech Firm’s Claims Over Ransomware Attack Untimely
SAN JOSE, Calif. — A trial court properly dismissed a cloud solutions firm’s amended contractual cross-claims over its client’s ransomware attack as barred by the statute of limitations, a California appeals panel ruled, finding that the company’s decision to originally name its client’s insurer and subrogee as cross-defendant was intentional and not a mistake.
-
September 17, 2024
23andMe Asks MDL Judge To Approve $30M Data Breach Settlement
SAN FRANCISCO — Genetic data company 23andMe Inc. filed a brief urging the U.S. District Court for the Northern District of California to grant preliminary approval to a $30 million settlement to resolve claims in a multidistrict litigation brought by plaintiffs whose genetic data on 23andMe’s website was hacked and offered for sale online and asking the court to enjoin separate litigation and arbitrations brought against it for the breach that it says could “jeopardize . . . the Settlement.”
-
November 21, 2024
Some 23andMe Users Seek Arbitration, Not Class Action, For Data Breach Claims
SAN FRANCISCO — In a brief filed in California federal court, several users of 23andMe Inc.’s website defend their right to pursue arbitration against the company for the theft of their genetic information by hackers, arguing that their decision to arbitrate defeats any typicality of claims between them and class members in a multidistrict litigation (MDL) over the theft and makes preliminary approval of a settlement of the MDL inappropriate.
-
November 21, 2024
Texas Judge OKs Settlement Reimbursing University Data Breach Victims’ Losses
SAN ANTONIO — An agreement in which a university agrees to reimburse ordinary and extraordinary losses that class members suffered due to a 2022 data breach was deemed “fair, reasonable, and adequate” by a Texas judge as he granted final approval to the settlement of negligence and privacy class claims over the incident.
-
November 20, 2024
Final Approval Given To $115 Million Settlement Of Oracle Data Collection Suit
SAN FRANCISCO — A $115 million settlement of privacy class claims over data collection and brokerage activities conducted by Oracle America Inc. was found to provide “substantial benefits” to the class by a California federal judge, who granted final approval of the settlement over 28 objections received by class members.
-
November 20, 2024
Data Brokers Settle With Calif. Privacy Agency For Not Complying With ‘Delete Act’
SACRAMENTO, Calif. — The California Privacy Protection Agency (CPPA) announced its first two settlements with data brokers that did not comply with the requirements of the newly enacted law known as “The Delete Act.”
-
November 19, 2024
$65 Million Data Breach Settlement By Pennsylvania Health Provider Given Final OK
SCRANTON, Pa. — A Pennsylvania judge granted final approval of a $65 million settlement to be paid by Lehigh Valley Health Network Inc. (LVHN) to end a class complaint alleging that a February 2023 data breach resulted in the disclosure of personal information and medical records, including nude photographs.
-
November 19, 2024
2 Claims Over Hospitals’ Data Sharing Dismissed; 4 Claims Survive
PORTLAND, Ore. — A woman’s claims over a hospital chain’s purported sharing of her protected health information (PHI) were partly dismissed, with an Oregon federal judge finding claims for breach of implied contract and intrusion upon seclusion not sufficiently alleged, while giving the green light to four other putative class claims related to such data being allegedly shared with Meta Platforms Inc. and Google Inc.
-
November 19, 2024
Federal Class Action Complaint Accuses Auto Insurer, Law Firm Of Barratry
HOUSTON — Insureds filed a class action complaint in a Texas federal court against an automobile insurer and a law firm alleging that they committed barratry, conspiracy and statutory violations by illegally sharing the personal information of car accident victims for solicitation.
-
November 18, 2024
Panel Reverses Dismissal Of State’s Data Breach UCL Claim, Citing Discovery Rule
SAN DIEGO — A California appellate panel addressing a question of first impression on Nov. 15 reversed a trial court’s ruling in favor of Experian Data Corp. barring claims brought by the San Diego District Attorney’s Office accusing Experian of violating California’s unfair competition law (UCL) by failing to protect more than 400,000 California customers whose data was hacked, writing that the state adequately alleged that its UCL claim accrued within the statute of limitations period.
-
November 18, 2024
Service Awards, Attorney Fees At Issue In Meta Privacy Suit Certiorari Petition
WASHINGTON, D.C. — Meta Platforms Inc. (formerly Facebook Inc.) and a group of Facebook users who sued over the social network’s tracking of their online activity were both given additional time by the U.S. Supreme Court to respond to a petition for certiorari by a class member who objects to awards for attorney fees and class representative service awards that were part of a $90 million settlement of the privacy class action.
-
November 14, 2024
Class, Wawa Ask 3rd Circuit To Affirm Attorney Fees Award In Data Breach Suit
PHILADELPHIA — Wawa Inc. and a group of consumers who sued it over a 2019 data breach filed briefs with the Third Circuit U.S. Court of Appeals defending a $3 million attorney fees award that is part of a $9 million class action settlement agreement, asserting that the award was not the product of collusion and satisfies Federal Rule of Civil Procedure 23 and asking the court to affirm the award and to reject objections a class member raises on his second appeal of the matter.
-
November 14, 2024
Ovulation App Privacy Claims Against Analytics Firm Stayed Pending Settlement
SAN FRANCISCO — Putative class privacy claims against an analytics firm related to purported data sharing via the Flo Period & Ovulation Tracker app were stayed by a California federal judge, who granted a joint motion by the company and a group of the app’s users after they jointly announced a settlement of the claims.
-
November 13, 2024
Law Firm’s $8M Global Data Breach Settlement Granted Final Approval
SAN FRANCISCO — An $8 million global class settlement to be paid by a law firm after its network was breached and the personally identifiable information (PII) of more than 630,000 individuals was potentially accessed was granted final approval on Nov. 12 by a federal judge in California.
-
November 12, 2024
Law Firm’s $8M Data Breach Settlement Tentatively Approved; Fees Reviewed
SAN FRANCISCO — A federal judge in California issued a tentative ruling approving an $8 million class global settlement to be paid by a law firm after its network was breached and the personal identifiable information (PII) of more than 630,000 individuals was potentially accessed but questioned the specifics of the settlement terms and indicated that attorney fees were still being reviewed, according to civil minutes.
-
November 11, 2024
Plaintiffs, Law Firm Seek Initial Approval Of $8.5M Data Breach Suit Settlement
WEST PALM BEACH, Fla. — A former client and a former employee of a law firm filed a motion for preliminary approval of an $8.5 million settlement of their putative class claims over a 2022 data breach experienced by the firm, telling a Florida federal court that the proposed agreement provides for such remedies as credit monitoring and identity theft protection, in addition to monetary claims.
-
November 11, 2024
Converse Website User Asks 9th Circuit To Find Wiretap Law Applies To Internet
SAN FRANCISCO — A California woman who claimed wiretap and privacy violations related to the customer chat feature on Converse Inc.’s website asks the Ninth Circuit U.S. Court of Appeals to reinstate her putative class action, arguing that a trial court improperly disregarded her evidence that a third-party vendor intercepted and read chat communications in violation of the California Invasion of Privacy Act (CIPA).
-
November 08, 2024
Tentative Settlement Announced In CareFirst Data Breach Class Action
WASHINGTON, D.C. — Eight days after a group of policyholders whose personally identifiable information (PII) was exposed in a data breach experienced by their insurer was denied the opportunity to appeal a class certification ruling, the plaintiffs and the insurer informed a District of Columbia federal court that a tentative settlement of the nine-year-old suit had been reached.
-
November 08, 2024
Insurers Dispute Coverage For BIPA Violation Class Action Against Taco Bell Owners
NEW ORLEANS — Commercial general liability and umbrella insurers filed a complaint in an Illinois federal court seeking a declaratory judgment that they have no duty to defend and indemnify against an underlying class action lawsuit alleging that the owners and operators of Taco Bell restaurants in Illinois violated the state’s Biometric Information Privacy Act (BIPA).
-
November 07, 2024
9th Circuit Affirms Dismissal Of Saudi Dissident’s Suit Over Twitter Info Theft
SAN FRANCISCO — Almost a year after hearing oral argument, a Ninth Circuit U.S. Court of Appeals panel majority on Nov. 6 upheld a trial court’s dismissal of a political dissident’s negligence claims against Twitter Inc., finding that his assertion that the social network operator was liable for the theft and sharing of his personal information by two employees, which endangered him and his family, was barred by the statute of limitations.
-
November 07, 2024
Justices Question Facebook, Investors Over Disclosing Data-Sharing Incident
WASHINGTON, D.C. — In oral arguments held Nov. 6 in the U.S. Supreme Court, attorneys for Facebook Inc. (now known as Meta Platforms Inc.) and a group of its investors fielded queries about whether Facebook’s failure to disclose its past sharing of users’ data with a third-party analytics firm in risk statements constituted securities fraud because the incident amounted to a risk of future harm.
-
November 06, 2024
Winning Firm In Data Breach Arbitration Waives Response To Res Judicata Cert Petition
WASHINGTON, D.C. — A company that experienced a 2019 data breach, which led to a canceled business agreement, a trade secret lawsuit and an arbitration in which it prevailed, waived its right to respond to a petition for certiorari in which its former client asks the U.S. Supreme Court to weigh in on when a court should decide the preclusive effect of a judgment on a related arbitration.