Mealey's Data Privacy
-
November 20, 2024
Final Approval Given To $115 Million Settlement Of Oracle Data Collection Suit
SAN FRANCISCO — A $115 million settlement of privacy class claims over data collection and brokerage activities conducted by Oracle America Inc. was found to provide “substantial benefits” to the class by a California federal judge, who granted final approval of the settlement over 28 objections received by class members.
-
November 20, 2024
Data Brokers Settle With Calif. Privacy Agency For Not Complying With ‘Delete Act’
SACRAMENTO, Calif. — The California Privacy Protection Agency (CPPA) announced its first two settlements with data brokers that did not comply with the requirements of the newly enacted law known as “The Delete Act.”
-
November 19, 2024
$65 Million Data Breach Settlement By Pennsylvania Health Provider Given Final OK
SCRANTON, Pa. — A Pennsylvania judge granted final approval of a $65 million settlement to be paid by Lehigh Valley Health Network Inc. (LVHN) to end a class complaint alleging that a February 2023 data breach resulted in the disclosure of personal information and medical records, including nude photographs.
-
November 19, 2024
2 Claims Over Hospitals’ Data Sharing Dismissed; 4 Claims Survive
PORTLAND, Ore. — A woman’s claims over a hospital chain’s purported sharing of her protected health information (PHI) were partly dismissed, with an Oregon federal judge finding claims for breach of implied contract and intrusion upon seclusion not sufficiently alleged, while giving the green light to four other putative class claims related to such data being allegedly shared with Meta Platforms Inc. and Google Inc.
-
November 19, 2024
Federal Class Action Complaint Accuses Auto Insurer, Law Firm Of Barratry
HOUSTON — Insureds filed a class action complaint in a Texas federal court against an automobile insurer and a law firm alleging that they committed barratry, conspiracy and statutory violations by illegally sharing the personal information of car accident victims for solicitation.
-
November 18, 2024
Panel Reverses Dismissal Of State’s Data Breach UCL Claim, Citing Discovery Rule
SAN DIEGO — A California appellate panel addressing a question of first impression on Nov. 15 reversed a trial court’s ruling in favor of Experian Data Corp. barring claims brought by the San Diego District Attorney’s Office accusing Experian of violating California’s unfair competition law (UCL) by failing to protect more than 400,000 California customers whose data was hacked, writing that the state adequately alleged that its UCL claim accrued within the statute of limitations period.
-
November 18, 2024
Service Awards, Attorney Fees At Issue In Meta Privacy Suit Certiorari Petition
WASHINGTON, D.C. — Meta Platforms Inc. (formerly Facebook Inc.) and a group of Facebook users who sued over the social network’s tracking of their online activity were both given additional time by the U.S. Supreme Court to respond to a petition for certiorari by a class member who objects to awards for attorney fees and class representative service awards that were part of a $90 million settlement of the privacy class action.
-
November 14, 2024
Class, Wawa Ask 3rd Circuit To Affirm Attorney Fees Award In Data Breach Suit
PHILADELPHIA — Wawa Inc. and a group of consumers who sued it over a 2019 data breach filed briefs with the Third Circuit U.S. Court of Appeals defending a $3 million attorney fees award that is part of a $9 million class action settlement agreement, asserting that the award was not the product of collusion and satisfies Federal Rule of Civil Procedure 23 and asking the court to affirm the award and to reject objections a class member raises on his second appeal of the matter.
-
November 14, 2024
Ovulation App Privacy Claims Against Analytics Firm Stayed Pending Settlement
SAN FRANCISCO — Putative class privacy claims against an analytics firm related to purported data sharing via the Flo Period & Ovulation Tracker app were stayed by a California federal judge, who granted a joint motion by the company and a group of the app’s users after they jointly announced a settlement of the claims.
-
November 13, 2024
Law Firm’s $8M Global Data Breach Settlement Granted Final Approval
SAN FRANCISCO — An $8 million global class settlement to be paid by a law firm after its network was breached and the personally identifiable information (PII) of more than 630,000 individuals was potentially accessed was granted final approval on Nov. 12 by a federal judge in California.
-
November 12, 2024
Law Firm’s $8M Data Breach Settlement Tentatively Approved; Fees Reviewed
SAN FRANCISCO — A federal judge in California issued a tentative ruling approving an $8 million class global settlement to be paid by a law firm after its network was breached and the personal identifiable information (PII) of more than 630,000 individuals was potentially accessed but questioned the specifics of the settlement terms and indicated that attorney fees were still being reviewed, according to civil minutes.
-
November 11, 2024
Plaintiffs, Law Firm Seek Initial Approval Of $8.5M Data Breach Suit Settlement
WEST PALM BEACH, Fla. — A former client and a former employee of a law firm filed a motion for preliminary approval of an $8.5 million settlement of their putative class claims over a 2022 data breach experienced by the firm, telling a Florida federal court that the proposed agreement provides for such remedies as credit monitoring and identity theft protection, in addition to monetary claims.
-
November 11, 2024
Converse Website User Asks 9th Circuit To Find Wiretap Law Applies To Internet
SAN FRANCISCO — A California woman who claimed wiretap and privacy violations related to the customer chat feature on Converse Inc.’s website asks the Ninth Circuit U.S. Court of Appeals to reinstate her putative class action, arguing that a trial court improperly disregarded her evidence that a third-party vendor intercepted and read chat communications in violation of the California Invasion of Privacy Act (CIPA).
-
November 08, 2024
Tentative Settlement Announced In CareFirst Data Breach Class Action
WASHINGTON, D.C. — Eight days after a group of policyholders whose personally identifiable information (PII) was exposed in a data breach experienced by their insurer was denied the opportunity to appeal a class certification ruling, the plaintiffs and the insurer informed a District of Columbia federal court that a tentative settlement of the nine-year-old suit had been reached.
-
November 08, 2024
Insurers Dispute Coverage For BIPA Violation Class Action Against Taco Bell Owners
NEW ORLEANS — Commercial general liability and umbrella insurers filed a complaint in an Illinois federal court seeking a declaratory judgment that they have no duty to defend and indemnify against an underlying class action lawsuit alleging that the owners and operators of Taco Bell restaurants in Illinois violated the state’s Biometric Information Privacy Act (BIPA).
-
November 07, 2024
9th Circuit Affirms Dismissal Of Saudi Dissident’s Suit Over Twitter Info Theft
SAN FRANCISCO — Almost a year after hearing oral argument, a Ninth Circuit U.S. Court of Appeals panel majority on Nov. 6 upheld a trial court’s dismissal of a political dissident’s negligence claims against Twitter Inc., finding that his assertion that the social network operator was liable for the theft and sharing of his personal information by two employees, which endangered him and his family, was barred by the statute of limitations.
-
November 07, 2024
Justices Question Facebook, Investors Over Disclosing Data-Sharing Incident
WASHINGTON, D.C. — In oral arguments held Nov. 6 in the U.S. Supreme Court, attorneys for Facebook Inc. (now known as Meta Platforms Inc.) and a group of its investors fielded queries about whether Facebook’s failure to disclose its past sharing of users’ data with a third-party analytics firm in risk statements constituted securities fraud because the incident amounted to a risk of future harm.
-
November 06, 2024
Winning Firm In Data Breach Arbitration Waives Response To Res Judicata Cert Petition
WASHINGTON, D.C. — A company that experienced a 2019 data breach, which led to a canceled business agreement, a trade secret lawsuit and an arbitration in which it prevailed, waived its right to respond to a petition for certiorari in which its former client asks the U.S. Supreme Court to weigh in on when a court should decide the preclusive effect of a judgment on a related arbitration.
-
November 04, 2024
Supreme Court Won’t Hear Suit Over Privacy Of Nevada Family Court Records
WASHINGTON, D.C. — The U.S. Supreme Court on Nov. 4 declined to review a case in which a father involved in a custody dispute challenged a ruling in which a divided Nevada Supreme Court declared state laws to be unconstitutional because they presumptively sealed child custody court proceedings.
-
November 04, 2024
LinkedIn Seeks Dismissal Of Wiretap, Privacy Claims In California Court
SAN JOSE, Calif. — In the first of at least five lawsuits accusing LinkedIn Corp. of privacy violations related to its use of tracking pixels on advertisers’ websites, the professional network operator filed a motion in California federal court to dismiss the putative class action, calling it an attempt “to attack routine website analytics tools as a criminal wiretap.”
-
November 01, 2024
Applying Texas Law To Biometric Privacy Suit, Judge Dismisses Illinois Law Claims
DALLAS — Finding a Texas forum selection clause on Match Group Inc.’s websites to be valid, a Texas federal judge granted the company’s motion to dismiss putative class claims against it under the Illinois Biometric Information Privacy Act (BIPA), ruling that they failed as a matter of law.
-
October 31, 2024
Negligence Claim Against Software Firm After Data Breach Dismissed Again
SAN JOSE, Calif. — The creator of a file transfer program failed to establish that the facts alleged about a negligence claim in an amended class complaint were sufficiently different from the original complaint to merit dismissal of the claim that was previously dismissed, a California federal judge ruled, denying the software firm’s renewed dismissal motion in a lawsuit over a 2020 data breach.
-
October 31, 2024
Privacy Claims Against YETI Did Not Establish Derivative Liability, Judge Finds
SAN FRANCISCO — A customer of YETI Coolers LLC failed to show that the company was aware that its payment processing partner was improperly retaining and using consumers’ personally identifiable information (PII) or intentionally participated in these actions, a California federal judge found, granting YETI’s motion to dismiss putative class claims against it for invasion of privacy.
-
October 31, 2024
Insureds Can’t Appeal Ruling Limiting Class Damages In Data Breach Suit
WASHINGTON, D.C. — A group of policyholders who are the plaintiffs in a nine-year-old lawsuit over a 2015 data breach experienced by their insurer were denied the right to pursue an interlocutory appeal of a ruling that curtailed their ability to seek mitigation damages related to the theft of their personally identifiable information (PII), with the District of Columbia Circuit U.S. Court of Appeals deeming the damages issue not appealable because it “does not relate to class certification for purposes of” Federal Rule of Civil Procedure 23(f).
-
September 16, 2024
Reconsideration Denied On Issue Of Mitigation Costs In Plaintiffs’ Data Breach Suit
WASHINGTON, D.C. — A District of Columbia federal judge denied a motion for reconsideration and motion for leave to file an interlocutory appeal filed by plaintiff policyholders whose personally identifiable information (PII) was stolen in a 2014 data breach because the finding that mitigation costs are not recoverable in a breach of contract action under District of Columbia law has been the law of the case since 2019.