Newsletter RSS

Mealey's Data Privacy

  • April 11, 2025

    Appeals Court Revives 2 BIPA Suits Over Nursing Homes’ Biometric Timeclocks

    MT. VERNON, Ill. — In a pair of almost identical unpublished opinions, a Fifth District Appellate Court of Illinois panel reversed a trial court’s dismissal of two putative class actions by former employees alleging violations of the Illinois Biometric Information Privacy Act (BIPA) via nursing facilities’ use of biometric timeclocks.

  • April 11, 2025

    Prevailing Parties In Data Supply Agreement Row Get Almost $2.2M In Attorney Fees

    NEW YORK — Two marketing firms, which obtained a favorable summary judgment ruling over breach of contract and related claims by a data broker, were prevailing parties, a New York federal judge ruled, mostly granting their motion for attorney fees while declining to defer the ruling pending resolution of the plaintiff’s appeal.

  • April 11, 2025

    Consolidated Suit Over Medical Device Firm’s Data Breach Partly Dismissed

    BOSTON — A Massachusetts federal judge partly granted a medical device manufacturer’s motion to dismiss putative class claims against it stemming from a data breach, disposing of a fiduciary duty claim and several state law consumer protection claims, while largely allowing negligence, unjust enrichment and implied contract claims to proceed.

  • April 11, 2025

    Illinois Genetic Privacy Act Does Not Apply To Life Insurance, Judge Rules

    EAST ST. LOUIS, Ill. — The Illinois Genetic Privacy Act (GIPA) “does not apply to the underwriting practices concerning life insurance policies,” an Illinois federal judge found, granting an insurer’s motion to dismiss a putative class claim under GIPA brought against it by a woman who claimed that she was denied a life insurance policy based on information she provided about her family’s medical history.

  • April 10, 2025

    University Sued Over Lax Data Security, Delay In Breach Notification

    CHATTANOOGA, Tenn. — A university that took more than a year to notify affected individuals that their personally identifiable information (PII) was compromised in a data breach was hit with a putative class complaint in Tennessee federal court, with a prospective student alleging negligence and invasion of privacy.

  • April 09, 2025

    7th Circuit Revives MeTV VPPA Suit, Finds Website Users Are ‘Subscribers’

    CHICAGO — Reversing a trial court’s dismissal of a Video Privacy Protection Act (VPPA) putative class claim over the operator of MeTV sharing website users’ online viewing histories with Facebook, a Seventh Circuit U.S. Court of Appeals panel concluded that the plaintiffs qualify as “subscribers” or “consumers” under the act because they provided something of value — their personally identifiable information (PII) — in exchange for a subscription to the website.

  • April 09, 2025

    Harriet Carter Website User Had ‘Constructive Notice’ Of Interception, Judge Rules

    PITTSBURGH — Even though a consumer opted not to review the privacy statement on Harriet Carter Gifts Inc.’s website, a Pennsylvania federal judge found that she gave her implied consent to a third party’s interception of her communications because the practice was fully disclosed in the statement.

  • April 08, 2025

    Judge: Insurers Fail To Allege Subrogation Claims In Suit Over Ransomware Attack

    WILMINGTON, Del. — A Delaware judge granted an application service provider’s motion to dismiss with prejudice insurers’ amended complaints because the insurers failed to properly assert subrogation claims seeking recovery from the provider for the amount paid to nonprofit insureds for investigative and remediation steps arising from a ransomware attack.

  • April 08, 2025

    Unions’, Employees’ Privacy Act, APA Suit Over DOGE’s OPM Access To Proceed

    NEW YORK — Claims brought against the U.S. Office of Personnel Management (OPM) by two labor unions and three individual federal employees over the agency’s grant of access to private personnel records to the U.S. Department of Government Efficiency (DOGE) largely survived a motion to dismiss, with a New York federal judge finding that the plaintiffs sufficiently pleaded their claims under the Privacy Act of 1974 and the Administrative Procedure Act (APA).

  • April 07, 2025

    1 Settlement OK’d In MOVEit Data Breach MDL; Attorney Fees Sought In Another

    BOSTON — The day after a Massachusetts federal judge granted final approval to a $2.8 million settlement with a health care billing firm that is one of the defendants in a multidistrict litigation over a 2023 ransomware attack that affected users of the MOVEit file-transfer app, the lead defendant in another component suit in the MDL, which had a $9.95 million settlement preliminarily approved in September, on April 4 filed a motion for attorney fees.

  • April 07, 2025

    3 Suits Over ‘Integrity Of Elections’ Executive Order Consolidated In D.C. Court

    WASHINGTON, D.C. — Three lawsuits filed in the wake of President Donald J. Trump’s executive order (EO) on “Preserving and Protecting the Integrity of American Elections” were consolidated in District of Columbia federal court, with a judge finding that there are “extensive common questions of law and fact” among the three cases.

  • April 04, 2025

    6th Circuit Finds Online Newsletter Subscriber Wasn’t A ‘Consumer’ Under VPPA

    CINCINNATI — Affirming a trial court’s ruling on April 3, a Sixth Circuit U.S. Court of Appeals panel majority found that a man’s suit over a sports website’s purported sharing of his video viewing history merited dismissal because he did not qualify as a “consumer” under the Video Privacy Protection Act (VPPA).

  • April 04, 2025

    Judge Approves $15 Million Settlement Of Cash App Data Breach Class Action

    SAN FRANCISCO — Almost 10 months after a California federal judge preliminarily approved a $15 million settlement of a consolidated class action against the owners of Cash App over a pair of data breaches that exposed users’ personally identifiable information (PII) and account data, the judge granted the named plaintiffs’ motion for final approval, settling 16 claims, including negligence, fraud, invasion of privacy and unfair competition.

  • April 04, 2025

    Suit Over Harassment From Shared Medical Files Partly Dismissed

    BOSTON — A patient alleging claims of harassment from the improper sharing of her medical files did not properly allege invasion of privacy against her health care provider, a Massachusetts federal judge found, partly granting its motion to dismiss, while permitting a negligence claim to proceed.

  • April 01, 2025

    Fan Waives Response To NBA’s Certiorari Petition Over Privacy Of Online Viewing

    WASHINGTON, D.C. — A man who sued the National Basketball Association (NBA) for sharing his nba.com video-viewing history with Facebook and had the dismissal of his putative class claim under the Video Privacy Protection Act of 1988 (VPPA) reversed by the Second Circuit U.S. Court of Appeals opted against responding to the NBA’s petition for certiorari over the matter, in which it asked the U.S. Supreme Court to answer questions regarding harm and standing under the act.

  • March 31, 2025

    23andMe Agrees To Proceed With Data Breach Settlement, Files Bankruptcy Notices

    SAN FRANCISCO — Two days after 23andMe Inc. informed a California federal court that it would be proceeding with a settlement of negligence, privacy and unfair competition claims over a 2023 data breach, which had been preliminarily approved in December, the troubled DNA testing company filed three notices of bankruptcy, staying the multidistrict litigation.

  • March 27, 2025

    Illinois High Court Refuses To Disturb Ruling That Exclusion Bars BIPA Suit

    CHICAGO— The Illinois Supreme Court on March 26 denied an insured’s petition for leave to appeal an appeals court’s ruling that insurers have no duty to defend it against an underlying class action lawsuit alleging that it violated the Illinois Biometric Information Privacy Act (BIPA) because the policies’ “Recording and Distribution” exclusion barred coverage.

  • March 27, 2025

    D.C. Circuit Stays Discovery In States’ Constitutional Challenge To DOGE

    WASHINGTON, D.C. — The District of Columbia Circuit U.S. Court of Appeals on March 26 granted an emergency motion, filed by President Donald J. Trump, his “senior advisor” Elon Musk and the U.S. Department of Government Efficiency (DOGE), to stay a trial court’s discovery order that permitted a group of states that sued over purported constitutional violations in the creation of DOGE to conduct expedited discovery into the department’s leadership and past and future actions.

  • March 27, 2025

    $525,000 Settlement Of Philadelphia Inquirer Data Breach Suit Gets Final OK

    PHILADELPHIA — Five months after preliminarily approving a $525,000 settlement of privacy and negligence class claims over a 2023 data breach experienced by the Philadelphia Inquirer LLC, a Pennsylvania federal judge granted a motion for final approval of the settlement.

  • March 26, 2025

    Seal Motions Granted In Computer Fraud Row Between Spyware Firm And WhatsApp

    OAKLAND, Calif. — A California federal judge granted in part and denied in part motions to seal in WhatsApp’s suit against a spyware firm related to the firm’s alleged computer fraud, granting WhatsApp’s motion as to some requests because the “redactions are sufficiently narrow” and granting some of the spyware firm’s requests to seal regarding “limited redactions.”

  • March 26, 2025

    Plaintiffs Oppose Stay Of DOGE Injunction During Agencies’ 4th Circuit Appeal

    GREENBELT, Md. — The same day that the U.S. Office of Personnel Management (OPM), the U.S. Department of Education (DOE) and the U.S. Department of Treasury announced that they were appealing a Maryland federal judge’s imposition of a preliminary injunction halting their sharing of individuals’ personally identifiable information (PII) with the U.S. Department of Government Efficiency (DOGE), the plaintiff labor unions and veterans filed their opposition to a motion to stay the injunction, which the defendants filed concurrently with their appeal notice.

  • March 25, 2025

    Judge Approves Settlement Of Consolidated Privacy Suit Over Photo Database

    CHICAGO — An Illinois federal judge granted final approval to a settlement of claims against the creator and curator of a massive digital photo database under the Illinois Biometric Information Privacy Act (BIPA), finding that the settlement fund being based on the startup company’s equity is appropriate given the defendant’s “precarious” financial situation.

  • March 21, 2025

    Union, Groups Granted TRO In Suit Seeking To Stop DOGE Access To SSA Systems

    BALTIMORE — A federal judge in Maryland on March 20 granted a temporary restraining order (TRO) halting access to Social Security Administration (SSA) data for anonymous individuals associated with the Department of Government Efficiency (DOGE) while calling the individuals’ actions “a fishing expedition” and stating that the federal government has not “identified or articulated even a single reason for which the DOGE Team needs unlimited access to SSA’s entire record systems, thereby exposing personal, confidential, sensitive, and private information that millions of Americans entrusted to their government.”

  • March 21, 2025

    Expedited Discovery Order Reaffirmed In Union’s Suit Over DOGE Access To DOL

    WASHINGTON, D.C. — A federal judge in Washington, D.C., denied reconsideration of a limited expedited discovery order in a lawsuit by labor unions and nonprofits challenging access to U.S. Department of Labor (DOL) records by personnel from U.S. Digital Service and the U.S. DOGE Service Temporary Organization (together, DOGE) and granted an amended motion for expedited discovery filed by the plaintiffs, opining that new evidence that the DOGE personnel are now also employed by the DOL “presents further reason that [DOGE’s] reporting structure needs clarifying.”

  • March 20, 2025

    Wiretapping, Chatbot Class Suit Against Kroger Tossed As Lacking ‘Plausible’ Claim

    LOS ANGELES — A California federal judge dismissed a putative class action suit against The Kroger Co., a U.S.-based company that operates retail grocery stores, for alleged violations of California’s wiretapping statute by using third-party software to purportedly eavesdrop on chat-based conversations on Kroger’s website, finding that the plaintiff’s “allegations do not render plausible her claim of violation” of the wiretapping statute.