-
March 07, 2025
SAN FRANCISCO — One week after a California federal judge granted final approval to a $27.5 million settlement of a class action over Thomson Reuters Corp.’s online gathering and sale of personally identifying information (PII) of Californians, he issued final judgment in the four-year-old suit, dismissing unjust enrichment and unfair competition claims against the company.
-
March 07, 2025
GREENBELT, Md. — A temporary restraining order (TRO) preventing the U.S. Office of Personnel Management (OPM) and the U.S. Department of Education (DOE) from permitting access to the personally identifiable information (PII) of a group of veterans and labor organizations by personnel from the U.S. Department of Government Efficiency (DOGE) was extended March 6, with a Maryland federal judge granting the plaintiffs’ motion and ruling that the TRO will now expire on March 17, which is when a hearing on the plaintiffs’ pending preliminary injunction motion is scheduled.
-
March 05, 2025
LOS ANGELES — Six months after a $9.5 million settlement of privacy and unfair competition claims over a payroll services provider’s 2023 data breach was preliminarily approved, a California judge gave the final stamp of approval to the agreement, also granting the plaintiffs’ motion for attorney fees, costs and class representative service awards.
-
March 05, 2025
SACRAMENTO, Calif. — A California federal judge granted a motion by a processing affiliate for the website Adult Friend Finder (AFF) to enforce a provision in the site’s terms of use (TOU) requiring a site user to arbitrate his putative claim against the affiliate under the Illinois Biometric Information Privacy Act (BIPA) for the purported collection of site users’ facial scans.
-
March 04, 2025
SEATTLE — A media tech insurer and its financial services firm insured filed a joint stipulation asking a Washington federal court to dismiss with prejudice the insurer’s lawsuit seeking a declaration that it has no duty to defend or indemnify the insured for a bank’s indemnification demand for a data breach incident and a related subrogation lawsuit brought by the bank’s insurer.
-
March 04, 2025
WASHINGTON, D.C. — In its March 3 order list, the U.S. Supreme Court denied certiorari to a community health center (CHC) that is the defendant in an underlying data breach lawsuit, declining to take up the center’s question over whether its status as a federally funded entity entitles it to immunity from a patient’s invasion of privacy and negligence claims.
-
March 04, 2025
BALTIMORE — The Social Security Administration (SSA) “has access to some of the nation’s most sensitive data” of Americans, and U.S. DOGE Service and Elon Musk should not have unfettered access, a union, an advocacy group and a labor organization allege in a complaint filed in federal court in Maryland.
-
March 03, 2025
SPRINGFIELD, Ill. — The same day commercial general liability and umbrella insurers and the owners and operators of Taco Bell restaurants in Illinois indicated that they have agreed in principle to settle the insurers’ lawsuit seeking a declaratory judgment that they have no duty to defend and indemnify in an underlying class action alleging that the insureds violated the state’s Biometric Information Privacy Act (BIPA), a federal magistrate judge in Illinois issued an order on Feb. 28 noting that all scheduled hearings are vacated and any pending motions are rendered moot.
-
March 03, 2025
CHICAGO — The same day that she presided over a fairness hearing for a proposed $21 million settlement of negligence, contractual and statutory claims over a 2020 data breach experienced by Arthur J. Gallagher Co. (AJG), an Illinois federal judge granted final approval to it, dismissing the case with prejudice.
-
February 28, 2025
SAN FRANCISCO — A panel of the Ninth Circuit U.S. Court of Appeals has reversed a trial court’s approval of $800,000 in attorney fees and costs for a claims-made data breach class settlement that had a redemption value of “at most” about $950,000, but a panel majority approved the underlying settlement with a dissenting judge calling the trial court’s approval “perfunctory.”
-
February 26, 2025
SEATTLE — Mobile applications using the software development kit (SDK) from Amazon.com Inc. and Amazon Advertising LLC (together, Amazon) allow for Amazon to harvest location data directly from consumers’ devices without prior notice in violation of consumers’ privacy rights, a Washington woman alleges in a class complaint filed in a federal court in that state and purported to be the first complaint filed under Washington’s My Health My Data Act (MYMD), which was signed into law in 2023.
-
February 25, 2025
GREENBELT, Md. — Granting a temporary restraining order (TRO) motion filed by a group of veterans and labor organizations, a Maryland federal judge on Feb. 24 found that the “continuing, unauthorized discloser” of plaintiffs’ personally identifiable information (PII) to affiliates of the U.S. Department of Government Efficiency (DOGE) by the U.S. Office of Personnel Management (OPM) and the U.S. Department of Education (DOE) constituted “irreparable harm” that can only be adequately addressed via injunctive relief.
-
February 25, 2025
WASHINGTON, D.C. — Two members of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB) filed a complaint on Feb. 24 in District of Columbia federal court accusing President Donald J. Trump of removing them without cause, which threatens to silence the “independent advice” members of the board provide to Congress and the reporting members provide to Congress and the public “on how the government balances national security activities with privacy and civil liberties protections.”
-
February 25, 2025
ALEXANDRIA, Va. — The Electronic Privacy Information Center (EPIC) and a Jane Doe federal government employee were denied a preliminary injunction to stop the U.S. Department of Government Efficiency (DOGE) from “running roughshod over core data protections and endangering the security of vital government systems,” with a Virginia federal judge finding that the plaintiffs did not establish irreparable harm to merit such an “extraordinary remedy.”
-
February 24, 2025
MADISON, Wis. — A health insurance company did not establish that federal jurisdiction existed over seven putative class actions that it removed to Wisconsin federal court, a judge held, granting a motion to remand the suits over a 2024 data breach to state court, finding that exceptions to the Class Action Fairness Act (CAFA) defeated federal jurisdiction.
-
February 24, 2025
NEW YORK — Staff members of the U.S. Department of Government Efficiency (DOGE) were temporarily halted from accessing data and payment systems within the Bureau of Fiscal Services (BFS) on Feb. 21, when a New York federal judge granted a preliminary injunction motion filed by a group of 19 states that objected to access to files containing highly personal information of millions of Americans by DOGE.
-
February 21, 2025
WASHINGTON, D.C. — A taxpayer rights nonprofit, a small business network and two labor unions teamed up to file a complaint in District of Columbia federal court against the Internal Revenue Service, the U.S. Department of the Treasury and the U.S. Department of Government Efficiency (DOGE) to prevent the access of the private information of millions of taxpayers and small business owners by DOGE from the IRS data systems.
-
February 21, 2025
WASHINGTON, D.C. — A group of states seeking to halt purportedly unconstitutional actions being taken by the U.S. Department of Government Efficiency (DOGE) and Elon Musk related to government agencies’ data systems and personnel were denied their request for a temporary restraining order (TRO) by a District of Columbia federal judge, who found that the states did “not carr[y] their burden of showing that they will suffer imminent, irreparable harm absent a” TRO.
-
February 20, 2025
SAN JOSE, Calif. — A California federal judge stated that she had “little hesitation” denying Google LLC’s motion to reject a “mass exclusion request” by nearly 70,000 Google Assistant (GA) users who seek to opt out of an unfair competition class action over Google’s purported eavesdropping via the digital assistant app and pursue arbitration of their privacy claims against the company instead.
-
February 20, 2025
WASHINGTON, D.C. — Federal officials’ decision to allow individuals from outside the U.S. government to access the “personal sensitive information” (PSI) of millions of federal workers “is the biggest breach of American trust by political actors since Watergate,” five federal employees allege in a class complaint filed in a federal court in the District of Columbia.
-
February 19, 2025
SEATTLE — A media tech insurer that filed suit and its financial services firm insured filed a notice in a Washington federal court indicating they have settled the insurer’s lawsuit seeking a declaration that it has no duty to defend or indemnify the insured for a bank’s indemnification demand for a data breach incident and a related subrogation lawsuit brought by the bank’s insurer.
-
February 18, 2025
CHICAGO — An excess insurer filed a notice indicating that it is appealing an Illinois federal court’s ruling granting in part and denying in part cross-motions for summary judgment in a franchisee of the Burger King chain’s breach of contract lawsuit seeking a declaration that the insurer has a duty to defend against an underlying putative class lawsuit alleging that the insured violated the Illinois Biometric Information Protection Act (BIPA).
-
February 18, 2025
WASHINGTON, D.C. — Federal workers suing under pseudonyms who accuse the Office of Personnel Management (OPM) of failing to conduct and publish a privacy impact assessment (PIA) before allegedly sending out “test” emails the workers claim are being used to collect information on them failed to show “that they are likely to incur some irreparable injury” without a temporary restraining order (TRO), a federal judge in the District of Columbia ruled Feb. 17, denying a renewed TRO motion in the putative class case.
-
February 18, 2025
CHICAGO — A class action complaint filed in Illinois federal court alleges that The Allstate Corp. and its subsidiaries collected and sold the plaintiffs’ personal data and “‘trillions of miles’ worth of ‘driving behavior’” data without their consent.
-
February 18, 2025
SAN DIEGO — Finding that a hospital patient had a reasonable expectation to not be subjected to 24-hour surveillance in her hospital room, a California federal judge delivered a mixed-bag ruling to the hospital and other parties seeking dismissal of a complaint alleging privacy and civil rights violation, with many of the defendants being dismissed for failure to specify how they contributed to the claimed acts.