Mealey's Data Privacy
-
August 20, 2025
‘Coverage Position Is Frivolous And Unfounded,’ Insured Argues In Data Breach Suit
GAINESVILLE, Fla. — An insured sued its insurer in a federal court in Georgia for breach of contract and bad faith seeking cyber defense coverage for putative class actions brought as a result of a 2024 data breach.
-
August 20, 2025
College Gets Final OK To Settle Data Breach Suit For Up To $3,500 Per Person
SYRACUSE, N.Y. — Almost five months after preliminarily approving the settlement of a putative class action over a 2023 data breach experienced by an upstate New York college, a New York federal judge granted final approval to the settlement, which boasts an uncapped settlement with an estimated value of $44,720,782.68, including out-of-pocket expenses, credit monitoring and injunctive relief in the form of enhanced data privacy measures on the school’s part.
-
August 20, 2025
Insurer Disputes Coverage For Suit Alleging Dental Office Violated Privacy Rights
CHICAGO — A commercial general liability and umbrella insurer filed suit in a federal court in Illinois seeking a declaration that it has no duty to defend or indemnify for an underlying putative class action alleging that its dental office insured violated privacy rights through its use of internet tracking that collected private information without notice and without consent, arguing that the policy exclusion for access to/disclosure of private information bars coverage.
-
August 19, 2025
Genetic Data Privacy Suit Against Porta Potty Firm Survives Dismissal
CHICAGO — A job applicant’s putative class action against a sanitation company under the Illinois Genetic Information Privacy Act (GIPA) may proceed, an Illinois federal judge ruled, concluding that the plaintiff sufficiently pleaded that interview questions about his family’s medical histories constituted a request for genetic information under the statute.
-
August 18, 2025
NBA To Supreme Court: D.C. Circuit Ruling Confirms Split On VPPA Application
WASHINGTON, D.C. — A recent District of Columbia Circuit U.S. Court of Appeals ruling further solidified a circuit split and the “increasingly obvious need” for a grant of certiorari in a dispute over how to define a “consumer” under the Video Privacy Protection Act (VPPA), the National Basketball Association (NBA) says in a supplemental brief, again urging the U.S. Supreme Court to resolve the dispute in a lawsuit accusing the NBA of sharing the personal viewing information (PVI) of its website’s users.
-
August 12, 2025
COMMENTARY: Shifting Cyber Risk: The Critical Role Of Indemnification In Vendor Contracts
By Latosha M. Ellis and Veronica P. Adams
-
August 15, 2025
D.C. Circuit Affirms VPPA Protects Only ‘Consumers’ Of Video Service Providers
WASHINGTON, D.C. — The Video Privacy Protection Act (VPPA) applies only to those who rent, purchase or subscribe to goods or services offered by a provider of video tape services, the District of Columbia Circuit U.S. Court of Appeals ruled, affirming a lower court’s dismissal of claims that a newspaper publisher violated the law by sending information about the video viewing habits of visitors to its online website to a third party.
-
August 15, 2025
Timeclock Seller Prevails On Employer’s Cross-Claims In Illinois Privacy Action
CHICAGO — A company facing an ongoing class action involving finger-scan timeclocks that it sold has had an employer’s cross-claims against it dismissed with prejudice in an Illinois federal court, where a judge recently found that under the Illinois Biometric Information Privacy Act (BIPA), “the templates at issue in this case constitute biometric information.”
-
August 14, 2025
Split 4th Circuit Vacates Preliminary Injunction In Unions’ DOGE Data Access Suit
RICHMOND, Va. — A trial court abused its discretion when it found that unions and veterans were likely to prevail on each issue raised in a lawsuit opposing the sharing of individuals’ personally identifiable information (PII) with the U.S. Department of Government Efficiency (DOGE), split Fourth Circuit U.S. Court of Appeals panel ruled, vacating a preliminary injunction and remanding for further proceedings.
-
August 14, 2025
Split 6th Circuit Won’t Review Petitions Challenging FCC Telecom Data Breach Rule
CINCINNATI — A split Sixth Circuit U.S. Court of Appeals panel on Aug. 13 denied consolidated petitions for review of a Federal Communications Commission rule requiring reporting by telecommunications carriers of data breaches involving personally identifiable information (PII), finding that pursuant to the Communications Act, the FCC has the authority to implement reporting requirements related to data breaches involving customer PII.
-
August 12, 2025
Law Firm Credibly Alleges Breach Of Duty To Indemnify In Cyber Crime Coverage Suit
SEATTLE — A federal judge in Washington held that a law firm insured plausibly alleges that a commercial cyber insurance policy covers its liability under the Security Breach Liability provision, refusing to dismiss the insured’s claim that the insurer breached its duty to indemnify.
-
August 08, 2025
Judge Approves Settlement Of Shareholder Action Against Zoom For Privacy Policies
WILMINGTON, Del. — A federal judge in Delaware approved a settlement in a shareholder derivative action against Zoom Video Communications Inc. that alleged that certain current and former directors of the company misrepresented the company’s privacy and securities practices; under the terms of the settlement, Zoom will adopt and implement several governance reforms including establishing a cybersecurity committee and enhancing Zoom’s guidelines relating to stock trading plans.
-
August 07, 2025
Woman’s Suit Over Disclosed Medical Info, Harassment Remanded To State Court
BOSTON — Signing and adopting an order that accompanied a plaintiff’s motion to remand, a Massachusetts federal judge agreed that the dismissal of the United States as a defendant from a lawsuit over the purported intentional dissemination of her private medical information lacked the necessary diversity of citizenship to retain federal jurisdiction.
-
August 07, 2025
Judge Approves $6.8 Million Settlement Of Rite Aid Data Breach Class Action
PHILADELPHIA — A $6.8 million settlement of a consolidated class action over a 2024 data breach experienced by Rite Aid Corp. satisfied the requirements of Federal Rule of Civil Procedure 23 and relevant case law, a Pennsylvania federal judge found, granting final approval to the settlement as well as to the plaintiffs’ requests for attorney fees, costs and service awards.
-
August 06, 2025
Man Tells Supreme Court Geofence Warrants Violate 4th Amendment
WASHINGTON, D.C. — A man who was arrested for bank robbery after being tracked via a geofence warrant served on Google LLC by law enforcement filed a petition for certiorari asking the U.S. Supreme Court to decide on the constitutionality of such warrants.
-
August 05, 2025
States Sue USDA Over Demand For SNAP Recipients’ Private Data
SAN FRANCISCO — In a complaint filed in California federal court, a group of 21 U.S. states and the District of Columbia claim that the U.S. Department of Agriculture violated the Administrative Procedure Act (APA) with an “unprecedented demand” for the personal information of “tens of millions of Americans that have applied for benefits through the” Supplemental Nutrition Assistance Program (SNAP).
-
August 04, 2025
Jury Finds Meta Liable For Intercepting Communications On Menstrual-Tracking App
SAN FRANCISCO — One day after a group of plaintiffs announced a mid-trial settlement of their privacy claims against the maker of an ovulation tracking app, a California federal jury on Aug. 1 found co-defendant Meta Platforms Inc. liable under the California Invasion of Privacy Act (CIPA) for participating in the interception of the app users’ personal communications.
-
July 30, 2025
Privacy Claims Against Meta, Google Over Prescription Website May Proceed
SAN FRANCISCO — Consolidated claims that Google LLC and Meta Platforms Inc. intercepted and used the protected health information (PHI) of users of a health services website mostly survived a dismissal motion, with a California federal judge finding that the plaintiffs sufficiently alleged claims for invasion of privacy, unfair competition and unjust enrichment, among other things.
-
July 31, 2025
Women’s Dating Advice App ‘Ignored’ Data Security Before Hack, Plaintiffs Say
SAN FRANCISCO — Two women filed separate putative class action lawsuits in California federal court against the developer of the Tea app, where women post anonymously about dating men, accusing it of negligence and violation of California’s unfair competition law (UCL) after its database of users’ identity-verification photos and drivers’ license pictures was hacked and posted online.
-
July 31, 2025
After 23andMe’s Bankruptcy Sale, States Drop Suit Over Genetic Data Ownership
ST. LOUIS — One month after a Missouri federal bankruptcy judge approved the sale of the financially troubled 23andMe Inc. to a new company formed by one of the genetic testing company’s founders, a group of states on July 30 voluntarily dismissed their adversary proceeding in which they objected to the sale and the unilateral transfer of customers’ genetic data and personally identifiable information (PII).
-
July 30, 2025
Biometrics Claim Over Eufy Security Products Sufficiently Pleaded, Judge Rules
CHICAGO — A year and a half after she partly dismissed a claim against the manufacturer of “eufy” security cameras under Illinois’ Biometric Information Privacy Act (BIPA), an Illinois federal judge denied the defendant’s attempt to fully dispose of the claim, finding that the plaintiffs adequately alleged that the purported misuse of their biometric identifiers occurred in Illinois.
-
July 30, 2025
Driver AI Surveillance Data Collection Class Suit Settled With Lytx For $4.25M
EAST ST. LOUIS, Ill. — A $4.25 million class settlement between a class of drivers and a technology company was granted final approval by a federal judge in Illinois ending a lawsuit that accused a transportation company and a machine vision and artificial technology company of collecting and holding truck drivers’ biometric data when scanning their faces via a camera that employs artificial intelligence to monitor drivers in violation of the Illinois Biometric Information Privacy Act (BIPA); the transportation company previously paid a settlement of $56,800 for the benefit of 71 settlement class members.
-
July 30, 2025
Truck Drivers’ BIPA Claims Over In-Cab Cameras Partly Remanded
CHICAGO — Two truckers’ claims against their former employer under the Illinois Biometric Information Privacy Act (BIPA) were partly remanded for lack of jurisdiction under Article III of the U.S. Constitution, with an Illinois federal judge retaining jurisdiction over part of the claims while denying the trucking company’s motion to dismiss.
-
July 28, 2025
7 Suits Over University’s Data Breach Consolidated In Tennessee Federal Court
CHATTANOOGA, Tenn. — Seven separately filed putative class actions against a college that was hit by a data breach were consolidated by a Tennessee federal judge who granted the plaintiffs’ motion to that end, with the judge holding that maintaining separate suits “would pose unnecessary cost and delay,” while consolidation “will help ensure consistent and efficient adjudications.”
-
July 28, 2025
Judge Trims Claims In Suit Over Mortgage Company’s Ransomware Incident
DALLAS — A consolidated putative class action over a 2023 data breach and ransomware attack experienced by Mr. Cooper Group Inc. will proceed with fewer claims after a Texas federal judge partly granted the firm’s motion to dismiss, disposing of contractual and privacy claims.