Video Privacy Protection Act (VPPA) class action lawsuits have been on the rise, and the owner of the The Onion, a popular satire site, finds itself the subject of a recent one. On May 16, 2025, a plaintiff-initiated litigation against Global Tetrahedron, LLC, the owner of The Onion, alleges that the defendant installed the Meta
Getting Too Personal? Illinois Court Says Family Medical History is Genetic Information
On May 15, 2025, a district court in Illinois denied a motion by defendant Hospital Sisters Health System and Saint Francis (HSHS) to dismiss a class action claim brought against the hospital system under the Illinois Genetic Information Privacy Act (GIPA).
GIPA regulates the use, disclosure, and acquisition of genetic information and has adopted the
The VPPA: The NBA and NFL Ask SCOTUS to Referee
On April 22, 2025, the National Football League (NFL) filed an amicus brief asking the United States Supreme Court to take on a Video Privacy Protection Act (VPPA) class action case against the National Basketball Association (NBA). In my last post, we covered a recent VPPA lawsuit against a movie theater company and reviewed
The VPPA: An Old Law with New Streams
Enacted in 1988, the Video Privacy Protection Act (VPPA) was intended to regulate the then-booming videotape industry by limiting how video rental and sales data is disclosed. The law was enacted in direct response to the publication of a Supreme Court nominee Robert Bork’s video rental history. Though videotapes may be a memory of the
Re: Watch What You Say Here
The Commercial Electronic Mail Act (CEMA) is a Washington State law that prohibits sending state residents a commercial email misrepresenting the sender’s identity. A commercial email promotes real property, goods, or services for sale or lease. A recent Washington Supreme Court opinion held that this prohibition includes the use of any false or misleading information
Breaches Within Breaches: Contractual Obligations After a Security Incident
We often cover consumer class action complaints against companies regarding the privacy and security of personal information. However, litigation can also arise from alleged breach of contract between two companies. This week, we will analyze a medical diagnostic testing laboratory’s April 2025 complaint against its managed services provider for its alleged failure to satisfy its
The FTC BOTS Act – Leveling the Ticketing Field
On March 31, 2025, President Trump signed an executive order (EO 14254) titled “Combating Unfair Practices in the Live Entertainment Market.” EO 14254 directs the Federal Trade Commission (FTC) to, amongst other provisions, rigorously enforce the Better Online Ticket Sales Act (BOTS Act or the Act) and address unfair ticket scalping practices.
Overview of the
EdTech and Privacy of Student Information: A Case Study
On March 27, 2025, a class action lawsuit was filed against the education technology (EdTech) company Instructure, the parent company of Canvas, a popular learning management system. The complaint alleges that Instructure violated children’s federal and state privacy rights. According to the complaint, Instructure states that it collects various account information about children, including name
Phishing Attacks – Anyone Can Get Pwned
HaveIBeenPwned is a website that allows users to check whether their data has been involved in data breaches. The website’s creator, Troy Hunt, was the subject of a phishing attack earlier this week. The attack was unrelated to the HaveIBeenPwned website and compromised Hunt’s personal Mailchimp account.
According to Hunt, he received an email purporting
Insider Threats: Potential Signs and Security Tips
The Stram Center for Integrative Medicine in New York recently reported a security incident where an employee misused a patient’s payment card information. Although only one patient’s card was directly misused, a subsequent breach report to the U.S. Department of Health and Human Services Office for Civil Rights indicates that the incident potentially compromised the