Enforcement + Litigation

A class action lawsuit, Seirafi et al v. Samsung Electronics America, Inc., Case 4:22-cv-05176-KAW, filed recently in the Northern District of California, alleges that Samsung’s unnecessary personal information collection, and failure to secure that information, violate the California Consumer Privacy Act (CCPA). This lawsuit was inspired by two recent data breaches that allegedly included personal

Ireland’s Data Privacy Commissioner will reportedly fine Instagram for its handling of children’s data. According to an investigation that began in 2020, Instagram published emails and phone numbers for children ages 13 to 17 who operated business accounts. Business accounts typically post this information by default. Meta, Instagram’s parent, plans to appeal the €405 million

In a complaint filed this week, the Federal Trade Commission (FTC) alleges that a data broker sold geolocation data from individuals showing their movements to and from sensitive locations, including reproductive health clinics, places of worship, and substance use disorder clinics. Kochava, the broker in question, allegedly collects and sells GPS location data from consumers

A new class action lawsuit was filed in federal court in California against Oracle America, Inc., alleging that it A new class action lawsuit was filed in federal court in California against Oracle America, Inc., alleging that it has been invading consumers’ privacy by using tracking technologies to build “digital dossiers” on individual internet users

In the first of its kind under the California Consumer Privacy Act (CCPA), Sephora settled an enforcement action with the California Attorney General for violation of the CCPA. Sephora must pay $1.2 million in penalties and implement a CCPA compliance program. The enforcement action alleged that Sephora permitted third parties to create customer profiles that

A subpoena was issued to Alight Solutions by the U.S. Department of Labor (DOL) for documents related to a cybersecurity breach that potentially resulted in Employee Retirement Income Security Act (ERISA) violations. Alight provides recordkeeping, administrative, and consulting services for over 750 employee benefit plans with more than 20 million plan participants.

The DOL began

ACTS Retirement Services, Inc. (ACTS), a non-profit corporation that manages retirement communities, suffered a data breach in April 2022, which led to unauthorized access to thousands of current and former employees’ personal information. Specifically, names, Social Security numbers, and financial information were effected. As a result of this incident, ACTS now faces a data breach