Archives: Enforcement & Litigation

Subscribe to Enforcement & Litigation RSS Feed

Fourth Circuit Vacates $12M FCRA Class Action Judgment Against Experian

On May 11, 2017, the Fourth Circuit Court of Appeals vacated a $12 million judgment against Experian Information Solutions, Inc. (“Experian”) in a class action against the credit reporting bureau alleging violations of the Fair Credit Reporting Act (“FCRA”). Relying on the standard set forth by the U.S. Supreme Court in Spokeo, Inc. v. Robins, … Continue Reading

Central Payment Co. Settles TCPA Class Action for $6.5 Million

Last week, Georgia federal judge, U.S. District Judge Clay D. Land, approved the final order and judgment to settle class action claims that Central Payment Co. LLC (Central Payment) violated the Telephone Consumer Protection Act (TCPA) for $6.5 million. Lead plaintiff, Fred Heidarpour, claimed that Central Payment violated the TCPA by hiring third parties to … Continue Reading

Home Depot Agrees to Settle Data Breach Shareholders’ Suit

In a surprise move late last week, Home Depot has agreed to settle a shareholders derivative suit filed against current and former members of the Board of Directors and the Chief Executive Officer and Chief Information Officer (CIO) following a massive data breach that occurred in 2014. The shareholders allege that former and current board … Continue Reading

OCR Settles First Case With Wireless Provider for $2.5 Million

Touted as the first OCR settlement with a wireless health services provider, the OCR announced on April 24, 2017, that it has settled alleged HIPAA violations with CardioNet, based in Pennsylvania for $2.5 million. CardioNet self-reported a data beach in January 2012, stating that an unencrypted laptop of one of its employees was stolen from … Continue Reading

Class Action Initiated Against Telehealth Provider for Disclosure of Sensitive Information

A class action was filed in Fort Lauderdale, Florida this week against a national telehealth provider, MDLive Inc. (MDLive) for its mobile app’s alleged secret capture of screenshots containing sensitive patient information without restricting access to medical providers who have a legitimate need to view the information. The lawsuit was filed by Utah resident, Joan … Continue Reading

FTC Resolves Allegations Against Three U.S. Based Companies Involving Misrepresentations of International Privacy Program Certifications

Privacy laws in Asia-Pacific countries such as Japan, Australia, New Zealand and Singapore restrict the export of personal information except when the exporter meets certain qualifying conditions. One qualifying condition is if the exporter is in compliance with the Asia-Pacific Economic Cooperation’s Cross-Border Privacy Rules System (CBPR). Under the CBPR, the exporting company would have … Continue Reading

TrustE Pays $100,000 with NYS for Failing to Protect Children’s Websites

On April 6, 2017, New York Attorney General Eric Schneiderman (AG) announced that he has settled an investigation against TrustE for alleged violations of failing to adequately prevent illegal tracking technology on children’s websites, including Hasbro.com and Roblox.com. TrustE has agreed to pay the State $100,000 in the settlement and adopt measures to strengthen its … Continue Reading

Rite Aid Beats TCPA Lawsuit Over Flu Shot Reminder Prerecorded Calls

A group of Rite Aid customers sued Rite Aid in December of 2014 for alleged violations of the Telephone Consumer Protection Act when it sent flu shot reminders to consumer’s cellphones without written consent. On March 30, 2017, a federal district court judge in New York dismissed the proposed class action lawsuit by granting Rite … Continue Reading

Judge Finds Standing Based on Spokeo in TCPA Class Action

Last week, on March 22, 2017, U.S. District Judge Marcia G. Cooke, a Florida federal judge, determined that Ray Mohamed had standing in his proposed class action against Off Lease Only Inc. (Off Lease) for alleged violations of the Telephone Consumer Protection Act (TCPA) under the U.S. Supreme Court’s Spokeo decision. Judge Cooke concluded that … Continue Reading

NY AG Announces Settlements with Three Mobile-Health App Developers Over Privacy, Marketing Concerns

On March 23, 2017, New York State Attorney General Eric T. Schneiderman announced settlements with three mobile health application (app) development companies aimed at curbing deceptive marketing practices and inadequate privacy disclosures to consumers. The settlements – reached with Cardiio, Inc., Matis Ltd., and Runtastic GmbH, respectively – target health measurement apps that “purport to … Continue Reading

Wendy’s Successful in Trimming Data Breach Class Action Suit But No Dismissal

We have previously discussed the class action case filed against Wendy’s as a result of a data breach [view related post]. The case was initially dismissed based upon lack of standing, but the plaintiffs were given the opportunity to amend the Complaint. After the filing of the Amended Complaint, Wendy’s filed a Motion to Dismiss. … Continue Reading

Third Circuit Holds Criminal Defendant in Contempt for Refusing to Decrypt Hard Drives

In a precedential ruling, the Third Circuit Court of Appeals this week upheld a lower court’s ruling holding a criminal defendant in contempt for refusing to decrypt two external hard drives that were seized during a child pornography investigation. During the investigation, the government seized the defendants’ property, including two iPhones, a MacBook Pro and … Continue Reading

Neiman Marcus Settles Data Breach Class Action Case for up to $1.6 Million

We have followed the Neiman Marcus case from the moment the data breach was announced [view related posts here, here, and here]. After winding through the judicial system, Neiman Marcus has agreed to settle, and the plaintiffs have requested that the Judge approve the proposed settlement, reached after mediation proceedings. The settlement includes a payment … Continue Reading

IRS Files Petition to Enforce Summons Issued to Virtual Currency Company

The Internal Revenue Service (IRS) obtained authorization from a California federal court last November to serve a John Doe summons on the virtual currency firm Coinbase in order to obtain customer information to determine whether customers were using virtual currency to avoid paying income taxes. Although the summons was issued in December, Coinbase has not … Continue Reading

Yahoo Breaches Cost Shareholders $350 Million From Lowered Purchase Price, CEO Forfeits $14 Million in Compensation

Yahoo’s troubles for failing to timely disclose security breaches provides rare insight into quantifying the financial and other costs to a company’s shareholders and leadership when a security breach occurs and is mishandled. In 2014, more than a billion Yahoo accounts were hacked. Then in 2015 and 2016, more than 500,000 Yahoo user accounts were … Continue Reading

Florida Supreme Court Rejects PSQIA Preemption of Florida Constitution

On January 31, 2017, the Florida Supreme Court held that adverse medical incident reports produced in accordance with Florida law cannot constitute confidential and privileged patient safety work product (PSWP) under the federal Patient Safety & Quality Improvement Act of 2005 (PSQIA). In Jean Charles, Jr. et al. v. Southern Baptist Hospital of Florida, Inc. … Continue Reading

Arby’s Hit with Multiple Class Action Suits over Data Breach

Arby’s has announced that its point-of-sale system had been compromised by intruders over a four month period between October of 2016 and January of 2017, exposing the credit and debit card information of 355,000 customers. It is unknown at the present time which Arby’s restaurants were included in the incident, but it is estimated that … Continue Reading

FTC and Ten States Settle with Caribbean Cruise Lines for Robocall Accusations

This week, the Federal Trade Commission (FTC) and ten states settled charges against the Florida-based cruise line, Caribbean Cruise Line, Inc. (CCL), for an illegal telemarking campaign that inundated consumers with billions of unwanted robocalls. In settling these charges, CCL’s owner, Fred Accuardi, and all of his companies are barred from robocalling and illegal telemarketing. … Continue Reading

TCPA Violations Claimed Against Rady Children’s Hospital in San Diego

Rady Children’s Hospital-San Diego (Rady) was hit with a proposed class action in California federal court this week for alleged violations of the Telephone Consumer Protection Act (TCPA) for autodialed debt-collection calls to consumers’ cell phones. The complaint, filed by two plaintiffs, Taneesha Crooks and Anthony Brown, states that “[Rady], either directly or through their … Continue Reading

Former NSA Contractor Indicted for Theft of Government Property

The United States Department of Justice (DOJ) has announced that a former contractor of a defense contractor has been indicted for stealing over 75 percent of hacking tools belonging to the Nations Security Agency’s offensive cyber unit, as well as the ICA and Cyber Command. According to the indictment, Harold T. Martin has been charged … Continue Reading

Facial Scan Case Dismissed Under Illinois Biometrics Law

The developers of two NBA video games were successful this week in getting a putative class action alleging violations of the Illinois Biometrics law dismissed. Two named plaintiffs alleged that the video games violated the Illinois Biometrics Information Privacy Act (BIPA) because the game developer failed to get the gamers’ permission prior to using and … Continue Reading
LexBlog