On November 2, 2018, the New Jersey Attorney General announced a settlement worth up to $200,000 with a former medical transcription company responsible for a breach affecting medical records of up to 1,654 patients of a New Jersey physician network for which the company acted as a business associate. Please see our analysis of an … Continue Reading
We previously wrote about the Yahoo data breaches, subsequent class action pending in California, and the company’s estimate of potential settlement costs. Based on the Plaintiffs’ recent Motion for Preliminary Approval of Class Action Settlement, filed on October 22, 2018, the parties have tentatively agreed to settle the case for $50,000,000 in settlement funds, $35,000,000 … Continue Reading
In the wake of the determination by the European Commission that the EU-US Safe Harbor Framework was insufficient to protect EU citizens’ personal information, the Privacy Shield Framework was implemented by the Department of Commerce. Companies who apply for Privacy Shield certification are required to file an application, which requires the companies to attest to … Continue Reading
Although it denies liability or wrongdoing, Sunrun Inc. has agreed to pay $5.5 million to settle a potential class action case alleging it of calling numbers on the Do Not Call Registry. Sunrun, a solar company, is alleged to have made unsolicited, automatic, pre-recorded voice calls to people on the Do Not Call Registry and … Continue Reading
Two more companies are under fire for alleged violations of the Illinois Biometric Information Privacy Act (BIPA). Loews Hotel in Chicago was recently sued in the Circuit Court of Cook County for allegedly violating BIPA by collecting employees’ biometric information and sharing it with third parties without the employees’ consent. According to the suit against … Continue Reading
In late August, the Attorney General of the State of New York announced a $200,000 settlement with a New York-based non-profit organization that provides services to developmentally disabled individuals and their families after concluding that the organization exposed sensitive personal information of its clients on the Internet for almost three years. The settlement is the … Continue Reading
Choice Hotels International Inc., was recently sued for failing to provide disabled users with information about its rooms’ and grounds’ accessibility. The suit, referencing the Comfort Inn in Gainesville, Florida, states that the hotel’s online reservation system fails to provide users with information about the accessible features for those using wheelchairs or canes. According to … Continue Reading
On June 28, 2018, Adidas released a statement announcing that it recently “became aware that an unauthorized party claims to have acquired limited data associated with certain Adidas consumers.” Adidas believed the breach was limited to contact information, usernames and encrypted passwords, and not any stored credit card or fitness information, relating to millions of … Continue Reading
The month of August saw two federal criminal convictions of individuals involved in significant cyberattacks. In Boston, a federal jury convicted Martin Gottesfeld of one count of conspiracy to intentionally damage a protected computer and one count of intentional damage to protected computers. The charges resulted from 2014 Distributed Denial of Service (DDOS) attacks on … Continue Reading
We have been following litigation surrounding the Illinois Biometric Information Privacy Act (BIPA), and noting that many employers have been sued for using fingerprints for employees to clock into their jobs [view related posts]. This week, Southwest Airlines was successful in its quest to dismiss a proposed class action case that alleges that it required … Continue Reading
Companies doing business in Illinois should consider getting up to speed on the Illinois Biometric Information Privacy Act (BIPA). We have reported on numerous (but not all) cases filed against technology companies and employers for alleged violations of BIPA [view related posts here]. The class action lawsuits continue to get filed at a rapid pace, … Continue Reading
As we noted earlier this year, Saks Fifth Avenue LLC, Saks Incorporated, and Lord & Taylor previously disclosed, on April 1, 2018, that some of their customers’ personal information may have been compromised in a data breach. Those companies all share the Canadian business group Hudson’s Bay Company (collectively with Lord & Taylor LLC, Saks … Continue Reading
Although the U.S. – E.U. Privacy Shield Framework has been intensely criticized by E.U. authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release stating that it has settled its complaint against ReadyTech, a California-based online training company for “falsely” … Continue Reading
Although the U.S.-E.U. Privacy Shield Framework has been intensely criticized by E.U. Authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release that it has settled its complaint against ReadyTech, a California online training company for “falsely” claiming that it … Continue Reading
In a recent decision, the federal Court of Appeals for the Second Circuit (which covers New York, Connecticut, and Vermont) affirmed the conviction of an Italian citizen for misdemeanor computer intrusion in violation of the Computer Fraud and Abuse Act of 1986 (CFAA). The decision is noteworthy in that, among other things, the Second Circuit … Continue Reading
The Massachusetts Supreme Judicial Court (SJC) ruled this week in favor of a consumer who sued Target, alleging that it harassed her with robocalls. The plaintiff applied for a Target credit card, and subsequently got behind in payments. Starting in January 2015, Target contacted the debtor in an attempt to collect the debt. According to … Continue Reading
The New York Department of Financial Services (DFS) issued new regulations requiring every consumer credit reporting agency that “assembles, evaluates, or maintains a consumer credit report on any consumers located in New York State register with the Superintendent of the Department of Financial Services.” As a result of credit reporting agencies’ new status of having … Continue Reading
It is a rare occurrence when a health care entity challenges the Office for Civil Rights (OCR) regarding proposed fines and penalties for HIPAA violations. In my memory, it has only happened once before. On June 1, 2018, an Administrative Law Judge (ALJ) granted summary judgment in favor of the OCR against The University of … Continue Reading
Lincare Holdings Inc. (Lincare), recently entered into a mediated settlement with its employees regarding a data breach that took place on February 3, 2017. On that date, a cyber-criminal posing as a high-level Lincare executive emailed a human resources employee requesting W-2 data for some of its employees. The human resources employee emailed the information … Continue Reading
On April 30, 2018, a Massachusetts physician was convicted of a criminal violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as one count of obstruction of a criminal health care investigation, in a Massachusetts federal court. The convictions relate to the purported sharing of confidential patient information by the … Continue Reading
As had been expected following the passage of the CLOUD Act by Congress last month, the U.S. Supreme Court remanded and ordered the dismissal of the pending United States v. Microsoft Corporation, Inc. case in a per curiam decision issued April 17, 2018. After briefly reviewing the basis for its grant of certiorari in the … Continue Reading
Last week, the High Court of Ireland submitted eleven questions to the Court of Justice for the European Union (CJEU) to consider about the personal data transfer regime between the European Union (EU) and the United States. This referral stems from a new claim by Max Schrems, an Austrian lawyer and privacy activist. Schrems previously … Continue Reading
On March 30, 2018, Solicitor General Noel J. Francisco filed a motion with the U.S. Supreme Court in United States v. Microsoft Corporation that seeks to vacate the judgment of the U.S. Court of Appeals for the Second Circuit in the case (which held in favor of Microsoft) and to remand the case with directions … Continue Reading
On March 23, 2018, the President signed into law the Consolidated Appropriations Act of 2018 (H.R. 1625), an omnibus spending bill that includes the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act). Among other provisions, the CLOUD Act amends the Stored Communications Act of 1986 (18 U.S.C. §§ 2701-2712, hereinafter the SCA) by … Continue Reading
