Archives: Enforcement & Litigation

Subscribe to Enforcement & Litigation RSS Feed

TOPS Software Company Hit with TCPA Class Action

Last week, TOPS Software LLC (TOPS), a software company that specializes in condominium and homeowners association communication platforms, was served with a class action in Illinois federal court which alleges that TOPS violated the Telephone Consumer Protection Act (TCPA) by using auto dialer technology to solicit consumers to attend the “CAMfire conference.” The CAMfire Conference … Continue Reading

Dumpster Diving Leads to $100,000 Fine for Defunct Business Associate Due to Improper Disposal of Medical Records

On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that contained protected health information (PHI) of over two thousand individuals in a dumpster. Filefax, a now-defunct medical records moving and storage company located … Continue Reading

Ciox Health, LLC Initiates Lawsuit against the Department of Health and Human Services Over Medical Records Request Fees under HIPAA and HITECH

On January 8, 2018, Ciox Health, LLC (Ciox) filed a complaint against the Department of Health and Human Services (HHS) and then-acting Secretary Eric D. Hargan, alleging that the Department’s rules and guidance, under HIPAA and HITECH, “impose[] tremendous financial and regulatory burdens on health care providers and threatens to upend the medical-records industry that … Continue Reading

United States Supreme Court Considers Whether to Weigh in on Circuit Split in Data Breach Actions

In October 2017, healthcare insurer, CareFirst, petitioned the United States Supreme Court, requesting the Court to clarify the constitutional standing requirement for plaintiffs seeking to bring claims regarding their exposure during corporate data breaches. In order to invoke federal court jurisdiction, a plaintiff must plead an actual or imminent injury. The Supreme Court has held … Continue Reading

New Class Action Against FAA

The Federal Aviation Administration (FAA) was served with an 836,796-person lawsuit last week alleging wrongful collection of personal data and money under unmanned aerial system (UAS or drone) regulations. This lawsuit, Robert Taylor v. FAA, is the second class action filed against the FAA—the first, filed in 2015 by Robert Taylor’s brother, John, alleged that … Continue Reading

Connecticut Supreme Court Recognizes Common-Law Cause of Action for Unauthorized Disclosure of Confidential Medical Information

In a long-awaited decision concerning the confidentiality of medical records and patient privacy, the Connecticut Supreme Court recently concluded that the physician-patient relationship establishes a duty of confidentiality to a patient in Connecticut, and that unauthorized disclosure of confidential information obtained for the purpose of treatment in the course of that relationship gives rise to … Continue Reading

Protect Yourself From Year-End Charitable Giving Scams

December is traditionally a busy month for charitable giving, as many donors are inspired by the holiday season to give generously to those in need, while others look to make year-end gifts that will qualify for a tax deduction in the current tax year. Unfortunately, because of the increase in charitable giving, there is often … Continue Reading

Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have: a cybersecurity program designed to protect … Continue Reading

US Supreme Court Evaluates Privacy of Cell Phone Data

Last Thursday, the United States Supreme Court heard arguments in Carpenter v. United States.  At issue was whether the FBI violated the Fourth Amendment when it obtained the cellphone location records of Timothy Carpenter.  The FBI used these records to establish Mr. Carpenter’s whereabouts during time periods in which certain armed robberies occurred.  The government … Continue Reading

The Reversal of Net Neutrality on Privacy 101

The Federal Communications Commission’s (FCC) potential reversal of the Obama Administration’s ‘Net Neutrality’ rules have been a constant headline lately. Most media coverage goes to the core principals of net neutrality, including blocking, throttling and pay for priority of internet content; however, privacy is also a factor. Primarily, the FCC issued broadband privacy rules in … Continue Reading

Connecticut Cyber Task Force Announced

The U.S. Attorney’s Office of the District of Connecticut has announced the creation of a Connecticut Cyber Task Force (“CCTF”) in partnership with the FBI, DEA, Secret Service, Homeland Security, IRS, Connecticut State Police, and 11 local police departments from throughout Connecticut as well as other federal authorities. The CCTF’s initial focus will be twofold: … Continue Reading

Hyatt and Bob Evans Face Class Action Biometric Suit Over Fingerprints

Hyatt Corp. was hit with a class action suit this week for allegedly violating the Illinois Biometric Information Privacy Act (BIPA) by collecting and storing employees’ fingerprints. This is the latest in a string of suits over the same complaint—employers using employees’ fingerprints for time clock systems without their written consent. The named plaintiff alleges … Continue Reading

Nonprofit Fundraiser Escapes TCPA Case

An Illinois federal judge has ruled that a fundraising company working for a nonprofit, tax exempt organization did not violate the Telephone Consumer Protection Act (TCPA) when it called a number listed on the National Do Not Call Registry because the activity fell within the nonprofit exemption of TCPA. The ruling is significant as there … Continue Reading

Airline Cargo Company Sued under Illinois Biometric Law

Alliance Ground International is the latest company to be sued for allegedly violating the Illinois Biometric Information Privacy Act (BIPA) for collecting and storing its employees’ fingerprints without their consent. The proposed class of employees alleges that the company, which takes employees’ fingerprints as part of their time keeping records for their work as bag … Continue Reading

Supreme Court to Hear Microsoft Emails Case

In an order issued on October 16, 2017, the U.S. Supreme Court granted certiorari in United States v. Microsoft Corporation, a case with potentially far-reaching implications for the privacy of electronic data maintained by technology companies across the globe. The case, which Robinson+Cole has previously discussed here, here, and here, arises from a warrant obtained … Continue Reading

Vermont AG Settles with SAManage for $264,000 for Delayed Breach Notification

The Vermont Attorney General (AG) recently announced that it has settled with SAManage USA, a business support services company, for failing to timely notify 660 Vermont residents that their names and Social Security numbers were accessible through the online search engine Bing. In July of 2016, an employee of SAManage attached an excel spreadsheet containing … Continue Reading

Illinois Biometric Case Against Shutterfly Survives

We have been following biometric cases in Illinois, including the case against Shutterfly [view related posts]. Late last week, an Illinois federal judge denied Shutterfly’s motion to dismiss the case against Shutterfly alleging that it violates the Illinois Biometric Information Privacy Act when collecting and storing face geometry scans through facial recognition software. In allowing … Continue Reading

Supreme Court to Discuss Granting Review in Microsoft E-Mails Case October 6

The U.S. Supreme Court recently indicated that it will consider the federal government’s petition for a writ of certiorari in United States v. Microsoft Corp. at its conference scheduled for October 6, 2017. United States v. Microsoft is a “cutting edge” case that concerns the ability of law enforcement to obtain electronic documents stored abroad … Continue Reading

Lenovo Agrees to Settle Data Security Case with FTC and 32 AGs

The Federal Trade Commission (FTC) announced on September 5, 2017, that it has settled with Lenovo regarding allegations that Lenovo “harmed customers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.” According to the FTC’s complaint against Lenovo, it pre-loaded “man in the middle” software, VisualDiscovery that … Continue Reading

DOJ Announces Project Focused on Admissibility of Forensic Evidence

This morning, the U.S. Department of Justice (DOJ) announced an initiative aimed at “examining and strengthening forensic science.” Presumably, the initiative will impact how the DOJ approaches digital forensic evidence in criminal prosecutions. Deputy Attorney General Rod J. Rosenstein made the announcement at the International Association for Identification’s (IAI) conference in Atlanta, Georgia. The IAI … Continue Reading

Ashley Madison Settles Data Breach Case for $11.2M

Ashley Madison, which suffered a data breach in 2015 [view related posts here] involving the loss of 37 million users’ personal and financial information, has settled the suit for $11.2 million. Ashley Madison’s parent company previously settled data security allegations with 13 states and the Federal Trade Commission for $17.5 million, but ended up paying … Continue Reading

VTech Escapes Class Action Case Over Breach of 11 Million Toy Users’ Information

In November 2015, VTech Electonics North America LLC (VTech) announced that an unauthorized party infiltrated its network and gained access to the personal information of 5 million adults and 6.5 million children through its Learning Lodge app store, including their names, email addresses, security questions, photographs and messages [view related post]. One month following the … Continue Reading
LexBlog