Archives: Enforcement + Litigation

Subscribe to Enforcement + Litigation RSS Feed

U.S. Supreme Court Declines to Hear Case on Whether Commercial Websites and Mobile Apps Subject to Title III of the Americans with Disabilities Act (the “ADA”)

The ADA was enacted in 1990 to prohibit discrimination against persons with disabilities. It did not include express rules about access to websites and mobile apps. But that hasn’t stopped a flood of lawsuits against companies based on claims their websites or mobile apps might not be accessible to people with disabilities, such as visual, … Continue Reading

Google Sued Under Illinois Biometric Information Privacy Act

Another day, another suit against a brand name for allegations of violation of the Illinois Biometric Information Privacy Act (BIPA). Plaintiffs’ attorneys are having a field day filing class action lawsuits based on BIPA. Late last week, Google was sued in Cook County, Illinois in a proposed class action, alleging that it violated BIPA  by … Continue Reading

Vimeo Hit with Class Action for Alleged Violations of Biometric Law

Vimeo, Inc. was sued last week in a class action case alleging that it violated the Illinois Biometric Information Privacy Act by “collecting, storing and using Plaintiff’s and other similarly situated individuals’ biometric identifiers and biometric information…without informed written consent.” According to the Complaint, Vimeo “has created, collected and stored, in conjunction with its cloud-based … Continue Reading

FTC Sues Match.com Owner for Alleged Fake Love-Interest Ads

The Federal Trade Commission (FTC) announced in a press release on September 25, 2019, that it has filed a Complaint against Match Group, Inc. (Match), the owner of Match.com, Tinder, OKCupid, PlentyOfFish and other alternative dating sites, alleging that it “used fake love interest advertisements to trick hundreds of thousands of consumers into purchasing paid … Continue Reading

$267 Million Judgment Against Debt Collector for TCPA Violations

On September 10, 2019, California federal judge, U.S. District Judge Yvonne Gonzalez Rogers, entered a $267 million judgment against a debt collection agency, Rash Curtis & Associates (Rash Curtis), for its violation of the Telephone Consumer Protection Act (TCPA) for over 534,000 unsolicited robocalls. This judgment comes after a May jury trial in which the … Continue Reading

For First Time Ever, Government Brings HIPAA Enforcement Action Alleging Violations of Right to Access Medical Records

On September 9, 2019, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that it had settled its first ever HIPAA enforcement action arising from alleged violations of the individual right to access health information under HIPAA. OCR entered into a settlement with Bayfront Health St. Petersburg (Bayfront) in response … Continue Reading

Court Finds That Insurer’s Quote Implied Coverage for Computer Hacking Losses

In an interesting case from Indiana, a court recently ruled that language in the insurer’s “quotes” for coverage in a crime policy led the insured to believe that losses for computer hacking would be covered under the policy if the insured purchased coverage. The case, Metal Pro Roofing, LLC v. Cincinnati Insurance Company, 2019 WL … Continue Reading

Allscripts Announces $145 Million Preliminary Settlement with DOJ Related to an Investigation of Practice Fusion, a Recently Acquired EHR Company

In its second quarter Securities Exchange Commission (SEC) filing, Allscripts addressed its announced agreement in principle with the Department of Justice (DOJ) to resolve investigations into certain alleged practices of Practice Fusion, an electronic health records (EHR) vendor acquired by Allscripts in February 2018 for $100 million. Allscripts indicated the agreement is still subject to … Continue Reading

Delta Sues Vendor for Causing Data Breach

In an unusual move, Delta Airlines (Delta) sued one of its vendors last week for the data breach it experienced in 2017. It’s an unusual move for several reasons. First, in our experience when a vendor causes a data breach, there is usually a contractual provision that can be followed that outlines the responsibility of … Continue Reading

AT&T Sued by CA Customers for Selling Location Data to Aggregators

AT&T was sued this week in the Northern District of California by customers alleging that AT&T sold their location data to data aggregators without their consent. The proposed class action suit was filed on behalf of all AT&T wireless customers from 2011 to date. The suit alleges that AT&T sold customers’ location data to LocationSmart … Continue Reading

Medical Marijuana Delivery App Agrees to Settle TCPA Case for $1.75M

The “Uber of weed” app developed by Eaze Solutions, Inc. (Eaze) provides information to users about the delivery of recreational and medical marijuana throughout California. Unfortunately, Eaze allegedly violated the Telephone Consumer Protection Act (TCPA) by inundating its users with unsolicited, autodialed text messages about how to buy marijuana. The named plaintiff alleges that she … Continue Reading

FTC Seeks Information from ISPs on Privacy Procedures

The Federal Trade Commission (FTC) issued an Order to File a Special Report to seven Internet broadband providers in the U.S., requesting information on how the companies “collect, retain, use and disclose information about consumers and their devices.” According to its press release, the FTC “is initiating this study to better understand Internet service providers’ … Continue Reading

Has Investigative Genealogy Become the Wild, Wild West?

DNA technology has assisted law enforcement in identifying criminals for decades.  The U.S. National DNA Database System stores the DNA data of millions of criminals, and allows law enforcement officers around the country to compare and match forensic evidence in this central repository.  This closed universe of DNA only contains data from individuals arrested or convicted of a … Continue Reading

Plaintiff Argues GoDaddy Texting Campaign Used an Autodialer

Lead plaintiff, John Herrick, in the Telephone Consumer Protection Act (TCPA) class action lawsuit against GoDaddy.com LLC (GoDaddy.com) opposed an Arizona federal judge’s May 2018 decision to grant summary judgment in favor of GoDaddy.com. The court granted summary judgment on the grounds that the platform used to send the text messages did not qualify as … Continue Reading

Department of Justice Announces Significant False Claims Act Settlements Tied to Electronic Health Records Arrangements

The Department of Justice (DOJ) recently announced two high-dollar False Claims Act (FCA) enforcement actions involving allegedly fraudulent arrangements tied to the implementation and use of electronic health record systems (EHRs). The respective settlements enable recovery by DOJ of over $100 million, and immediately precede the government’s recent proposal of new rules to promote the … Continue Reading

Fortnite Players Sue for Alleged Exposure of Payment Information for Vbucks

Players of the popular Fortnite video game have filed a proposed class action suit against the video game’s owner, Epic Games Inc. (“Epic”) alleging that Epic failed to protect players’ accounts, allowing hackers access to their payment details in a 2018 data breach. According to the suit, the players gave Epic their payment information in … Continue Reading

Cottage Health Settles with OCR for $3M

We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $3 million in regard to a security incident that occurred in 2013. On February 7, 2019, the Office for Civil Rights (OCR) issued a press release that it settled HIPAA violations in December … Continue Reading

TCPA Class Action filed Against Medspa for Unwanted Text Messages

Last week, Florida skin care spa, Medspa Del Mar LLC (Medspa) was hit with a Telephone Consumer Protection Act (TCPA) class action in federal court for allegedly using an automatic dialing system to send unwanted text messages advertising its treatments. Lead plaintiff claims that Medspa invaded her and other class members’ privacy by sending a … Continue Reading

Individuals Need Not Allege Actual Injury to Sue for Damages Under the Illinois Biometric Information Privacy Act

On January 25, 2019, a unanimous Illinois Supreme Court held that, under that state’s Biometric Information Privacy Act (BIPA), a person need not suffer actual injury or adverse effect in order to bring suit under the statute. In its decision in Rosenbach v. Six Flags Entertainment Corp., the Court determined that a minor child whose … Continue Reading

Recent FINRA Consent Agreement – Sanctions Against Former Securities Employee Regarding Wire Transfers

The regulatory sword of the financial industry came down on a former securities employee for violations involving wire transfers out of a client’s account. The Financial Industry Regulatory Authority (FINRA) provides oversight of the financial industry. According to their website, in 2017, they brought 1,369 disciplinary actions against registered individuals and firms, levied fines totaling … Continue Reading

ILCs, the OCC, and the Future of Fintech Banking

Industrial Loan Companies (ILCs) are a different kind of financial institution. The ILC is a state-chartered FDIC-insured depository financial institution with certain advantages common to banks but without all of the corresponding regulatory overlay. This is one reason why aspiring fintech companies may consider foregoing the pursuit of a federal OCC “fintech” charter in favor … Continue Reading

Google Fined $57M by French Data Protection Authority for Alleged Violations of GDPR

France’s data protection authority (DPA) (CNIL) recently announced that it has fined Google $57 million for violations of the General Data Protection Regulation (GDPR). This is the first fine by a European DPA of an American company for alleged violations of the sweeping EU privacy law. According to the CNIL, Google did not tell consumers … Continue Reading

Judge Rules Biometric Identifiers Can’t Be Used to Unlock Phone

A federal magistrate judge in California has ruled that law enforcement personnel may not require suspects to unlock their phones with biometric identifiers like a fingerprint, iris scan or facial recognition, saying the practice is unconstitutional. The decision followed the request for a search warrant in an extortion case. The prosecutors asked for an order … Continue Reading
LexBlog