Archives: Enforcement & Litigation

Subscribe to Enforcement & Litigation RSS Feed

New Jersey AG Announces $200,000 Settlement with Business Associate and Permanent Ban for BA’s Owner due to 2016 Data Breach Affecting Over 1,650 Patients

On November 2, 2018, the New Jersey Attorney General announced a settlement worth up to $200,000 with a former medical transcription company responsible for a breach affecting medical records of up to 1,654 patients of a New Jersey physician network for which the company acted as a business associate. Please see our analysis of an … Continue Reading

Parties Seek to Settle Yahoo Data Breach Class Action for $50M

We previously wrote about the Yahoo data breaches, subsequent class action pending in California, and the company’s estimate of potential settlement costs. Based on the Plaintiffs’ recent Motion for Preliminary Approval of Class Action Settlement, filed on October 22, 2018, the parties have tentatively agreed to settle the case for $50,000,000 in settlement funds, $35,000,000 … Continue Reading

FTC Settles with Four Companies over Privacy Shield Certification

In the wake of the determination by the European Commission that the EU-US Safe Harbor Framework was insufficient to protect EU citizens’ personal information, the Privacy Shield Framework was implemented by the Department of Commerce. Companies who apply for Privacy Shield certification are required to file an application, which requires the companies to attest to … Continue Reading

Two More Companies Sued Under Illinois Biometric Law

Two more companies are under fire for alleged violations of the Illinois Biometric Information Privacy Act (BIPA).  Loews Hotel in Chicago was recently sued in the Circuit Court of Cook County for allegedly violating BIPA by collecting employees’ biometric information and sharing it with third parties without the employees’ consent. According to the suit against … Continue Reading

Years-Long Exposure of Sensitive Client Information Results in $200,000 Settlement with New York Attorney General

In late August, the Attorney General of the State of New York announced a $200,000 settlement with a New York-based non-profit organization that provides services to developmentally disabled individuals and their families after concluding that the organization exposed sensitive personal information of its clients on the Internet for almost three years. The settlement is the … Continue Reading

Choice Hotels Sued for Failing to Provide Information about Accessibility to Users

Choice Hotels International Inc., was recently sued for failing to provide disabled users with information about its rooms’ and grounds’ accessibility. The suit, referencing the Comfort Inn in Gainesville, Florida, states that the hotel’s online reservation system fails to provide users with information about the accessible features for those using wheelchairs or canes. According to … Continue Reading

Adidas Removes Putative Class Action Suit Arising Out of the Data Breach Announced Earlier this Year

On June 28, 2018, Adidas released a statement announcing that it recently “became aware that an unauthorized party claims to have acquired limited data associated with certain Adidas consumers.” Adidas believed the breach was limited to contact information, usernames and encrypted passwords, and not any stored credit card or fitness information, relating to millions of … Continue Reading

Two Federal Criminal Convictions for Cyberattacks

The month of August saw two federal criminal convictions of individuals involved in significant cyberattacks. In Boston, a federal jury convicted Martin Gottesfeld of one count of conspiracy to intentionally damage a protected computer and one count of intentional damage to protected computers. The charges resulted from 2014 Distributed Denial of Service (DDOS) attacks on … Continue Reading

Southwest Airlines Biometric Information Case Dismissed—Sent to Arbitration

We have been following litigation surrounding the Illinois Biometric Information Privacy Act (BIPA), and noting that many employers have been sued for using fingerprints for employees to clock into their jobs [view related posts]. This week, Southwest Airlines was successful in its quest to dismiss a proposed class action case that alleges that it required … Continue Reading

Another Employer in Illinois Hit With Class Action Over Biometrics

Companies doing business in Illinois should consider getting up to speed on the Illinois Biometric Information Privacy Act (BIPA). We have reported on numerous (but not all) cases filed against technology companies and employers for alleged violations of BIPA [view related posts here]. The class action lawsuits continue to get filed at a rapid pace, … Continue Reading

Parties Seek to Centralize Saks/Lord & Taylor Data Breach Litigation

As we noted earlier this year, Saks Fifth Avenue LLC, Saks Incorporated, and Lord & Taylor previously disclosed, on April 1, 2018, that some of their customers’ personal information may have been compromised in a data breach. Those companies all share the Canadian business group Hudson’s Bay Company (collectively with Lord & Taylor LLC, Saks … Continue Reading

ReadyTech Settles With FTC Over Claims of Participation in Privacy Shield

Although the U.S. – E.U. Privacy Shield Framework has been intensely criticized by E.U. authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release stating that it has settled its complaint against ReadyTech, a California-based online training company for “falsely” … Continue Reading

ReadyTech Settles With FTC Over Claims of Participation in Privacy Shield

Although the U.S.-E.U. Privacy Shield Framework has been intensely criticized by E.U. Authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release that it has settled its complaint against ReadyTech, a California online training company for “falsely” claiming that it … Continue Reading

Second Circuit Upholds Conviction Under the CFAA, Rejecting Argument That the Law Is Unconstitutional

In a recent decision, the federal Court of Appeals for the Second Circuit (which covers New York, Connecticut,  and Vermont) affirmed the conviction of an Italian citizen for misdemeanor computer intrusion in violation of the Computer Fraud and Abuse Act of 1986 (CFAA). The decision is noteworthy in that, among other things, the Second Circuit … Continue Reading

Supreme Judicial Court Rules Robocalls are Harassment

The Massachusetts Supreme Judicial Court (SJC) ruled this week in favor of a consumer who sued Target, alleging that it harassed her with robocalls. The plaintiff applied for a Target credit card, and subsequently got behind in payments. Starting in January 2015, Target contacted the debtor in an attempt to collect the debt. According to … Continue Reading

Credit Reporting Agencies Now Must Register with NY DFS and Comply with Cybersecurity Regulations

The New York Department of Financial Services (DFS) issued new regulations requiring every consumer credit reporting agency that “assembles, evaluates, or maintains a consumer credit report on any consumers located in New York State register with the Superintendent of the Department of Financial Services.” As a result of credit reporting agencies’ new status of having … Continue Reading

OCR Prevails with ALJ Against MD Anderson for $4.3 Million in HIPAA Fines and Penalties

It is a rare occurrence when a health care entity challenges the Office for Civil Rights (OCR) regarding proposed fines and penalties for HIPAA violations. In my memory, it has only happened once before. On June 1, 2018, an Administrative Law Judge (ALJ) granted summary judgment in favor of the OCR against The University of … Continue Reading

Lincare Settles Class Action Data Breach Case with Employees

Lincare Holdings Inc. (Lincare), recently entered into a mediated settlement with its employees regarding a data breach that took place on February 3, 2017. On that date, a cyber-criminal posing as a high-level Lincare executive emailed a human resources employee requesting W-2 data for some of its employees. The human resources employee emailed the information … Continue Reading

DOJ Announces Criminal Conviction of Physician for HIPAA Violation

On April 30, 2018, a Massachusetts physician was convicted of a criminal violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as one count of obstruction of a criminal health care investigation, in a Massachusetts federal court. The convictions relate to the purported sharing of confidential patient information by the … Continue Reading

EU-US Transatlantic Data Flows Subject to Further Legal Challenge

Last week, the High Court of Ireland submitted eleven questions to the Court of Justice for the European Union (CJEU) to consider about the personal data transfer regime between the European Union (EU) and the United States. This referral stems from a new claim by Max Schrems, an Austrian lawyer and privacy activist. Schrems previously … Continue Reading

Congress Enacts CLOUD Act within Omnibus Spending Bill to Address Overseas Storage of Electronic Data, Potentially Mooting Supreme Court’s Pending Microsoft Case

On March 23, 2018, the President signed into law the Consolidated Appropriations Act of 2018 (H.R. 1625), an omnibus spending bill that includes the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act). Among other provisions, the CLOUD Act amends the Stored Communications Act of 1986 (18 U.S.C. §§ 2701-2712, hereinafter the SCA) by … Continue Reading
LexBlog