Archives: Enforcement & Litigation

Subscribe to Enforcement & Litigation RSS Feed

CoPilot Provider Support Services Settles with NYAG for $130,000 for Late Breach Notification

CoPilot Provider Support Services, Inc. (CoPilot), which provides health care companies with billing and insurance support services, has settled allegations by the New York Attorney General of failing to notify individuals of a data breach in a reasonable time for $130,000. CoPilot began investigating an unauthorized access to, and downloading of its reimbursement records through … Continue Reading

Reader’s Digest Publisher Settles Case Alleging It Sold Subscribers’ Personal Information for $8.2M

In what is being considered the largest-ever settlement of alleged violations of Michigan’s privacy law (the Michigan Preservation of Personal Privacy Act), the publisher of Reader’s Digest has agreed to pay out $8.2 million to settle a proposed class-action lawsuit brought by consumers who allege that the publisher sold subscribers’ personal information to data brokers … Continue Reading

New Nevada Law Recognizes Enforceability of Blockchain Transactions; Blocks Local Government Regulation and Taxation

Senate Bill 398, unanimously passed by the Nevada legislature and signed into law by the Governor on June 5th, represents the most far-reaching state legislation to date concerning the use of blockchain technology. Blockchain is a decentralized database system that can be used to track and manage a broad range of digital transactions. Originally conceived … Continue Reading

Illinois Court Rules That College Foundation Documents Subject to FOIA

On May 9, 2017, the Illinois Appellate Court held that the College of DuPage Foundation (Foundation), a fundraising organization for the public College of DuPage (College), is subject to the state’s open records law. In doing so, the Court rejected the Foundation’s argument that it was a charitable organization with no public role, and instead … Continue Reading

TCPA Class Action Tossed out After Hospital Provides Records Indicating Consent

Central Florida Regional Hospital (the Hospital) was released from a proposed class action last week for its alleged violations of the Telephone Consumer Protection Act (TCPA). The Hospital’s debt collector, Transworld Systems, allegedly made autodialed calls to collect overdue hospital debts without prior patient consent. Lead plaintiff, Charles Ivy, former emergency room patient at the … Continue Reading

Protection of Vendor Report and Documents as Work Product is Big Win for Experian

When assisting clients with emergency data breach response, and preparing and implementing a data privacy and security plan, it often becomes efficient, cost effective and necessary to hire outside vendors to assist with portions of the engagement. These activities include risk assessments, gap assessments, vulnerability testing, forensic analysis and security incident investigations. It is important … Continue Reading

Gather App Hit with TCPA Class Action Suit

Gather, a free app designed to allow users to create event invitations and send them to their contacts has been hit with a proposed TCPA class action suit. The named plaintiff alleges that Gather tricks users into giving Gather their contacts and then uses the contact information to send unsolicited texts to their contacts without … Continue Reading

Kmart Breach Settlement of $6.9M With Banks Approved by Court

Kmart’s proposed settlement with banks that had to reimburse customers following Kmart’s 2014 data breach was approved by an Illinois federal judge last week with one caveat: he wants to see how much each bank is being paid from the settlement, and he wants to see the plaintiffs’ attorneys’ billing records. The proposed deal reimburses … Continue Reading

Fourth Circuit Vacates $12M FCRA Class Action Judgment Against Experian

On May 11, 2017, the Fourth Circuit Court of Appeals vacated a $12 million judgment against Experian Information Solutions, Inc. (“Experian”) in a class action against the credit reporting bureau alleging violations of the Fair Credit Reporting Act (“FCRA”). Relying on the standard set forth by the U.S. Supreme Court in Spokeo, Inc. v. Robins, … Continue Reading

Central Payment Co. Settles TCPA Class Action for $6.5 Million

Last week, Georgia federal judge, U.S. District Judge Clay D. Land, approved the final order and judgment to settle class action claims that Central Payment Co. LLC (Central Payment) violated the Telephone Consumer Protection Act (TCPA) for $6.5 million. Lead plaintiff, Fred Heidarpour, claimed that Central Payment violated the TCPA by hiring third parties to … Continue Reading

Home Depot Agrees to Settle Data Breach Shareholders’ Suit

In a surprise move late last week, Home Depot has agreed to settle a shareholders derivative suit filed against current and former members of the Board of Directors and the Chief Executive Officer and Chief Information Officer (CIO) following a massive data breach that occurred in 2014. The shareholders allege that former and current board … Continue Reading

OCR Settles First Case With Wireless Provider for $2.5 Million

Touted as the first OCR settlement with a wireless health services provider, the OCR announced on April 24, 2017, that it has settled alleged HIPAA violations with CardioNet, based in Pennsylvania for $2.5 million. CardioNet self-reported a data beach in January 2012, stating that an unencrypted laptop of one of its employees was stolen from … Continue Reading

Class Action Initiated Against Telehealth Provider for Disclosure of Sensitive Information

A class action was filed in Fort Lauderdale, Florida this week against a national telehealth provider, MDLive Inc. (MDLive) for its mobile app’s alleged secret capture of screenshots containing sensitive patient information without restricting access to medical providers who have a legitimate need to view the information. The lawsuit was filed by Utah resident, Joan … Continue Reading

FTC Resolves Allegations Against Three U.S. Based Companies Involving Misrepresentations of International Privacy Program Certifications

Privacy laws in Asia-Pacific countries such as Japan, Australia, New Zealand and Singapore restrict the export of personal information except when the exporter meets certain qualifying conditions. One qualifying condition is if the exporter is in compliance with the Asia-Pacific Economic Cooperation’s Cross-Border Privacy Rules System (CBPR). Under the CBPR, the exporting company would have … Continue Reading

TrustE Pays $100,000 with NYS for Failing to Protect Children’s Websites

On April 6, 2017, New York Attorney General Eric Schneiderman (AG) announced that he has settled an investigation against TrustE for alleged violations of failing to adequately prevent illegal tracking technology on children’s websites, including Hasbro.com and Roblox.com. TrustE has agreed to pay the State $100,000 in the settlement and adopt measures to strengthen its … Continue Reading

Rite Aid Beats TCPA Lawsuit Over Flu Shot Reminder Prerecorded Calls

A group of Rite Aid customers sued Rite Aid in December of 2014 for alleged violations of the Telephone Consumer Protection Act when it sent flu shot reminders to consumer’s cellphones without written consent. On March 30, 2017, a federal district court judge in New York dismissed the proposed class action lawsuit by granting Rite … Continue Reading

Judge Finds Standing Based on Spokeo in TCPA Class Action

Last week, on March 22, 2017, U.S. District Judge Marcia G. Cooke, a Florida federal judge, determined that Ray Mohamed had standing in his proposed class action against Off Lease Only Inc. (Off Lease) for alleged violations of the Telephone Consumer Protection Act (TCPA) under the U.S. Supreme Court’s Spokeo decision. Judge Cooke concluded that … Continue Reading

NY AG Announces Settlements with Three Mobile-Health App Developers Over Privacy, Marketing Concerns

On March 23, 2017, New York State Attorney General Eric T. Schneiderman announced settlements with three mobile health application (app) development companies aimed at curbing deceptive marketing practices and inadequate privacy disclosures to consumers. The settlements – reached with Cardiio, Inc., Matis Ltd., and Runtastic GmbH, respectively – target health measurement apps that “purport to … Continue Reading

Wendy’s Successful in Trimming Data Breach Class Action Suit But No Dismissal

We have previously discussed the class action case filed against Wendy’s as a result of a data breach [view related post]. The case was initially dismissed based upon lack of standing, but the plaintiffs were given the opportunity to amend the Complaint. After the filing of the Amended Complaint, Wendy’s filed a Motion to Dismiss. … Continue Reading

Third Circuit Holds Criminal Defendant in Contempt for Refusing to Decrypt Hard Drives

In a precedential ruling, the Third Circuit Court of Appeals this week upheld a lower court’s ruling holding a criminal defendant in contempt for refusing to decrypt two external hard drives that were seized during a child pornography investigation. During the investigation, the government seized the defendants’ property, including two iPhones, a MacBook Pro and … Continue Reading
LexBlog