Enforcement + Litigation

This week, a North Carolina federal judge denied Filters Fast LLC’s motion to dismiss a proposed data breach class action, ruling that the plaintiffs demonstrated adequate harm to satisfy Article III standing.

The class action stems from a data breach that occurred between July 2019 and July 2020 through Filters Fast’s shopping website. Plaintiffs claim

This week, Governor Andrew Cuomo signed legislation that added text messaging to the state of New York’s definition of telemarketing communication for purposes of its no-call registry. The legislation, S.3941/A.6040, closes the loophole that previously exempted businesses from the no-call registry restrictions when the communication was sent via text. The goal is to increase protections

British Airways settled a data breach class action lawsuit this week resulting from a 2018 data breach that affected thousands of its customers.

In 2018, the personal data of approximately 420,000 customers and staff was leaked, including names, addresses, and bank account information. When U.K. regulators investigated this incident in 2018, it was reported that

This week, Volkswagen AG’s U.S. entity and its Audi brand were hit with a class action for a data breach that allegedly compromised 3.3 million consumers’ personal information. In the U.S. District Court for the District of New Jersey, a California consumer filed a suit against the automakers on behalf of other current and prospective

Last week, Impact MHC, a Colorado-based mobile home park management company, agreed to pay $25,000 to the Colorado Attorney General’s office and implement new security measures after a data breach of more than 15,000 individuals’ personal information, including 719 Colorado residents. If Impact fails to implement such security measures (such as creating a written information

On June 3, 2021, the U.S. Supreme Court issued its first-ever interpretation of the Computer Fraud and Abuse Act (CFAA), the federal criminal and civil statute intended to deter and punish unauthorized access to computer systems. The decision in Van Buren v. United States adopts a narrow construction of a key provision of the CFAA

This week, Ancestry.com Inc. prevailed in a class action which alleged that it misappropriated consumers’ images and violated their privacy by using such data to solicit and sell their services and products. The court granted Ancestry.com’s motion to dismiss the amended complaint with prejudice because the plaintiffs “did not cure the complaint’s deficiencies” after being

Last week, Diabetes, Endocrinology & Lipidology Center Inc. (DELC) of West Virginia reached a $5,000 settlement with the Office for Civil Rights (OCR) over  allegations that it failed to provide timely access to a patient’s health records.   The OCR alleged that DELC waited more than two years to send a minor’s medical records to their

Last week, the Eleventh Circuit held that an invasion-of-privacy exclusion in an insured’s policy barred coverage and that Liberty Insurance Underwriters Inc.  did not have to cover the $60.4 million settlement of  a class action against the insured, iCan Benefit Group LLC (iCan), for sending robotexts in alleged violation of the Telephone Consumer Protection Act.