Enforcement + Litigation

In October 2022, Advocate Aurora Health notified three million individuals of a data breach resulting from its use of tracking pixels on its website for tracking website visitor activity. Now, this month, Advocate Aurora Health settled a class action stemming from that data breach for $12.25 million.

In its breach notification to patients, Advocate Aurora

The California Attorney General recently announced an initiative to investigate employers’ non-compliance with the California Consumer Privacy Act/California Privacy Rights Act (collectively the CCPA).

At the beginning of this year, the CCPA’s disclosure requirements and consumer rights provisions became applicable to job applicants, employees (and their beneficiaries), and independent contractors. Now, the California AG’s office

BNSF Railway, previously hit with a $228 million jury award for violating the Illinois Biometric Information Privacy Act (BIPA) when collecting fingerprints of employees, was recently awarded a new trial to determine damages. Although many cases alleging violations of BIPA have previously been settled, this case was the first to go to trial.

The jury

EyeMed Vision Care, LLC has agreed to settle allegations lodged against it by four state Attorneys General for $2.5 million stemming from a data breach that occurred in 2020 and effected 2.1 million people.

The settlement is with the AGs of Florida, New Jersey, Oregon, and Pennsylvania. The breach occurred when threat actors infiltrated EyeMed’s

On May 17, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with MedEvolve, Inc. for $350,000. MedEvolve provides practice and revenue cycle management and practice analytics software services to health care entities. The settlement resulted from MedEvolve’s alleged violation of the Health Insurance Portability and Accountability

Chinese company ByteDance faces growing concerns from governments and regulators that user data from its popular short video-sharing app TikTok could be handed over to the Chinese government. The concern is based on China’s national security laws, which give its government the power to compel Chinese-based companies to hand over any user data. More than

The Office of the California Attorney General recently announced that it will initiate an investigative sweep and will start sending letters to businesses about their mobile apps for failure to comply with the California Consumer Privacy Act (CCPA). There is also a new online tool that allows consumers to directly notify a business of an