Unfortunately, it was another busy data breach week. Here’s a summary of the major ones. Delta Airlines admitted in a statement that the payment card data of several hundred thousand customers might have been compromised by malware between September 26 and October 12, 2017, through a third-party vendor ([24]7.ai that provides online chat services to … Continue Reading
We have previously reported on Facebook’s fight against a proposed class action case alleging violation of the Illinois Biometric Information Privacy Act (BIPA). Facebook continues to fight the allegation that its collection and storage of users’ and non-users’ facial scans through the use of facial recognition technology violates BIPA, and has filed a Motion to … Continue Reading
Last week, TOPS Software LLC (TOPS), a software company that specializes in condominium and homeowners association communication platforms, was served with a class action in Illinois federal court which alleges that TOPS violated the Telephone Consumer Protection Act (TCPA) by using auto dialer technology to solicit consumers to attend the “CAMfire conference.” The CAMfire Conference … Continue Reading
On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that contained protected health information (PHI) of over two thousand individuals in a dumpster. Filefax, a now-defunct medical records moving and storage company located … Continue Reading
As previously reported, state legislatures throughout the country continue to propose legislation designed to facilitate the use of blockchain-based technology by businesses within their states. In recent weeks, legislatures in Florida and Nebraska have each proposed laws streamlining the transaction of business electronically and through use of distributed ledgers on blockchain applications. In Arizona, the … Continue Reading
While the investment potential of cryptocurrencies, including BitCoin, has been all over the news in recent weeks, state governments have begun to explore the practical applications of blockchain – the technology underlying BitCoin. In New York, Assemblyman Clyde Vanel introduced four bills in late November related to blockchain technology. The first, Assembly Bill 8780, would … Continue Reading
Hyatt Corp. was hit with a class action suit this week for allegedly violating the Illinois Biometric Information Privacy Act (BIPA) by collecting and storing employees’ fingerprints. This is the latest in a string of suits over the same complaint—employers using employees’ fingerprints for time clock systems without their written consent. The named plaintiff alleges … Continue Reading
Paper records continue to be problematic. An Illinois psychiatrist reported to the Office for Civil Rights (OCR) that the medical records of 10,500 patients were stored in the basement of a house that he rented to an individual for at least four years. The tenant was provided a key to the basement by the psychiatrist’s … Continue Reading
An Illinois federal judge has ruled that a fundraising company working for a nonprofit, tax exempt organization did not violate the Telephone Consumer Protection Act (TCPA) when it called a number listed on the National Do Not Call Registry because the activity fell within the nonprofit exemption of TCPA. The ruling is significant as there … Continue Reading
We have been following biometric cases in Illinois, including the case against Shutterfly [view related posts]. Late last week, an Illinois federal judge denied Shutterfly’s motion to dismiss the case against Shutterfly alleging that it violates the Illinois Biometric Information Privacy Act when collecting and storing face geometry scans through facial recognition software. In allowing … Continue Reading
Next week, on August 21, a total solar eclipse (or the alignment of the sun, moon and earth), visible from the continental U.S., will take place for the first time in 38 years. The last time this cosmic event occurred, there were no battery-powered supercomputers—smartphones—in your hand to fly a self-stabilizing, GPS-guided aircraft with a … Continue Reading
The Arizona Department of Health Services (ADHS) has notified 2,500 patients that their personal and health information has been lost in the mail. The affected patients were mothers and newborns enrolled in the newborn screening program operated by ADHS. The compromised information was contained on paper records, including names, addresses, Social Security numbers, health insurance … Continue Reading
On May 9, 2017, the Illinois Appellate Court held that the College of DuPage Foundation (Foundation), a fundraising organization for the public College of DuPage (College), is subject to the state’s open records law. In doing so, the Court rejected the Foundation’s argument that it was a charitable organization with no public role, and instead … Continue Reading
The Illinois Department of Employment Security has revealed that somewhere between 1.2 million and 1.4 million Illinois residents who have received unemployment benefits from the State of Illinois have had their names, dates of birth and Social Security numbers compromised through a hacking of its vendor’s database. The residents are those seeking jobs and using … Continue Reading
A delay in reporting a HIPAA violation can result in a significant monetary penalty. That was the message sent by the Office for Civil Rights (OCR), which recently announced the first HIPAA settlement based on the untimely reporting of a breach of unsecured protected health information (PHI). According to the OCR, Presence Health (a large … Continue Reading
American Eagle Outfitters (American Eagle) settled a class action filed against it for alleged Telephone Consumer Protection Act (TCPA) violations for $14.5 million last week. The class action complaint alleged that American Eagle send unsolicited text message messages to over 600,000 unique cell phone numbers without prior written consent as required by the TCPA. The … Continue Reading
For arguably the first time, a law firm, Johnson & Bell, has been sued by Edelman PC for lax data security practices that allegedly put client data at risk. On December 9th, a Complaint filed against Johnson & Bell in federal court in Illinois was unsealed, which alleges that the firm used out of date … Continue Reading
Last week, an Illinois federal judge approved a $49.9 million settlement between US Coachways, a national charter bus and bus rental company, and a class of plaintiffs, represented by lead plaintiff James Bull for Telephone Consumer Protection Act (TCPA) violations. The class action alleged that US Coachways sent a “staggering” amount of text messages to … Continue Reading
A federal judge in Illinois dismissed the class action lawsuit filed against Barnes & Noble stemming from a data breach in 2013. The breach occurred when credit and debit card PIN pads were compromised at 63 Barnes & Noble stores. The Judge found that the consumers did not plead sufficient harm in order to state … Continue Reading
Federal regulators announced last week that Illinois’ largest hospital chain would pay $5.5 million, a record payment under the Health Insurance Portability and Accountability Act (HIPAA), in connection with three 2013 data breaches that affected the protected health information of millions of its patients. The Advocate Health Care Network, which manages twelve hospitals and hundreds … Continue Reading
Governor Bruce Rauner signed several new provisions into law amending Illinois’ Personal Information Privacy Act, including health insurance and medical information into the definition of personal information that triggers notification in the event of a breach. Health insurance information under the law includes an individual’s health insurance policy number or subscriber identification number as well … Continue Reading
A federal district court in California recently rejected Facebook’s request to dismiss a class action lawsuit related to Facebook’s biometric facial recognition database. The case arises from a complaint by Illinois residents that Facebook’s “Tag Suggestions” program violates the Illinois Biometric Information Privacy Act (BIPA) [view related posts here, here and here]. When a Facebook user uploads … Continue Reading
We previously reported that Shutterfly’s effort to dismiss the proposed biometrics class action case against it was unsuccessful [view related post] The proposed class action suit alleged that Shutterfly violated the Illinois Biometric Information Privacy Act because Shutterfly measured the contours of the named plaintiff’s face to create a template that it used to suggest … Continue Reading
We have been following and reporting on the Facebook and Shutterfly biometrics cases in Illinois and California. Google was recently sued by a potential class in Illinois alleging that it violated the Illinois Biometric Information Privacy Act by collecting the “faceprints” of individuals without their consent through its Google Photos service, even when they don’t … Continue Reading
