Privacy

In In re Sonic Corp. Customer Data Sec. Breach Litig., No. 1:17-md-2807, 2020 U.S. Dist. LEXIS 114891 (N.D. Ohio July 1, 2020), Judge Gwin allowed a negligence claim to stand in a data breach case against Sonic.  The facts were as follows. Sonic restaurants are largely franchisee-owned. Sonic Defendants only directly own about 6% of Sonic restaurants. However, Sonic exerts… Read More

In Thomas v. Kimpton Hotel & Rest. Grp., No. 19-cv-01860-MMC, 2020 U.S. Dist. LEXIS 114170 (N.D. Cal. June 30, 2020), Judge Chesney dismissed part(s) of a data breach claim.  The facts were as follows: In the operative complaint, the Third Amended Complaint ("TAC"), plaintiffs allege Kimpton, an entity that "own[s] or manage[s]" a number of hotels (see TAC ¶ 1),… Read More

Attorneys Joseph Guzzetta and Evelina Manukyan published an article with the International Association of Privacy Professionals entitled "How function creep may cripple app-based contact tracing".  A link to the Article can be found at: https://iapp.org/news/a/how-function-creep-may-cripple-app-based-contact-tracing/   Read More

In In re Capital One Consumer Data Sec. Breach Litig., No. 1:19md2915 (AJT/JFA), 2020 U.S. Dist. LEXIS 91736, at *5-9 (E.D. Va. May 26, 2020), Judge Anderson found that a consultant's report prepared in connection with a data breach was not entitled to work product protection and must be turned over to the Plaintiffs. The facts were as follows: On… Read More

In Tailford v. Experian Info. Sols., No. SACV 19-02191JVS(KESx), 2020 U.S. Dist. LEXIS 84658 (C.D. Cal. May 12, 2020), Judge Selna dismissed a claim against Experian for failure to disclose in a “file” under the FCRA behavioral data that it maintained on the consumer.  The data the Experian maintained was as pleaded as follows: Experian also collects "non-traditional" consumer data… Read More

In Jantzer v. Elizabethtown Cmty. Hosp., No. 8:19-cv-00791 (BKS/DJS), 2020 U.S. Dist. LEXIS 83207 (N.D.N.Y. May 12, 2020), Judge Sannes dismissed a data breach class action for lack of standing.  The facts were as follows: UVM Health is Vermont Corporation headquartered in Burlington, Vermont that consists of a "six-hospital and home health & hospice system" located in "Vermont and northern… Read More

In In re Solara Med. Supplies, LLC Customer Data Sec. Breach Litig., No. 3:19-cv-2284-H-KSC, 2020 U.S. Dist. LEXIS 80736 (S.D. Cal. May 7, 2020), Judge Huff allowed a data breach claim to proceed. The facts were as follows: On November 13, 2019, Solara Medical Supplies, LLC ("Solara") notified its customers of a security incident that may have compromised the information… Read More

In Stasi v. Inmediata Health Grp. Corp., No. 19cv2353 JM (LL), 2020 U.S. Dist. LEXIS 79303, at *1-4 (S.D. Cal. May 5, 2020), Judge Miller dismissed a nationwide identity theft/data breach class action. The facts were as follows: Plaintiffs allege that in January of 2019, Inmediata learned it was experiencing a large "data security incident" resulting in the exposure of… Read More

In June 2018, Alastair MacTaggart and Rick Arney of Californians for Consumer Privacy managed to get the California Legislature to pass the most sweeping privacy legislation in the country - the California Consumer Privacy Act of 2018 (“CCPA”). However, as we reported on September 27, 2019, it turns out that they were just getting started with CCPA.  On September 25,… Read More

In Holly v. Alta Newport Hosp., Inc., No. 2:19-cv-07496-ODW (MRWx), 2020 U.S. Dist. LEXIS 64104, at *1-3 (C.D. Cal. Apr. 10, 2020), Judge Wright held that a data breach victim, on behalf of a putative class, did not plead enough.    The facts were as follows: On October [*2]  18, 2019, Plaintiff Sallie Holly filed her First Amended Complaint ("FAC"). (FAC,… Read More