Archives: Weekly Privacy Rewind

Subscribe to Weekly Privacy Rewind RSS Feed

The Weekly Privacy Rewind

California Consumer Protection Act Privacy Groups Urge California Lawmakers Not to Weaken California Consumer Privacy Act • A variety of privacy groups, including the Electronic Frontier Foundation, the Digital Privacy Alliance and the Center for Digital Democracy, sent a letter to California lawmakers asking them not to “push[] California backward” when it comes to privacy … Continue Reading

The Weekly Privacy Rewind

GDPR European Regulators Fine Uber Over 2016 Data Breach • British and Dutch privacy regulators issued fines totaling approximately $1.2 million against ride-hailing company Uber over its 2016 data breach. • According to the U.K.’s Information Commissioner’s Office, “a series of avoidable data security flaws” led to the exposure of personal information of approximately 2.7 … Continue Reading

The Weekly Privacy Rewind

Class Actions Pennsylvania Supreme Court Declares Employers Have Affirmative Duty to Protect Employee Personal Information • According to a recent opinion by the Pennsylvania Supreme Court, “an employer has a legal duty to exercise reasonable care to safeguard its employees’ sensitive personal information stored by the employer on an internet-accessible computer system.” • The putative … Continue Reading

The Weekly Privacy Rewind

Class Actions Plaintiffs Seek Approval for $4.3 Million Settlement With Sonic in Credit Card Data Breach Suit • Following a variety of lawsuits against fast food chain Sonic Drive-In related to a 2017 credit card data breach, plaintiffs are seeking consolidation of those suits, class certification and a $4.3 million settlement. • The settlement would … Continue Reading

The Weekly Privacy Rewind

BIPA Medline and Con Tech Lighting Latest Illinois Employers Hit With Claims under BIPA • Two Illinois employers, Con Tech Lighting and Medline Industries, are the latest to face claims alleging violations of Illinois’ Biometric Information Privacy Act. • In the Con Tech complaint, the named plaintiff, who is seeking class certification, alleges that she … Continue Reading

The Weekly Privacy Rewind

Class Actions Judge Approves $80M Settlement in Yahoo Data Breach Suit • U.S. District Judge Lucy Koh awarded plaintiffs $80 million in a consolidated class action brought against Yahoo by shareholders resulting from data breaches Yahoo experienced in 2014 and 2016. • According to the suit, Yahoo’s stock was trading at an artificially high price … Continue Reading

The Weekly Privacy Rewind

Class Actions Hotel Investment and Management Firm Aimbridge Hospitality LLC Removes Putative Class Action to Federal Court • Hospitality company Aimbridge Hospitality LLC (Aimbridge) removed a putative class action lawsuit by a former laundry attendant that alleged that her personal information was exposed in a March 2018 data breach. The complaint alleged that the putative … Continue Reading

The Weekly Privacy Rewind

Class Actions San Francisco Transit Agency Seeks Approval of Class Action Settlement • Bay Area Rapid Transit (BART) sought preliminary approval of a class action settlement to resolve claims that the transit agency’s mobile app secretly collected various information about its users, including mobile device ID number and location, even when users are not reporting … Continue Reading

The Weekly Privacy Rewind

Biometric Information Privacy Act AGCO Corp., Ceridian HMC Inc. and Hegewisch Development Corp. Latest Employers to Face Allegations of BIPA Violations • Lawsuits against employers for alleged violations of Illinois’ Biometric Information Privacy Act (BIPA) show no signs of slowing, with three more employers, AGCO Corp., Ceridian HCM Inc. and Hegewisch Development Corp., all facing … Continue Reading

The Weekly Privacy Rewind

Data Breaches Comcast’s Xfinity Service Potentially Exposes Addresses and Partial SSNs of More Than 26.5 Million Customers • According to security researcher Ryan Stevenson, alleged vulnerabilities in the system Comcast Xfinity uses to verify users’ identities could have allowed an attacker to learn those users’ home addresses and partial Social Security numbers. • After being … Continue Reading

The Weekly Privacy Rewind

Federal Trade Commission Federal Trade Commission Asks for Ability to Fine Companies for Privacy Violations • Speaking before the U.S. House of Representatives’ Subcommittee on Digital Commerce and Consumer Protection, the commissioners of the Federal Trade Commission (FTC or Commission) said Congress needs to pass new laws to allow the FTC to fine companies that … Continue Reading

The Weekly Privacy Rewind

Class Actions Macy’s Faces Suit After Disclosing Data Breach • Retail giant Macy’s notified its customers and state regulators of a data breach affecting the accounts of online shoppers. The breach occurred between April 26 and June 12, 2018. • Only two days after receiving notice, online Macy’s shoppers filed a putative class action complaint … Continue Reading

The Weekly Privacy Rewind

Class Actions Finkly & Sons Co. Faces Illinois Biometric Information Privacy Act Class Action • A former employee of steelmaker A. Finkly & Sons Co. filed a putative class action against the company in Cook County, Illinois, for violations of the Illinois Biometric Information Privacy Act (BIPA). • The case alleges the company violated BIPA … Continue Reading

The Weekly Privacy Rewind

Class Actions Facebook Users BIPA Suit to Go Forward • Denying cross-motions for summary judgment, the U.S. District Court for the Northern District of California ruled that the class action against Facebook for violating Illinois’ Biometric Information Privacy Act (BIPA) will proceed to trial. • According to the Court, the “voluminous submissions underscore the multitude … Continue Reading

The Weekly Privacy Rewind

Class Actions Liquor Store Chain Binny’s Is Latest Target of BIPA • In a putative class action complaint filed in Cook County Circuit Court, employees of Illinois liquor store chain Binny’s Beverage Depot alleged the company violates Illinois’ Biometric Information Privacy Act. • Among Binny’s alleged BIPA violations are failing to obtain consent before using … Continue Reading

The Weekly Privacy Rewind

Class Actions Google Seeks Dismissal of BIPA Class Action • Google has sought dismissal of a putative class action lawsuit alleging violations of Illinois’ Biometric Information Privacy Act (BIPA). • According to the original complaint, Google allegedly violated BIPA by scanning photos of nonusers uploaded to Google Photos and then “extracting geometric data” of the … Continue Reading

The Weekly Privacy Rewind

Data Breaches Portable Oxygen Device Maker Inogen Announces Data Breach • Inogen Inc., which makes portable oxygen devices, reported to the U.S. Securities and Exchange Commission that it experienced a data breach that involved approximately 30,000 current and former customers. • According to the company’s Form 8-K, sometime between Jan. 2 and March 14, unauthorized … Continue Reading

The Weekly Privacy Rewind

Class Actions Uber Data Breach Suits Consolidated in California • The U.S. Judicial Panel on Multidistrict Litigation has settled on the U.S. District Court for the Central District of California in which to centralize the class actions arising from the data breach that Uber announced in November 2017, involving the personal information of approximately 57 … Continue Reading

The Weekly Privacy Rewind

Canada Data Breach Notification Provisions of PIPEDA Act Go Into Effect Nov. 1, 2018 • Pursuant to a March 26, 2018 Order in Council, the mandatory breach notification provisions of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) will become effective on November 1, 2018. • Under the provisions, organizations must notify affected individuals … Continue Reading

The Weekly Privacy Rewind

EU/GDPR GDPR a ‘Learning Curve’ According to CNIL Head Falque-Pierrotin • Speaking at the Global Privacy Summit of the International Association of Privacy Professionals (IAPP), Commission Nationale de l’Informatique et des Libertés (CNIL) president Isabelle Falque-Pierrotin described GDPR compliance as a “learning curve” for everyone involved, including the regulators. • Stating that the role of … Continue Reading

The Weekly Privacy Rewind

Australia Global Shipping Company Svitzer Announces First Data Breach Under Australian Data Breach Notification Laws • Global shipping company Svitzer has the dubious distinction of being the first company to provide notice under Australia’s new data breach notification law, notifying the Office of the Australian Information Commissioner (the OAIC) and almost 500 Australian employees of … Continue Reading

The Weekly Privacy Rewind

Class Actions Facebook Cannot Evade Suit Under Illinois’ Biometric Information Privacy Act Even Where No Proof of Harm • In separate rulings handed down last week in the Northern District of California, the court refused to dismiss a case against Facebook under Illinois’ Biometric Information Privacy Act (BIPA) on Article III standing grounds. • According … Continue Reading
LexBlog