A July data breach of Allianz Life Insurance Co. of North America precipitated a flurry of lawsuits alleging inadequate safety procedures. The company said the data breach exposed the personal information of most of its 1.4 million U.S. customers and stakeholders.
Bitcoin Depot failed to adequately protect the personally identifiable information (PII) of more than 26,000 individuals, which was then exposed in a data breach, a class-action complaint alleged Friday in the U.S. District Court for Northern Georgia. Lead plaintiff Quincey Hall's lawsuit alleges negligence, invasion of privacy, breach of implied contract and violations of the Georgia Uniform Deceptive Trade Practices Act, among other claims.
Illinois renewed its request for a federal court to dismiss a DOJ workplace privacy suit Monday. The state argued that DOJ didn't prove how federal law preempts elements of the state's Right to Privacy in the Workplace Act (Privacy Act).
A federal court sided with education technology platform Instructure and ruled that a case against it failed to plausibly allege specific facts about the taking or use of data. The U.S. District Court for Central California dismissed case 25-02711.
The expansion of data broker liability in states like Texas and California has companies considering multistate compliance approaches, privacy attorneys told us in interviews.
So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.
With federal agencies deemphasizing rulemaking and enforcement, “states are advancing more prescriptive cybersecurity standards for financial institutions, including many that align with the approach and standards set by the New York Department of Financial Services (NYDFS),” the Cooley law firm blogged Wednesday.
In another attempt to support the state's 2023 social media safety law, Arkansas AG Tim Griffin (R) asked the 8th U.S. Circuit Court of Appeals on Thursday to toss a district court ruling that blocked the measure.
Though several recent enforcement actions have targeted websites, mobile apps are also subject to all privacy laws, a lawyer said Thursday during a webinar by Privado, a privacy vendor. Daniel Goldberg, a Frankfurt Kurnit lawyer, also noted that it's no longer enough for companies to rely on privacy vendors for compliance; they must practice due diligence too.
A bipartisan group of nearly 30 state attorneys general voluntarily dropped a lawsuit challenging the sale of 23andMe and its genetic data on Wednesday, saying "the issues raised in this adversary complaint are rendered moot." The biotechnology company was officially sold to nonprofit TTAM Research Institute on July 11 (see 2507150083).