As privacy litigation under older laws has exploded, some have called for amending decades-old statutes often at the center of lawsuits so that they aren't applied to modern technologies. The California Invasion of Privacy Act (CIPA) in particular has been subject to more scrutiny as litigation has increased (see 2503030050).
A July data breach of Allianz Life Insurance Co. of North America precipitated a flurry of lawsuits alleging inadequate safety procedures. The company said the data breach exposed the personal information of most of its 1.4 million U.S. customers and stakeholders.
Bitcoin Depot failed to adequately protect the personally identifiable information (PII) of more than 26,000 individuals, which was then exposed in a data breach, a class-action complaint alleged Friday in the U.S. District Court for Northern Georgia. Lead plaintiff Quincey Hall's lawsuit alleges negligence, invasion of privacy, breach of implied contract and violations of the Georgia Uniform Deceptive Trade Practices Act, among other claims.
Illinois renewed its request for a federal court to dismiss a DOJ workplace privacy suit Monday. The state argued that DOJ didn't prove how federal law preempts elements of the state's Right to Privacy in the Workplace Act (Privacy Act).
A federal court sided with education technology platform Instructure and ruled that a case against it failed to plausibly allege specific facts about the taking or use of data. The U.S. District Court for Central California dismissed case 25-02711.
The expansion of data broker liability in states like Texas and California has companies considering multistate compliance approaches, privacy attorneys told us in interviews.
So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.
With federal agencies deemphasizing rulemaking and enforcement, “states are advancing more prescriptive cybersecurity standards for financial institutions, including many that align with the approach and standards set by the New York Department of Financial Services (NYDFS),” the Cooley law firm blogged Wednesday.
In another attempt to support the state's 2023 social media safety law, Arkansas AG Tim Griffin (R) asked the 8th U.S. Circuit Court of Appeals on Thursday to toss a district court ruling that blocked the measure.
Though several recent enforcement actions have targeted websites, mobile apps are also subject to all privacy laws, a lawyer said Thursday during a webinar by Privado, a privacy vendor. Daniel Goldberg, a Frankfurt Kurnit lawyer, also noted that it's no longer enough for companies to rely on privacy vendors for compliance; they must practice due diligence too.