Software marketing firm Cierant Corporation failed to safeguard customers' personally identifiable information (PII) and protected health information (PHI), which allowed their exposure in a 2024 breach, alleged a class-action lawsuit filed Thursday. Plaintiff Melissa Gifford brought the suit in the U.S. District Court for Connecticut on behalf of her minor child, whose health information was leaked.
California and Maryland parents on Monday appealed a child privacy case against an education technology platform to the 9th U.S. Circuit Court of Appeals. The U.S. District Court for Central California ruled in favor of Instructure earlier this month, saying the parents failed to plausibly allege specific facts about the taking or use of data (see 2508050033).
The breach and subsequent lawsuit against a winemaker that allegedly compromised the data of 26,000 customers "underscores the vulnerability of companies handling sensitive customer information," McDermott Will lawyers said in a blog post Thursday.
While recent court decisions have added to a circuit split on the Video Privacy Protection Act (VPPA) of 1988 (see 2508190026), some have also introduced notable interpretations of how the statute should apply, privacy lawyers said in interviews with Privacy Daily.
By the second day of a whirlwind special session in Colorado, state legislators had halved the number of proposals to amend the Colorado AI Act to two. On Thursday, House and Senate Business committees approved a variety of amendments to a pair of leading AI proposals before advancing them to each chamber’s Appropriations Committee.
A federal court dismissed a case against several data brokers accused of violating West Virginia's Daniel's Law. Judge Michael Urbanski ruled the 2021 statutory provision the plaintiff relied on -- which allows certain public servants to request data brokers delete their personal information from their public websites -- is unconstitutional.
An online transcription service that records users during meetings and interviews also utilizes these voice recordings and other data to train its AI models without consent, alleges a class-action lawsuit filed last week in the U.S. District Court for Northern California against Otter.ai.
Femtech offers groundbreaking innovations in women's health but also poses serious privacy threats, data protection lawyers said. Even the EU, with its General Data Protection Regulation and AI Act, and the U.K., with its version of the GDPR, may not always provide adequate protection for the highly sensitive personal data that femtech apps collect and use, they added.
Law firm Kelley Drye failed to properly train employees on cybersecurity or maintain reasonable security safeguards, which allowed a data breach impacting thousands of customers' personal information to be leaked, a class-action lawsuit filed Tuesday in New York state court alleged. Additionally, plaintiff Ratna Kanhai claims Kelley Drye didn't report the breach promptly, and the eventual notification was intentionally confusing.
A federal judge on Thursday allowed a group of parents to file an appeal instead of an amended complaint in a previously dismissed child privacy case against an education technology platform. The court released a final judgment one day after the plaintiffs made the request at the U.S. District Court for Central California.