In Case You Missed It: Court certifies class in suit against Apple. On July 15, 2016, U.S. District Judge Jon S. Tigar certified a class of users of the mobile app Path, who allege that Apple facilitated the app’s access their contacts without their knowledge. In the same decision, Judge Tigar denied certification to a proposed class of consumers who downloaded the app, but never had their contacts uploaded. Apple and Path are just two defendants named in a consolidated suit relating to questions concerning whether Apple’s mobile operating system, iOS, unlawfully uploads and disseminates users’ personal information (e.g., address books), without their knowledge or consent. Other defendants include Instagram, Yelp, Twitter, and Facebook. All of the app developers are accused of invading users’ privacy; Apple faces the additional allegation of failing to properly safeguard its devices to warn customers of the possible privacy intrusions they face upon downloading the apps.
News of Note: Oregon Health & Science University Settles Data Breach Action Brought by U.S. Department of Health and Human Services for $2.7 million. The resolution came after the Office of Civil Rights division of U.S. HHS entered its third year of investigating two data breaches that affected more than 7,000 patients. Both breaches took place in 2013. The first breach related to the theft of an unencrypted laptop containing the personal information of 4,022 patients. The second involved employees storing the information of 3,044 patients via a cloud-based storage system.
Practice Tip: Take Advantage of Free Resources and Guides Available from the Federal Trade Commission. Evaluating your company’s practices doesn’t have to be a start-from-scratch process. The FTC has a to-the-point publication, Protecting Personal Information: A Guide for Business, with practical tips on securing sensitive data. Watch a 20-minute online tutorial that outlines the basics. While not a substitute for consulting experienced counsel, the FTC’s resources on Information Compromise and the Risk of Identity Theft also include basic steps to consider if your company has experienced a data breach.