Health Apps
Data Privacy Lawsuits


The Lyon Firm is actively involved in Personal Data Misuse Class Action Lawsuits on behalf of consumers nationwide.
Nationwide Success

Health Data Privacy Attorney

INVESTIGATING Health Apps Data Sharing & Data Misuse CLAIMS

Medical organizations and legal experts are warning that patient data-sharing with health apps could exacerbate an already growing issue with invasions of privacy.

Both the American Medical Association and the American College of Obstetricians and Gynecologists have warned regulators that people who authorize certain consumer apps to retrieve, store and distribute their health data could be inviting data misuse and data theft.

Federal data privacy protections, which limit how health providers and insurers use and share medical records, do not apply the same way to consumer health apps.

According to a study published in the British Medical Journal, which analyzed over 20,000 mobile health apps, researchers found that 88 percent of the apps contained code with the ability to collect user data.

Most health app data collection protocols involve third-party providers, with only 47 percent of data transmissions complied with the app’s privacy policies. Some health apps fail to provide any privacy policy at all.

FTC Health App Data Collection Policy

The most recent Federal Trade Commission (FTC) policy on health app data privacy underlines the importance for corporate transparency. Health app developers are required to keep consumers informed of data breach incidents or they risk stiff FTC penalties.

The FTC policy provides clarification in the area of healthcare regulatory policies. Health apps are not regulated under HIPAA even though they collect and store the same types of sensitive data as HIPAA covered entities. Health apps and wearable fitness tracking devices that collect consumers’ health information, however, are usually covered by the Health Breach Notification Rule if they are able to lift data from multiple sources.

The FTC says that while the Health Breach Notification Rule is now more than ten years old, the “explosion in health apps and connected devices makes its requirements with respect to them more important than ever.” The Health Breach Notification has not been previously enforced, but the FTC’s policy statement warns that more regulation is necessary to protect consumer privacy.

Health Apps Store Consumer Data

Health App data that is regularly collected and stored may include the following:

  • Names
  • Device names
  • Locations
  • Operating system version
  • Web browsing behavior
  • Medications
  • Email addresses
  • International mobile equipment identity (IMEI)
  • Fingerprint identification on mobile phones
  • Media access control (MAC)

Consumer data may be shared with app developers, parent firms, and third-party digital ad, sales and marketing companies. Some fourth parties may also wind up with the data. Tech companies like Alphabet, Facebook, and Oracle build profiles of users and target them with ads.

For many companies collecting health information from health app consumers is part of their underlying business model, and will be expected to adhere to data breach notification policies to ensure compliance and transparency.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

ABOUT THE LYON FIRM

Joseph Lyon has 17 years of experience representing individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world.

The Firm focuses on single-event civil cases and class actions involving corporate neglect & fraud, toxic exposure, product defects & recalls, medical malpractice, and invasion of privacy.

NO COST UNLESS WE WIN

The Firm offers contingency fees, advancing all costs of the litigation, and accepting the full financial risk, allowing our clients full access to the legal system while reducing the financial stress while they focus on their healthcare and financial needs.

photo of data privacy attorney Joe Lyon
Reviewing Data Theft & Data Misuse Claims

Why are Data Privacy Cases important?

Without personal data privacy violation class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty. By holding companies accountable for safely storing your personal information, every consumer will have more control over how their data is used in the future. 

CONTACT THE LYON FIRM TODAY

Questions About Health App Privacy Lawsuits

What to do if you are a victim of data Misuse
  1. Get confirmation of the data theft or misuse and collect as many details about the incident as possible. 
  2. Contact an attorney to investigate the complex litigation involved in data privacy lawsuits. 
  3. Try to find out what information was exposed and protect yourself as much as possible. 
  4. Talk to an attorney before accepting any settlement direct from a company. 
  5. Monitor your accounts and personal information closely. 
Can I get compensation for data theft?

Yes, in most cases. However, each case is different, but some recent lawsuits have proven to be quite valuable. In one data theft suit, Ohio Attorney General and attorneys general in other states obtained a $17.5 million settlement against The Home Depot due to a data breach in 2014. The settlement resolves a multistate data breach which exposed the payment card information of approximately 40 million Home Depot consumers.

The Home Depot data breach made vulnerable the company’s self-checkout point-of-sale system. In addition to the $17.5 million settlement, The Home Depot has agreed to improve network security and maintain data security practices in order to strengthen its data security program and protect the personal information of consumers.

Who is liable for data misuse?

Under current privacy law the firm or organization that is storing user data are responsible for data breaches and will pay any fines or damages that are the result of legal action. The actual data holder—an organization that provides cloud storage—is not usually legally implicated or held responsible in litigation. 

How can I prevent data misuse?

It’s not as easy as just alerting companies to stop collecting and selling your personal information, but you can take certain steps to protect yourself, including:

  • Opt out of data collection practices if possible
  • Review your credit report
  • Use strong and different passwords for all of your accounts
  • Do not offer your personal information unless necessary
  • Check bank accounts for suspicious activity
  • Limit how exposed you are on social media
  • Speak with a cybersecurity attorney
what is BIPA?

Lawmakers established the Illinois Biometric Information Privacy Act (BIPA) in 2008 in response to the growing use concern of biometric data misuse. The Act seeks to help regulate the “collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information.”

According to the BIPA, biometric identifiers may include:

  • Retina or iris scan
  • Fingerprint
  • Voiceprint
  • Scan of hand
  • Face geometry

The BIPA addresses the retention, collection, disclosure, and destruction of personal biometric data. Private entities collecting biometric data must inform subjects of the data collection and provide the specific purpose and the length of the collection term. The subject must provide a written release.

Under the BIPA, any person harmed by a privacy violation has a right of legal action. Plaintiffs may recover damages of $1,000, and for intentional or reckless violations, up to $5,000 in liquidated damages or actual damages, whichever is greater.

What is a Class Action Lawsuit?

A Class Action is a lawsuit brought by an individual on behalf of all other similarly situated individuals. Rule 23 of the Federal and State Rules of Civil Procedure allows for Class Action lawsuits to resolve disputes in an efficient format.

Class Actions are typically filed when the amount of money in dispute for a single plaintiff would not justify litigating the case, but where the amount of damages of the entire class of Plaintiffs would justify the cost of litigation. Without class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.

What are class action requirements?

In order for a case to be certified as a Class Action, the Court must determine that the case is appropriate for class action treatment under Rule 23. There are different elements depending on whether the case is seeking monetary or injunctive relief. In general, the Court must find the following elements are satisfied:

  • Numerosity: The proposed class must be so numerous that simply joining the individual plaintiffs would be impractical. Generally, the class size should exceed 100 individuals.
  • Common Questions of Law or Fact: The facts and/or legal questions in the dispute must be common to all class members. This does not mean all facts or issues must be identical, but the primary facts and law that will determine the issue in dispute must be common among all class members.
  • Typicality: The named Plaintiff in the case must have the same facts and legal issues as the class they are proposing to represent. If the Plaintiff’s individual case involves issues of fact or law unique to that Plaintiff and are irrelevant to the ultimate issue, class certification may be denied by the Court.
  • Plaintiff/Counsel Adequately Represents the Class: The Court must find that the Plaintiff and Plaintiff’s Counsel are competent and will protect the class’ interests.
  • Predominance: Common questions of fact predominate over individual facts.
  • Superiority: The Class Action is a more efficient and fair means of resolving the dispute. The Court will look at the following factors when making this determination: (1) Class Member interest in maintaining a separate action; (2) the extent of any litigation already begun by other class members; (3) desirability or undesirability of litigating the case in a particular Court ; (4) difficulties in managing the class.
When Should I contact The Lyon Firm?

Protecting sensitive personal information is getting more and more difficult, but that doesn’t mean it’s not possible. By forcing companies to become accountable for their lack of cybersecurity measures following data misuse and data breach incidents, consumers will have a more secure future.

Large companies control vast amounts of data, leaving nearly all Americans at risk when their personal data is compromised. If your financial, medical, or consumer information is misused, you may file a data privacy violation claim.

What are some examples of data privacy lawsuits?

The majority of BIPA lawsuits are filed against employers who utilize biometric timekeeping systems with fingerprint or facial recognition scans, and collect the employee biometric data.

Motorola, Clearview AI and Vigilant are facing legal action for allegedly collecting mugshots that were used by law enforcement. Microsoft, Amazon, Alphabet, and FaceFirst Inc. are alleged to have violated privacy laws by collecting photos for facial recognition data from the website, Flickr.

A proposed class action alleges Ring, LLC has failed to protect the privacy of its motion-activated cameras and the personal information of its customers. The complaint alleges Ring’s devices are rife with security vulnerabilities, which may compromise the personal data of existing and future customers.

Cyber criminals may have the potential to hack into Ring devices and home networks. The lawsuit aos brings to light the fact that Ring has shared users’ personal identifying information with third parties without first obtaining prior consent. The complaint says the devices are not well-equipped to deal with potential hacks.

Plaintiffs in the case want Ring to take additional security measures to protect the privacy of user accounts and installed devices, as well as stop sharing personal data without clear and informed consent.

Reports have surfaced that several user accounts and devices were hacked, and plaintiffs argue the company was late in addressing security issues.

Beyond the security issues, Ring permits third parties to track users, raising eyebrows from consumer safety and data privacy advocates.

 

Your Right to Justice

Learn About the Legal Process

Filing Class Action lawsuits is a complex and serious legal course and can carry monetary sanctions if proper legal course is not followed. The Lyon Firm is dedicated to assisting injured plaintiffs work toward a financial solution to assist in compensating for medical expenses or other damages sustained.

We work with law firms across the country to provide the most resources possible and to build your case into a valuable settlement. The current legal environment is favorable for consumers involved in data breach class actions, deceptive marketing lawsuits, TCPA telemarketing claims, and financial negligence claims.

data breach lawsuits

© 2020 The Lyon Firm. ALL RIGHTS RESERVED