On June 26, 2008, in Absher v. Autozone, Inc. et al. (2008), the California Court of Appeal in the Second Appellate District, confirmed that California’s Song-Beverly Credit Card Act of 1971, California Civil Code § 1747.08 (hereinafter, the “Act”) does not apply to a refund for the return of merchandise purchased by credit card.
The June 18, 2008 Ninth Circuit panel decision in Quon et al. v. Arch Wireless et al., No. 07-55282 (9th Cir. June 18, 2008) has sparked a flurry of news reports and speculation regarding employers’ ability to monitor employees’ e-mails and text messages. In fact, the decision appears to change very little for private employers who wish to review employee communications stored on, or sent through, their own servers and computers. However, Quon does limit employers’ ability to request from third-party providers the contents of employees’ electronic communications.
Continue Reading...On May 22, 2008, the California Court of Appeal narrowed the scope of claims available under California’s Song-Beverly Credit Card Act of 1971, California Civil Code § 1747.08, ruling that the statute is subject to the one-year statute of limitations of Code of Civil Procedure section 340 and does not apply to merchandise returns.
Continue Reading...On May 9, 2008, Iowa Governor Chester Culver signed legislation (SF 2308) requiring any person who owns or licenses computerized data that includes a consumer's personal information to give notice of a breach of security. The law does not require notification if, after an appropriate investigation or after consultation with the relevant federal, state, or local agencies responsible for law enforcement, the person determined that no reasonable likelihood of financial harm to the consumers whose personal information has been acquired has resulted or will result from the breach. Following is an updated list of the 43 state security breach notification laws (plus District of Columbia and Puerto Rico).
Continue Reading...Virginia, West Virginia, and South Carolina are the latest states to pass data breach notification laws, bringing to 42 the total number of states with such laws on the books (including the one state with a law that applies only to public entities, Oklahoma). Listed below are the 41 states with laws that apply to private entities (plus the District of Columbia and Puerto Rico).
Continue Reading...Lawmakers in six states have responded quickly to the massive data breach at TJX Companies, Inc. with various bills designed to strengthen merchant security and/or render companies liable for third party companies’ costs arising from data breaches. These latest bills – introduced in California, Connecticut, Illinois, Massachusetts, Minnesota and Texas – represent a new front of state legislative activity to regulate privacy and data security and expand requirements beyond the current data breach notification and data security laws that many states have enacted in recent years. To date, Minnesota is the only state to enact such legislation, which was signed into law by its Governor on May 21, 2007.
Continue Reading...On April 9, 2007, the California Court of Appeal, Second Appellate District, affirmed a ruling of the Los Angeles Superior Court permitting the disclosure to counsel for a putative class of the names, addresses, and telephone numbers of the defendant’s current and former employees unless, following proper opt-out notice, they objected in writing to the disclosure. Belaire-West Landscape, Inc. v. Superior Court, B194844 (April 9, 2007). The Belaire-West court applied the reasoning of the California Supreme Court's recent decision in Pioneer Electronics (USA), Inc. v. Superior Court, 40 Cal.4th 360 (2007) (discussed in our January 30 post) to employee data to hold that requiring current and former employees to object to disclosure of their identities and contact information “present[ed] no serious invasion of their privacy interests.”
Continue Reading...Under legislation recently proposed in California, retailers doing business in the state would be subject to enhanced data destruction requirements, and all businesses would be affected by new data breach notification requirements. In the wake of the TJX Companies data breach, which may have affected more than 46.2 million credit and debit cards, California Assemblyman Dave Jones introduced revised A.B. 779. That legislation reiterates that retailers are subject to the same data safeguard requirements as other businesses that maintain customer records or own or license personal information, while significantly truncating the period of time retailers may retain personal information of customers. The bill also would revise the data breach notification laws applicable to all businesses that own or license personal information.
The new year brings with it many new California privacy laws. Included are the following:
S.B. 202 – Telephone Record Pretexting
As previously reported, S.B. 202 amends Penal Code § 638 to prohibit the purchase or sale of any telephone pattern record or list without the written consent of the subscriber.
A.B. 424 – Identity Theft: Personal Information
A.B. 424 expands the definition of identity theft victim, for purposes of Penal Code §§ 530.5, 530.6 and 530.8, to include firms, associations, organizations, partnerships, businesses, trusts, companies, corporations, limited liability companies or public entities.
A.B. 618 – Financial Crime
Upon request from law enforcement agencies, banks, credit unions and savings associations must provide surveillance photos and videos of anyone accessing the financial account of a crime victim, whether such access occurred at an ATM or inside the financial institution. Government Code § 7480.
A.B. 2043 – Identity Theft and Debt Collection
This law amends Civil Code §§ 1788.2 and 1788.18 to extend to firms, associations, organizations, partnerships, business trusts, companies, corporations, and limited liability companies protections previously available to consumers to contest debts where they are victims of identity theft.
A.B. 2886 – Identity Theft Penalties
This law amends Penal Code §§ 530.5 and 530.55 to define new crimes, enhance penalties and create court procedures concerning crimes of identity theft, including: 1) penalty enhancements for repeat offenders and for those stealing the identities of ten or more people; 2) a requirement that court records reflect that the person whose identity was stolen was not responsible for the crime committed; 3) penalties for selling, transferring or conveying personal information with the knowledge that it will be used to commit identity theft or with the intent to defraud; 4) state penalty for mail theft and 5) the addition of professional or occupational number to the definition of "personal identifying information."
Continue Reading...Enter keywords:
