Header graphic for print
Privacy Law Blog

Category Archives: California

Subscribe to California RSS Feed

California Breaks New Ground in Education Privacy Law with K-12 Student Data Privacy Bill

Posted in California, Children's Online Privacy Protection Act, Cloud Computing, Data Privacy Laws

A substantial rise in schools’ use of online educational technology products has caused educators to become increasingly reliant on these products to develop their curricula, deliver materials to students in real time, and monitor students’ progress and learning habits through the collection of data by third-party cloud computing service providers.  Unfortunately, with these advances come… Continue Reading

Court Holds That Prior Notice is Required to Record Cell Phone Conversations

Posted in California, Invasion of Privacy, Mobile Privacy

Last month, a federal district court in the Northern District of California issued an order that may affect the policies of any company that records telephone conversations with consumers. The trouble began when plaintiff John Lofton began receiving calls from Collecto, Verizon’s third-party collections agency, on his cell phone.  The calls were made in error… Continue Reading

California Amends Data Breach Notification Law

Posted in California, Data Privacy Laws

On September 27, 2013, California Governor Jerry Brown signed into law an amendment to California’s breach notification law (Cal. Civ. Code § 1798.82).  Effective January 1, 2014, under the amended law, the definition of “Personal Information” will be expanded to include “a user name or email address, in combination with a password or security question… Continue Reading

New California Law Impacts Use of Information from Minors, Offers Right to Delete

Posted in California, Legislation, Online Privacy

Law Targets Sites and Mobile Apps Directed to Minors, Offers “Online Eraser”      Likely to Have Nationwide Effect On July 1st of this year, new amendments to the Children’s Online Privacy Protection Act Rule (COPPA Rule) came into effect, with perhaps the most pronounced changes being the expansion of COPPA to apply to geolocation… Continue Reading

California Court of Appeal Says Chevron Can Collect ZIP Code Information for Pay-at-the-Pump Transactions

Posted in California, Data Privacy Laws, Identity Theft, Privacy Litigation

On June 20, 2013, the California Court of Appeal affirmed the dismissal of a putative class action which alleged that Chevron violated California’s Song-Beverly Credit Card Act (“Song-Beverly”) by requiring California customers to enter ZIP codes in pay-at-the-pump gas station transactions in locations with a high risk of fraud. Flores v. Chevron U.S.A. Inc., No…. Continue Reading

Protecting Privacy or Enabling Fraud? Employee Social Media Password Protection Laws May Clash with FINRA Rules

Posted in California, Online Privacy, Workplace Privacy

As a growing number of states pass legislation which will protect individuals’ social media accounts from employer scrutiny, they have encountered a surprising adversary – FINRA and other securities regulators. To date, at least six states have enacted social media employee privacy laws (which were blogged about here, here, here, and here) and upwards of… Continue Reading

Shine the Light a Little Brighter – Changes Resulting in Increased Customer Access Proposed to California’s “Shine the Light” Act

Posted in California, Data Privacy Laws, Online Privacy

California Assembly Member, Bonnie Lowenthal, recently introduced the “Right to Know Act of 2013″ (AB 1291), which would require any company that retains a  California resident’s personal information to provide a copy of that information to that person, free of charge, within 30 days of the request. The company would also have to disclose a… Continue Reading

California Supreme Court Holds Online Retailers of Downloadable Products May Require Personally Identifying Information For Credit Card Transactions

Posted in California, Data Privacy Laws, Financial Privacy, Online Privacy

The California Supreme Court held on February 4, 2013 that the provision of the Song-Beverly Credit Card Act of 1971 (the “Act”) prohibiting retailers from requesting personally identifying information as a condition to processing credit card transactions does not apply to online purchases of electronically downloadable items. (Apple v. Super. Ct., S199384, Case No. B238097,… Continue Reading

California Attorney General Issues Recommendations for Mobile Ecosystem Stakeholders

Posted in California, Mobile Privacy

Ever on the forefront of consumer privacy protection, California is again making news in the privacy world with the California Attorney General’s recent publication of “Privacy on the Go: Recommendations for the Mobile Ecosystem,” which includes privacy recommendations for app developers, app platform providers, mobile ad networks, makers of operating systems and mobile carriers.  With… Continue Reading

California District Court Dismisses Privacy Class Action Lawsuit Against LinkedIn

Posted in California, Invasion of Privacy, Online Privacy

A California District Court has dismissed with prejudice a class action lawsuit filed against LinkedIn on behalf of its registered users, finding the allegations too speculative to sustain a lawsuit. An earlier Complaint filed by one of the representative Plaintiffs was dismissed by the Court without prejudice, allowing the Plaintiff to amend the Complaint and bring… Continue Reading

Court Shines Light on California Data-Sharing Law: Proskauer Litigators Obtain Dismissal

Posted in California

On July 3, 2012, Orange County Superior Court Judge Nancy Wieben Stock issued a ruling dismissing a California “Shine the Light” consumer protection law case without leave to amend, making it the first “Shine the Light” case to come to a final decision in a trial court. Judge Stock dismissed the case against XO Group Inc…. Continue Reading

Veto, Veto, Pass! New Governor Means New Breach Notification Law in California

Posted in California, Security Breach Notification Laws

On Wednesday, August 31, 2011, California became the third state this year to amend its existing security breach notification law when Governor Jerry Brown signed into law Senate Bill 24 (“SB 24″). SB 24′s specific changes, while far from sweeping, include the addition of content requirements for notice letters to individuals and a requirement to send a sample letter to the state’s attorney general if more than 500 people are affected by a breach. SB 24 won’t add much to most nationwide breach response plans, but will up the ante for those doing business primarily (or exclusively) in California.

90210 Gets Personal: California Supreme Court Rules that ZIP Codes are “Personal Identification Information”

Posted in California

Yesterday, the California Supreme Court held that ZIP codes are “personal identification information” within the meaning of the state’s Song Beverly Credit Card Act. The court’s decision in Pineda v. Williams-Sonoma Stores, Inc., No. S178241 slip op. (Cal. Feb. 10, 2011), casts a dark cloud over the established retail practice of asking for ZIP codes when customers make brick-and-mortar purchases using a credit card and essentially reverses the Court of Appeal’s decision in Party City Corp. v. Superior Court, 169 Cal. App. 4th 497 (2008). In addition to some heated debate, the Pineda decision is likely to generate a healthy number of lawsuits against California retailers.

CA Insurance Brokers No Longer Required To Send Opt-Out Notices Prior To Policy Shopping At Renewal

Posted in California

Insurance broker-agents in California no longer are required to send customers annual privacy notice forms permitting them to opt-out of information sharing.  Insurance broker-agents thus may now use customers’ nonpublic personal information to shop around for better policies at renewal. On November 4, 2010, California’s Office of Administrative Law repealed California Code of Regulations(C.C.R.) §… Continue Reading

Zip Codes not “Personal Identification Information” under California’s Song-Beverly Act

Posted in California

On December 19, 2008, in Party City Corp. v. The Superior Court of San Diego County, the California Court of Appeal in the Fourth Appellate District held that zip codes are not "personal identification information" under California’s Song-Beverly Credit Card Act of 1971, California Civil Code Sec. 1747.08 (the "Act."). The Act prohibits a retailer… Continue Reading

New Year, New Laws

Posted in California

The new year brings with it many new California privacy laws. Included are the following: S.B. 202 – Telephone Record Pretexting As previously reported, S.B. 202 amends Penal Code § 638 to prohibit the purchase or sale of any telephone pattern record or list without the written consent of the subscriber. A.B. 424 – Identity… Continue Reading