On September 30, 2014, California took further steps to protect the personal information of its residents by amending several sections of its breach notification and information security laws (Cal. Civ. Code §§ 1798.81.5, 1798.82 and 1798.85). The amended law, which is effective January 1, 2015, updates existing law in three significant ways: Under current law,… Continue Reading
A substantial rise in schools’ use of online educational technology products has caused educators to become increasingly reliant on these products to develop their curricula, deliver materials to students in real time, and monitor students’ progress and learning habits through the collection of data by third-party cloud computing service providers. Unfortunately, with these advances come… Continue Reading
Last month, a federal district court in the Northern District of California issued an order that may affect the policies of any company that records telephone conversations with consumers. The trouble began when plaintiff John Lofton began receiving calls from Collecto, Verizon’s third-party collections agency, on his cell phone. The calls were made in error… Continue Reading
On September 27, 2013, California Governor Jerry Brown signed into law an amendment to California’s breach notification law (Cal. Civ. Code § 1798.82). Effective January 1, 2014, under the amended law, the definition of “Personal Information” will be expanded to include “a user name or email address, in combination with a password or security question… Continue Reading
Law Targets Sites and Mobile Apps Directed to Minors, Offers “Online Eraser” Likely to Have Nationwide Effect On July 1st of this year, new amendments to the Children’s Online Privacy Protection Act Rule (COPPA Rule) came into effect, with perhaps the most pronounced changes being the expansion of COPPA to apply to geolocation… Continue Reading
On June 20, 2013, the California Court of Appeal affirmed the dismissal of a putative class action which alleged that Chevron violated California’s Song-Beverly Credit Card Act (“Song-Beverly”) by requiring California customers to enter ZIP codes in pay-at-the-pump gas station transactions in locations with a high risk of fraud. Flores v. Chevron U.S.A. Inc., No…. Continue Reading
As a growing number of states pass legislation which will protect individuals’ social media accounts from employer scrutiny, they have encountered a surprising adversary – FINRA and other securities regulators. To date, at least six states have enacted social media employee privacy laws (which were blogged about here, here, here, and here) and upwards of… Continue Reading
California Assembly Member, Bonnie Lowenthal, recently introduced the “Right to Know Act of 2013″ (AB 1291), which would require any company that retains a California resident’s personal information to provide a copy of that information to that person, free of charge, within 30 days of the request. The company would also have to disclose a… Continue Reading
The California Supreme Court held on February 4, 2013 that the provision of the Song-Beverly Credit Card Act of 1971 (the “Act”) prohibiting retailers from requesting personally identifying information as a condition to processing credit card transactions does not apply to online purchases of electronically downloadable items. (Apple v. Super. Ct., S199384, Case No. B238097.)… Continue Reading
Ever on the forefront of consumer privacy protection, California is again making news in the privacy world with the California Attorney General’s recent publication of “Privacy on the Go: Recommendations for the Mobile Ecosystem,” which includes privacy recommendations for app developers, app platform providers, mobile ad networks, makers of operating systems and mobile carriers. With… Continue Reading
California Governor Jerry Brown has signed a new law protecting employee use of social media by prohibiting an employer from requiring or requesting an employee or applicant for employment to disclose a username or password for the purpose of accessing the employee’s personal social media.
A California District Court has dismissed with prejudice a class action lawsuit filed against LinkedIn on behalf of its registered users, finding the allegations too speculative to sustain a lawsuit. An earlier Complaint filed by one of the representative Plaintiffs was dismissed by the Court without prejudice, allowing the Plaintiff to amend the Complaint and bring… Continue Reading
California’s Attorney General Kamala Harris announced last week the creation of a new Privacy Enforcement and Protection Unit, including six prosecutors, in the state’s Department of Justice. This new unit intends to protect consumer and individual privacy through prosecution of state and federal privacy laws.
On July 3, 2012, Orange County Superior Court Judge Nancy Wieben Stock issued a ruling dismissing a California “Shine the Light” consumer protection law case without leave to amend, making it the first “Shine the Light” case to come to a final decision in a trial court. Judge Stock dismissed the case against XO Group Inc…. Continue Reading
There have been a number of class action lawsuits recently filed in California state courts against businesses for allegedly violating California’s Shine the Light privacy law.
On Wednesday, August 31, 2011, California became the third state this year to amend its existing security breach notification law when Governor Jerry Brown signed into law Senate Bill 24 (“SB 24″). SB 24’s specific changes, while far from sweeping, include the addition of content requirements for notice letters to individuals and a requirement to send a sample letter to the state’s attorney general if more than 500 people are affected by a breach. SB 24 won’t add much to most nationwide breach response plans, but will up the ante for those doing business primarily (or exclusively) in California.
Yesterday, the California Supreme Court held that ZIP codes are “personal identification information” within the meaning of the state’s Song Beverly Credit Card Act. The court’s decision in Pineda v. Williams-Sonoma Stores, Inc., No. S178241 slip op. (Cal. Feb. 10, 2011), casts a dark cloud over the established retail practice of asking for ZIP codes when customers make brick-and-mortar purchases using a credit card and essentially reverses the Court of Appeal’s decision in Party City Corp. v. Superior Court, 169 Cal. App. 4th 497 (2008). In addition to some heated debate, the Pineda decision is likely to generate a healthy number of lawsuits against California retailers.
Insurance broker-agents in California no longer are required to send customers annual privacy notice forms permitting them to opt-out of information sharing. Insurance broker-agents thus may now use customers’ nonpublic personal information to shop around for better policies at renewal. On November 4, 2010, California’s Office of Administrative Law repealed California Code of Regulations(C.C.R.) §… Continue Reading
On December 19, 2008, in Party City Corp. v. The Superior Court of San Diego County, the California Court of Appeal in the Fourth Appellate District held that zip codes are not “personal identification information” under California’s Song-Beverly Credit Card Act of 1971, California Civil Code Sec. 1747.08 (the “Act.”). The Act prohibits a retailer… Continue Reading
On June 26, 2008, in Absher v. Autozone, Inc. et al. (2008), the California Court of Appeal in the Second Appellate District, confirmed that California’s Song-Beverly Credit Card Act of 1971, California Civil Code § 1747.08 (hereinafter, the “Act”) does not apply to a refund for the return of merchandise purchased by credit card…. Continue Reading
The June 18, 2008 Ninth Circuit panel decision in Quon et al. v. Arch Wireless et al., No. 07-55282 (9th Cir. June 18, 2008) has sparked a flurry of news reports and speculation regarding employers’ ability to monitor employees’ e-mails and text messages. In fact, the decision appears to change very little for private employers who… Continue Reading
On May 22, 2008, the California Court of Appeal narrowed the scope of claims available under California’s Song-Beverly Credit Card Act of 1971, California Civil Code § 1747.08, ruling that the statute is subject to the one-year statute of limitations of Code of Civil Procedure section 340 and does not apply to merchandise returns.
The new year brings with it many new California privacy laws. Included are the following: S.B. 202 – Telephone Record Pretexting As previously reported, S.B. 202 amends Penal Code § 638 to prohibit the purchase or sale of any telephone pattern record or list without the written consent of the subscriber. A.B. 424 – Identity… Continue Reading