Proskauer Rose

Subscribe to Proskauer Rose's Posts
Contact:Read more about Proskauer Rose

On Monday, the Court of Appeal, Second Appellate District upheld the validity of California’s “security freeze” law, section 1785.11.2 of the California Civil Code, but nonetheless enjoined under the First Amendment its application to the U.D. Registry (“U.D.”), a provider of credit reports drawn in material part from public records.  U.D. Registry, Inc. v. State of California, B179653 & B186012 (October 30, 2006).

California’s Security Freeze Law

Section 1785.11.2, authored by Senator Debra Bowen, was enacted to enhance protection of consumers from identity theft by allowing them to place fraud alerts on their credit reports and to prevent or control the release of those reports, and by prohibiting specified government and business uses of social security numbers.

The security freeze law provides, among other things, that “[a] consumer may elect to place a security freeze on his or her credit report by making a request in writing by certified mail to a consumer credit reporting agency.”  If such a security freeze is in place, “information from a consumer’s credit report may not be released to a third party without prior express authorization from the consumer.”  A consumer credit reporting agency has five business days to place a freeze on a credit report after receiving a written request.

Section 1785.11.2 was intended in part to shift some of the identity theft burden from consumers to credit reporting agencies.  Also of concern to California lawmakers, as noted by the U.D. Registry court, was “a consumer’s right to control the use of his or her personal and financial information.”

Welcome to the LACBA California Privacy Law blog. This blog will provide a forum for summary and discussion of recent developments in California privacy law. California was the first state in the nation to require operators of commercial websites or online services to post privacy policies, and was the first state to pass legislation requiring notification to customers for security breaches of personal information. California continues to pioneer new legislation and policy to address growing concerns regarding individual privacy rights in the information age. The last few weeks have seen the usual flurry of activity on the privacy front in California.[1]
 

Recent California Privacy Law Developments

In the wake of the Hewlett-Packard pretexting revelations, Attorney General Bill Lockyer filed criminal fraud and conspiracy charges in Santa Clara County against former HP chairman Patricia Dunn and four others.  Also, Governor Schwarzenegger signed a bill (S.B. 202), effective January 1, 2007, prohibiting the sale or purchase of a consumer’s phone records without the consumer’s written consent and the practice of obtaining such records by fraud or deceit.

In the same time period, the California Supreme Court refused to reconsider or modify its ruling in Kearney v. Salomon Smith Barney, Inc., 39 Cal.4th 95 (2006), which held that out-of-state companies are subject to California law requiring two-party consent for the recording of telephone conversations made to or received from California.  For more on Kearney, click here.