The average American today generates more media than they did at any other point in history, and the ease with which our communications, photos, and videos are sent and stored digitally means most of us have more media stored in the cloud or on a single digital device than previous generations would have created in … Continue Reading
On September 27, 2013, California Governor Jerry Brown signed into law an amendment to California’s breach notification law (Cal. Civ. Code § 1798.82). Effective January 1, 2014, under the amended law, the definition of “Personal Information” will be expanded to include “a user name or email address, in combination with a password or security question … Continue Reading
As a growing number of states pass legislation which will protect individuals’ social media accounts from employer scrutiny, they have encountered a surprising adversary – FINRA and other securities regulators. To date, at least six states have enacted social media employee privacy laws (which were blogged about here, here, here, and here) and upwards of … Continue Reading
Ever on the forefront of consumer privacy protection, California is again making news in the privacy world with the California Attorney General’s recent publication of “Privacy on the Go: Recommendations for the Mobile Ecosystem,” which includes privacy recommendations for app developers, app platform providers, mobile ad networks, makers of operating systems and mobile carriers. With … Continue Reading
California Governor Jerry Brown has signed a new law protecting employee use of social media by prohibiting an employer from requiring or requesting an employee or applicant for employment to disclose a username or password for the purpose of accessing the employee’s personal social media.… Continue Reading
Earlier this year in United States v. Jones, the United State Supreme Court addressed the privacy implications of Global Positioning Systems (“GPS”), holding that placing a GPS tracking device on a suspect’s car was a “search” under the Fourth Amendment. Though a growing number of employers are using GPS systems to track employee activity on the … Continue Reading
The smart grid is an advanced metering infrastructure made up of “smart meters” capable of recording detailed and near-real time data on consumer electricity usage. That data would then be sent to utilities through a wireless communications network. In recent years, utilities have increased the pace of smart meter deployment—smart meters are expected to be … Continue Reading
On Wednesday, August 31, 2011, California became the third state this year to amend its existing security breach notification law when Governor Jerry Brown signed into law Senate Bill 24 ("SB 24"). SB 24's specific changes, while far from sweeping, include the addition of content requirements for notice letters to individuals and a requirement to send a sample letter to the state's attorney general if more than 500 people are affected by a breach. SB 24 won't add much to most nationwide breach response plans, but will up the ante for those doing business primarily (or exclusively) in California.
… Continue Reading
Yesterday, the California Supreme Court held that ZIP codes are "personal identification information" within the meaning of the state's Song Beverly Credit Card Act. The court's decision in Pineda v. Williams-Sonoma Stores, Inc., No. S178241 slip op. (Cal. Feb. 10, 2011), casts a dark cloud over the established retail practice of asking for ZIP codes when customers make brick-and-mortar purchases using a credit card and essentially reverses the Court of Appeal's decision in Party City Corp. v. Superior Court, 169 Cal. App. 4th 497 (2008). In addition to some heated debate, the Pineda decision is likely to generate a healthy number of lawsuits against California retailers.
… Continue Reading
On Monday, the California Supreme Court ruled that the Fourth Amendment to the United States Constitution did not prohibit a deputy sheriff from conducting a warrantless, post-arrest search of the text messages of an arrestee. Specifically, the Court affirmed the decision of the Court of Appeal that the cell phone was “immediately associated with [defendant’s] person … Continue Reading
Facebook's new policy includes a bullet point summary of key points at the beginning of the policy followed by section headings that allow users to jump to particular areas of the policy. Complex legal terms have been replaced throughout the policy by more basic language, with hyperlinks to pages containing more detail on key terms or issues.
… Continue Reading
There is an inherent tension between an employee's right to privacy and an employer's right -- and obligation -- to maintain a safe, productive, and hostility free environment at the office.
… Continue Reading
In Hernandez v. Hillsides, Inc., S147552 (Aug. 3, 2009), the California Supreme Court unanimously held that the mere placement of a hidden video camera in an employee's office could constitute an invasion of privacy, even if the camera was never actually used to record the employee. Under the specific facts of the case, however, the Court ultimately found no liability because the intrusion was relatively minor, limited and justified, but California employers should be aware that the use of hidden surveillance cameras without notice or warning in "semi-private" office space is likely to produce an actionable claim for invasion of privacy in many cases.
… Continue Reading
On Monday, the Northern District of California granted Gap, Inc.'s Motion for Summary Judgment in Ruiz v. Gap, Inc., et al., Case No. 07-5739 SC, holding that Ruiz's allegations of an increased risk of identity theft "do[] not rise to the level of appreciable harm necessary to assert a negligence claim under California law."
… Continue Reading
Proskauer on Privacy will never be confused with TMZ, but we would be remiss if we failed to report on the high profile privacy scandal unfolding in the backyard of our Los Angeles office. As we previously reported, California's data breach notification law was amended effective January 1, 2008, to include breaches of medical and health insurance information. A number of recent incidents illustrate once again that it is not enough to have written policies and procedures in place for the handling of sensitive information - employee training is essential.
… Continue Reading
On May 9, 2008, Iowa Governor Chester Culver signed legislation (SF 2308) requiring any person who owns or licenses computerized data that includes a consumer's personal information to give notice of a breach of security. The law does not require notification if, after an appropriate investigation or after consultation with the relevant federal, state, or local agencies responsible for law enforcement, the person determined that no reasonable likelihood of financial harm to the consumers whose personal information has been acquired has resulted or will result from the breach. Following is an updated list of the 43 state security breach notification laws (plus District of Columbia and Puerto Rico).
… Continue Reading
Virginia, West Virginia, and South Carolina are the latest states to pass data breach notification laws, bringing to 42 the total number of states with such laws on the books (including the one state with a law that applies only to public entities, Oklahoma). Listed below are the 41 states with laws that apply to private entities (plus the District of Columbia and Puerto Rico).
… Continue Reading
Lawmakers in six states have responded quickly to the massive data breach at TJX Companies, Inc. with various bills designed to strengthen merchant security and/or render companies liable for third party companies’ costs arising from data breaches. These latest bills – introduced in California, Connecticut, Illinois, Massachusetts, Minnesota and Texas – represent a new front of … Continue Reading
On April 9, 2007, the California Court of Appeal, Second Appellate District, affirmed a ruling of the Los Angeles Superior Court permitting the disclosure to counsel for a putative class of the names, addresses, and telephone numbers of the defendant's current and former employees unless, following proper opt-out notice, they objected in writing to the disclosure.
… Continue Reading
Under legislation recently proposed in California, retailers doing business in the state would be subject to enhanced data destruction requirements, and all businesses would be affected by new data breach notification requirements. In the wake of the TJX Companies data breach, which may have affected more than 46.2 million credit and debit cards, California Assemblyman … Continue Reading
