Privacy Law Blog

Tag Archives: California

California Gives the Fourth Amendment a 21st Century Makeover

The average American today generates more media than they did at any other point in history, and the ease with which our communications, photos, and videos are sent and stored digitally means most of us have more media stored in the cloud or on a single digital device than previous generations would have created in … Continue Reading

California Amends Data Breach Notification Law

On September 27, 2013, California Governor Jerry Brown signed into law an amendment to California’s breach notification law (Cal. Civ. Code § 1798.82).  Effective January 1, 2014, under the amended law, the definition of “Personal Information” will be expanded to include “a user name or email address, in combination with a password or security question … Continue Reading

Protecting Privacy or Enabling Fraud? Employee Social Media Password Protection Laws May Clash with FINRA Rules

As a growing number of states pass legislation which will protect individuals’ social media accounts from employer scrutiny, they have encountered a surprising adversary – FINRA and other securities regulators. To date, at least six states have enacted social media employee privacy laws (which were blogged about here, here, here, and here) and upwards of … Continue Reading

California Attorney General Issues Recommendations for Mobile Ecosystem Stakeholders

Ever on the forefront of consumer privacy protection, California is again making news in the privacy world with the California Attorney General’s recent publication of “Privacy on the Go: Recommendations for the Mobile Ecosystem,” which includes privacy recommendations for app developers, app platform providers, mobile ad networks, makers of operating systems and mobile carriers.  With … Continue Reading

GPS in the Workplace

Earlier this year in United States v. Jones, the United State Supreme Court addressed the privacy implications of Global Positioning Systems (“GPS”), holding that placing a GPS tracking device on a suspect’s car was a “search” under the Fourth Amendment. Though a growing number of employers are using GPS systems to track employee activity on the … Continue Reading

Smart Grid Technology Implicates New Privacy Concerns

The smart grid is an advanced metering infrastructure made up of “smart meters” capable of recording detailed and near-real time data on consumer electricity usage.  That data would then be sent to utilities through a wireless communications network.  In recent years, utilities have increased the pace of smart meter deployment—smart meters are expected to be … Continue Reading

Veto, Veto, Pass! New Governor Means New Breach Notification Law in California

On Wednesday, August 31, 2011, California became the third state this year to amend its existing security breach notification law when Governor Jerry Brown signed into law Senate Bill 24 ("SB 24"). SB 24's specific changes, while far from sweeping, include the addition of content requirements for notice letters to individuals and a requirement to send a sample letter to the state's attorney general if more than 500 people are affected by a breach. SB 24 won't add much to most nationwide breach response plans, but will up the ante for those doing business primarily (or exclusively) in California. … Continue Reading

90210 Gets Personal: California Supreme Court Rules that ZIP Codes are “Personal Identification Information”

Yesterday, the California Supreme Court held that ZIP codes are "personal identification information" within the meaning of the state's Song Beverly Credit Card Act. The court's decision in Pineda v. Williams-Sonoma Stores, Inc., No. S178241 slip op. (Cal. Feb. 10, 2011), casts a dark cloud over the established retail practice of asking for ZIP codes when customers make brick-and-mortar purchases using a credit card and essentially reverses the Court of Appeal's decision in Party City Corp. v. Superior Court, 169 Cal. App. 4th 497 (2008). In addition to some heated debate, the Pineda decision is likely to generate a healthy number of lawsuits against California retailers. … Continue Reading

California Supreme Court: Law Enforcement Officials May Search Cellular Phones Incident To Arrest

On Monday, the California Supreme Court ruled that the Fourth Amendment to the United States Constitution did not prohibit a deputy sheriff from conducting a warrantless, post-arrest search of the text messages of an arrestee. Specifically, the Court affirmed the decision of the Court of Appeal that the cell phone was “immediately associated with [defendant’s] person … Continue Reading

Facebook Simplified Its Privacy Policy, But Has Anyone Noticed?

Facebook's new policy includes a bullet point summary of key points at the beginning of the policy followed by section headings that allow users to jump to particular areas of the policy. Complex legal terms have been replaced throughout the policy by more basic language, with hyperlinks to pages containing more detail on key terms or issues. … Continue Reading

Cal. Supreme Court Has a Look at Cameras in the Workplace

In Hernandez v. Hillsides, Inc., S147552 (Aug. 3, 2009), the California Supreme Court unanimously held that the mere placement of a hidden video camera in an employee's office could constitute an invasion of privacy, even if the camera was never actually used to record the employee. Under the specific facts of the case, however, the Court ultimately found no liability because the intrusion was relatively minor, limited and justified, but California employers should be aware that the use of hidden surveillance cameras without notice or warning in "semi-private" office space is likely to produce an actionable claim for invasion of privacy in many cases. … Continue Reading

Prying Eyes Make Headlines

Proskauer on Privacy will never be confused with TMZ, but we would be remiss if we failed to report on the high profile privacy scandal unfolding in the backyard of our Los Angeles office. As we previously reported, California's data breach notification law was amended effective January 1, 2008, to include breaches of medical and health insurance information. A number of recent incidents illustrate once again that it is not enough to have written policies and procedures in place for the handling of sensitive information - employee training is essential. … Continue Reading

Iowa Enacts 43rd State Breach Notification Law

On May 9, 2008, Iowa Governor Chester Culver signed legislation (SF 2308) requiring any person who owns or licenses computerized data that includes a consumer's personal information to give notice of a breach of security. The law does not require notification if, after an appropriate investigation or after consultation with the relevant federal, state, or local agencies responsible for law enforcement, the person determined that no reasonable likelihood of financial harm to the consumers whose personal information has been acquired has resulted or will result from the breach. Following is an updated list of the 43 state security breach notification laws (plus District of Columbia and Puerto Rico). … Continue Reading

More Breach Notification Laws — 42 States and Counting

Virginia, West Virginia, and South Carolina are the latest states to pass data breach notification laws, bringing to 42 the total number of states with such laws on the books (including the one state with a law that applies only to public entities, Oklahoma). Listed below are the 41 states with laws that apply to private entities (plus the District of Columbia and Puerto Rico). … Continue Reading

In Response To TJX Data Breach, One State Enacts Legislation Imposing New Security and Liability Obligations; Similar Bills Pending in Five Other States

Lawmakers in six states have responded quickly to the massive data breach at TJX Companies, Inc. with various bills designed to strengthen merchant security and/or render companies liable for third party companies’ costs arising from data breaches. These latest bills – introduced in California, Connecticut, Illinois, Massachusetts, Minnesota and Texas – represent a new front of … Continue Reading

California Court of Appeal Reaffirms Adequacy of Opt-Out Notice to Protect Privacy of Individual Identity and Contact Information in Litigation

On April 9, 2007, the California Court of Appeal, Second Appellate District, affirmed a ruling of the Los Angeles Superior Court permitting the disclosure to counsel for a putative class of the names, addresses, and telephone numbers of the defendant's current and former employees unless, following proper opt-out notice, they objected in writing to the disclosure. … Continue Reading

Proposed California Legislation Would Require Retailers to Dispose of Personal Information Within 90 Days

Under legislation recently proposed in California, retailers doing business in the state would be subject to enhanced data destruction requirements, and all businesses would be affected by new data breach notification requirements.  In the wake of the TJX Companies data breach, which may have affected more than 46.2 million credit and debit cards, California Assemblyman … Continue Reading
LexBlog