On Wednesday, August 31, 2011, California became the third state this year to amend its existing security breach notification law when Governor Jerry Brown signed into law Senate Bill 24 (“SB 24”). SB 24’s specific changes, while far from sweeping, include the addition of content requirements for notice letters to individuals and a requirement to send a sample letter to the state’s attorney general if more than 500 people are affected by a breach. SB 24 won’t add much to most nationwide breach response plans, but will up the ante for those doing business primarily (or exclusively) in California.
California
90210 Gets Personal: California Supreme Court Rules that ZIP Codes are “Personal Identification Information”
Yesterday, the California Supreme Court held that ZIP codes are “personal identification information” within the meaning of the state’s Song Beverly Credit Card Act. The court’s decision in Pineda v. Williams-Sonoma Stores, Inc., No. S178241 slip op. (Cal. Feb. 10, 2011), casts a dark cloud over the established retail practice of asking for ZIP codes when customers make brick-and-mortar purchases using a credit card and essentially reverses the Court of Appeal’s decision in Party City Corp. v. Superior Court, 169 Cal. App. 4th 497 (2008). In addition to some heated debate, the Pineda decision is likely to generate a healthy number of lawsuits against California retailers.
…
California Supreme Court: Law Enforcement Officials May Search Cellular Phones Incident To Arrest
On Monday, the California Supreme Court ruled that the Fourth Amendment to the United States Constitution did not prohibit a deputy sheriff from conducting a warrantless, post-arrest search of the text messages of an arrestee. Specifically, the Court affirmed the decision of the Court of Appeal that the cell phone was “immediately associated with [defendant’s] person at the time of his arrest” and was therefore “properly subjected to a delayed warrantless search.”
In People v. Diaz, filed on January 3, the Court considered whether the trial court properly denied Diaz’s motion to suppress evidence gathered during a search of his cell phone, which occurred approximately 90 minutes after he was arrested for being a coconspirator in the sale of drugs. Diaz denied knowledge of the sales. A deputy sheriff accessed Diaz’s cell phone, which had been seized from Diaz’s person, and found a coded text message that, based on the deputy’s training and experience, indicated Diaz knew of the transaction.
The California Supreme Court’s ruling hinged on its finding that the cell phone “was an item [of personal property] on [defendant’s] person at the time of his arrest and during the administrative processing at the police station.” People v. Diaz, S1666000, slip op. Majority Op. at 8 (Cal. Jan. 1, 2011). As such, the case was controlled by the United States Supreme Court’s holdings in United States v. Edwards, 415 U.S. 800, 802-803 (1974) and United States v. Robinson, 414 U.S. 218, 224 (1973), in which the High Court affirmed seizures of paint chips from clothing and a cigarette package containing heroin from a coat pocket (respectively).
Facebook Simplified Its Privacy Policy, But Has Anyone Noticed?
Facebook’s new policy includes a bullet point summary of key points at the beginning of the policy followed by section headings that allow users to jump to particular areas of the policy. Complex legal terms have been replaced throughout the policy by more basic language, with hyperlinks to pages containing more detail on key terms or issues.
…
Special Radio Report: Oncidi Talks Privacy in the Workplace
There is an inherent tension between an employee’s right to privacy and an employer’s right — and obligation — to maintain a safe, productive, and hostility free environment at the office.
…
Cal. Supreme Court Has a Look at Cameras in the Workplace
In Hernandez v. Hillsides, Inc., S147552 (Aug. 3, 2009), the California Supreme Court unanimously held that the mere placement of a hidden video camera in an employee’s office could constitute an invasion of privacy, even if the camera was never actually used to record the employee. Under the specific facts of the case, however, the Court ultimately found no liability because the intrusion was relatively minor, limited and justified, but California employers should be aware that the use of hidden surveillance cameras without notice or warning in “semi-private” office space is likely to produce an actionable claim for invasion of privacy in many cases.
…
California District Court Closes the Gap Left by Ruiz
On Monday, the Northern District of California granted Gap, Inc.’s Motion for Summary Judgment in Ruiz v. Gap, Inc., et al., Case No. 07-5739 SC, holding that Ruiz’s allegations of an increased risk of identity theft “do[] not rise to the level of appreciable harm necessary to assert a negligence claim under California law.”
…
Prying Eyes Make Headlines
Proskauer on Privacy will never be confused with TMZ, but we would be remiss if we failed to report on the high profile privacy scandal unfolding in the backyard of our Los Angeles office. As we previously reported, California’s data breach notification law was amended effective January 1, 2008, to include breaches of medical and health insurance information. A number of recent incidents illustrate once again that it is not enough to have written policies and procedures in place for the handling of sensitive information – employee training is essential.
…