the Federal Fair Credit Reporting Act preempted an identity exposure plaintiff’s state law claims for, among other things, negligence, breach of contract, and violation of the New York Deceptive Trade Practices Act
preemption
Third Time’s a Charm for “Data Accountability and Trust”? Federal Breach Notification Bill Introduced in the House. Again. This Time With Data Security Provisions.
On April 30, 2009, Representative Bobby Rush (D-Ill) introduced H.R. 2221, the Data Accountability and Trust Act. The bill is nearly identical to H.R. 958, introduced by Rep. Rush in the 110th Congress, and is similar to the Data Accountability and Trust Act, introduced by Rep. Stearns (R-FL) in the 109th Congress. Of course, the newest “Data Accountability and Trust Act” is only the most recent of dozens of bills proposed over the last several years that would implement uniform federal breach notification requirements and preempt the 44 state laws requiring notification. Rep. Rush’s latest bill also includes data security provisions and would preempt the growing number of state laws imposing such requirements.
…
California’s Financial Information Privacy Act Affiliate Sharing Provisions Narrowly Survive Complete Preemption
On September 4, 2008, in American Bankers Association v. Lockyer, No. 05-17163, 2008 WL 4070308 (9th Cir. Sept. 4, 2008), the Ninth Circuit Court of Appeals revived part of the California Financial Information Privacy Act (“S.B. 1”), allowing consumers to opt-out of certain information-sharing activities between financial institutions and their affiliates. Previously, in the 2005 case American Bankers Ass’n. v. Gould, 412 F.3d 1081 (9th Cir. 2005), the Ninth Circuit ruled that the state statute was preempted by provisions of the Fair Credit Reporting Act (“FCRA”) regarding affiliate sharing of “consumer report” information. The recent 2-1 decision preserves consumers’ rights under California law to restrict affiliate data-sharing related to non-consumer report information.
CAN-SPAM Preempts California Anti-Spam Laws
In a recent decision, the Northern District of California held that e-mail harvesting without permission may give rise to a cause of action under the California Penal Code and based on common law misappropriation. More striking, however, was the court’s ruling that the federal CAN-SPAM Act, 15 U.S.C. § 7701 et seq., preempts two California anti-spam statutes. Facebook, Inc. v. ConnectU LLC, — F.Supp.2d —, 2007 WL 1514783 (N.D. Cal. 2007).
…