Continuing our coverage of the flurry of bills signed into law by California Governor Jerry Brown last week, we turn now to AB 1710, an amendment to California’s data breach legislation. The data breach amendment makes three notable changes to existing laws regarding personal information privacy: 1. Requires Companies that Maintain Personal Information to Implement … Continue Reading
Last week, California enacted bills SB 1177 and AB 1584, strengthening student privacy protections in the State. SB 1177 prohibits operators of online sites or mobile apps who know that their services are used primarily for K-12 school purposes and whose services designed and marketed as such (“operators”) from using K-12 student data in four … Continue Reading
On Tuesday, September 30th, California Governor Jerry Brown signed into law 8 bills his office says were designed to “strengthen privacy [ ] protections.” Among the bills is AB 2306, which prevents the attempt to capture an image or sound recording in an offensive manner through the use of any technological device. Among other things, … Continue Reading
Last Friday, Florida’s governor signed into law the Florida Information Protection Act of 2014 (“FIPA”), a bill repealing Florida’s existing data security breach notice law and replacing it with what will be one of the nation’s most stringent breach notice laws. This post summarizes the key aspects of the new law, which becomes effective July … Continue Reading
Last week, the governor of Connecticut signed into law a new requirement that extends compliance with the state’s existing Do-Not-Call registry to promotional text messages (SMS). Specifically, the law amends the definition of a “telephonic sales call” to include a “text or media message sent by or on behalf of a telephone solicitor,” thereby prohibiting … Continue Reading
On Monday, the International Association of Privacy Professionals (IAPP) hosted a discussion that featured state and federal privacy regulators. The panel included Maneesha Mithal, Associate Director for the Division of Privacy and Identity Theft at the Federal Trade Commission; Marty Jackley, Attorney General of South Dakota; and Bill Sorrell, Attorney General of Vermont. The panel … Continue Reading
The California legislature has enacted a flurry of privacy-related laws over the past few months. Still more bills are pending. This post provides a brief overview of new privacy laws enacted in California in 2013, including measures that will become effective on January 1, 2014. For a more detailed look at some of these key … Continue Reading
Earlier this month, we blogged about the California Senate’s passage of the bill titled “Privacy Rights for California Minors in the Digital World”, which prohibits certain targeted advertising to California minors and requires that minors be allowed to delete materials they have posted online. Yesterday, California Governor Jerry Brown signed the legislation, and it will … Continue Reading
Continuing a flurry of recent legislative activity (see posts here and here), the California legislature on Tuesday passed a bill requiring that California law enforcement agencies obtain a search warrant to compel the production of communications content (e.g., emails and social media messages) from providers of electronic communication services. A service provider may provide stored content … Continue Reading
Last Friday the California Senate unanimously passed legislation titled, “Privacy Rights for California Minors in the Digital World,” which prohibits certain types of marketing to minors (defined as a natural person under the age of 18 residing in California) and allows minors to delete materials they have posted online. The bill, which already cleared the … Continue Reading
Last week the California Senate unanimously approved a bill requiring that operators of commercial websites and online services that collect personal information disclose how they respond to “do-not-track” signals from web browsers and whether they allow third parties to engage in online tracking. The legislation, which was introduced by Assemblyman Al Muratsuchi, has been sponsored … Continue Reading
On Monday, California Attorney General Kamala Harris for the first time released a data breach report; the report details 131 data breaches reported to the CA AG’s office, which collectively exposed the personal information of 2.5 million Californians. 56% of the breaches involved Social Security numbers, a category of information disclosure which creates a heightened … Continue Reading
California Attorney General Kamala Harris failed in her first attempt to sue a company for failing to post a privacy policy on a mobile app.
Harris alleged that Delta Airlines violated the California Online Privacy Protection Act ("CalOPPA") by failing to include a privacy policy on its mobile app- The lawsuit, in the California Superior Court in San Francisco, was the first enforcement action under CalOPPA since it came into force in 2004.
On Thursday, the district court granted Delta's motion to dismiss the complaint, concluding that the Airline Deregulation Act (ADA) pre-empts the state's claims. The ADA provides that "a State....may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier." Courts have construed the scope of preemption by the ADA broadly, and the majority of courts which have considered the issue have held that the ADA preempts the application of state consumer protection laws to airlines. See Morales v. Trans World Airlines, 504 U.S. 374 (1992). The judge decided that the operation of a mobile app for air travel services is "related to price, route or service of an air carrier" and thus agreed with Delta's argument that the California AG's claim is pre-empted.… Continue Reading
After gaining prominence in 2012, state legislation restricting access to personal social media accounts by employers and schools has remained active. Three more states have enacted their own restrictions thus far in 2013, and bills are pending in more than two dozen other states, according to the National Conference of State Legislatures. In 2012, Illinois … Continue Reading
A bill titled the “Right to Know Act of 2013” (AB 1291), which was first introduced by Assembly Member Bonnie Lowenthal this past February, continues to gather momentum in the California legislature. The Right to Know Act would repeal and re-write Cal. Civ. Code § 1798.83 (often referred to as the California Shine the Light law) … Continue Reading
On Monday, the California Supreme Court, by a slim 4-3 majority, held that California’s Song-Beverly Credit Card Act of 1971 (“Song-Beverly”) does not apply to online purchases in which a product is downloaded electronically, finding that Apple was not liable under the statute for collecting plaintiff Krescent’s telephone number and address in order to complete … Continue Reading
New Jersey earlier this month became the latest state to bar college and university officials from demanding access to students’ or applicants’ personal online accounts. Gov. Chris Christie signed the law, which takes effect immediately, on Dec. 3. Under the new law, which applies to public and private higher-education institutions, schools cannot require a student or … Continue Reading
California Attorney General Kamala Harris has made good on her promise to get tough with mobile app makers that fail to provide privacy policies in their apps. Yesterday, her office sued Delta Airlines for violating the California Online Privacy Protection Act (“CalOPPA”), which requires providers of websites and “online services” to conspicuously post privacy policies … Continue Reading
California is the latest state to enact legislation restricting the circumstances under which employers or schools can demand access to employees’ or students’ personal social media accounts. California Gov. Jerry Brown signed two bills into law on Sept. 27. The first, A.B. 1844, bars employers from requiring or requesting that employees or job applicants disclose … Continue Reading
This week, the much talked-about amendments to Texas’s breach notice statute took effect. We previously blogged about these amendments, which are unprecedented in scope. With the amendments, the Texas statute now requires entities doing business in Texas to notify “any individual” whose “sensitive personal information” is acquired in a breach (unless the information is encrypted). … Continue Reading
Last week, the California legislature passed one of the nation’s most restrictive bills governing law enforcement’s ability to access location information. Under the California Location Privacy Act, state and local government agencies would be required to secure search warrants before obtaining historical or current location information for any electronic device. The California bill would curtail … Continue Reading
On August 1, Illinois became the second state in the country to prohibit employers from requesting or requiring employees to provide their passwords for social networking accounts. As reported in this blog, Maryland adopted similar legislation in April. The bill (HB 3782) was signed into law by Illinois Governor Pat Quinn and will become effective on … Continue Reading
Interesting questions are arising in relation to how to implement an "opt out" for smart meters. In many states, customer unease about the privacy and safety concerns associated with smart meters has resulted in new legislation or regulations that give customers the ability to decline the installation of a smart meter. However, smart meters enable energy efficiency and cost savings, so should customers that opt out have to pay more?
This question arose last month in the Maine Supreme Court in the case of Friedman v. Maine Public Utilities Commission and Central Maine Power Company. The court heard an appeal from the… Continue Reading
Two bills have been proposed in the New York State Legislature that aim to de-anonymize online commenting. The proposed Internet Protection Act — introduced in the identical bills S.6779 and A.8688 —would amend New York civil rights law to require a website administrator upon request to “remove any comments posted on his or her web … Continue Reading
