Tag Archives: California

California Adopts Expansive Consumer Privacy Law

On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (“CCPA”), which is aimed at strengthening consumer privacy rights and data security protections.  The CCPA takes effect on January 1, 2020 and is considered the most stringent privacy law in the country. The CCPA applies to for-profit entities that conduct business in … Continue Reading

Updates to California Auto-Renewal Law Take Effect on July 1, 2018

Companies that offer or are considering subscription-based plans should take note that new requirements for automatic renewal offers (“auto-renewals”) take effect in California on July 1, 2018.  California Senate Bill No. 313 (“SB 313”) amends existing law to extend additional protections to consumers where an auto-renewal offer includes a free gift or trial or where … Continue Reading

California Bill Would Mandate Expedient Software Updates for Credit Bureaus

Following the Equifax data breach in 2017, there has been heightened awareness surrounding how credit reporting agencies handle consumers’ personal information. At the same time, recent high-profile attacks, such as the “WannaCry” ransomware attacks, have focused media and regulatory attention on vulnerabilities associated with unpatched systems. In response to these two concerns, on January 10, … Continue Reading

California Judge Upholds CPUC Order to Share Confidential Subscriber Data, But Subject to Adequate Protective Order

On November 3, Judge Vince Chhabria of the U.S. District Court of the Northern District of California held that federal law does not bar the California Public Utilities Commission (CPUC) from requiring telecommunications companies to hand over, under an adequate protective order, confidential subscriber data to The Utility Reform Network (TURN) as part of an … Continue Reading

California Attorney General Issues Recommendations for Privacy in Ed Tech

On November 2, 2016, California Attorney General Kamala Harris released a report outlining best practices for the education technology industry (“Ed Tech”).  In Ready for School: Recommendations for the Ed Tech Industry to Protect the Privacy of Student Data, Attorney General Harris noted the need to implement robust safeguards for collection, use, and sharing of … Continue Reading

Third Circuit Resurrects State Law Claims Against Google in Safari Cookie Tracking Lawsuit

Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law.  The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online … Continue Reading

California AG Issues Guidance for Consumers on Managing Mobile Location Privacy

By Hannah Lepow Yesterday California Attorney General Kamala D. Harris released guidance on how smartphone and tablet users can manage GPS and other location tracking functions on their mobile devices. The brief information sheet, designed for consumers, details how Android and iOS users can control different types of location information on their devices, including location … Continue Reading

California Requires a Warrant To Search Electronic Communications

On Thursday, October 8, California Governor Jerry Brown signed into law the California Electronic Communications Privacy Act (“CalECPA”), which requires law enforcement officials in California to obtain a warrant to access digital records, including emails and text messages. The new law was supported by privacy rights advocates and technology companies, many of which are pushing … Continue Reading

Three-Bill Package Makes Revisions to California’s Data-Breach Notification Statute

By Brandon Johnson On October 6, 2015, California Governor Jerry Brown signed into law a trio of bills that is intended to clarify key elements of the state’s data-breach notification statute and provide guidance to persons, businesses, and state and local agencies that deal with electronically stored personal information.  The bills, which were passed together … Continue Reading

New California Law Regulates Voice Recognition Technology in Smart TVs

By Brandon Johnson On October 6, 2015, California Governor Jerry Brown signed into law Assembly Bill 1116 (A.B. 1116), which regulates the manner in which smart TVs must notify users of voice-recognition technology and may use recorded voice commands.  The bill, which was passed unanimously by both houses of the California legislature earlier this year, … Continue Reading

Court Certifies Nationwide Class in Yahoo Email Scanning Litigation

Last Tuesday, District Judge Lucy Koh of the Northern District of California partially granted the plaintiffs’ motion for class certification in In re Yahoo Mail Litig., allowing the plaintiffs to pursue their claims for injunctive relief on behalf of class members under the Stored Communications Act (“SCA”) and California’s Invasion of Privacy Act (“CIPA”).  The plaintiffs, … Continue Reading

Ninth Circuit Asks California Supreme Court to Define the Scope of Song-Beverly Act

The U.S. Court of Appeals for the Ninth Circuit on Tuesday asked the California Supreme Court to resolve a longstanding dispute over the interpretation of a retail privacy statute.  If the state court rules on the issue, its decision could affect the ability of California retailers to collect information from consumers who make in-store payments using … Continue Reading

Danielle Citron Discusses Legal Remedies for Online Harassment

At a talk today with members of Covington’s Privacy and Data Security Group, Danielle Citron highlighted the need for more remedies for victims of online harassment, including women harassed by so-called revenge pornography. Citron, a professor at the University of Maryland School of Law, focuses on information privacy law and is the author of Hate … Continue Reading

House Debates Federal Data Breach Legislation

This morning, the House Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Michael Burgess (R-TX), held a hearing to determine what elements should be included in federal data breach legislation.  Despite the momentum for legislation created by high-profile breaches at retailers like Target and Home Depot, and most recently at Sony, ongoing efforts in … Continue Reading

New California Health Privacy Law Goes into Effect

Many individuals are covered by health insurance but are not the policy holders for that coverage (e.g., the policy holder is a spouse or parent of the covered individual).  Routine communications sent by insurers, such as explanation of benefit letters or denial of claims notices, are often sent to the policy holder and may contain … Continue Reading

New State Privacy Laws Go Into Effect on Jan. 1, 2015

State legislators have recently passed a number of bills that impose new data security and privacy requirements on companies nationwide. The laws include new data breach notification requirements, marketing restrictions, and data destruction rules. Below is an overview of the new laws and amendments that will go into effect on January 1, 2015.… Continue Reading

California Attorney General’s Second Annual Data Breach Report Finds Dramatic Increase in Number of Data Breaches

By Randall Friedland California Attorney General Kamala D. Harris yesterday released the second annual California Data Breach Report.   The report provided statistics and analysis related to data breaches that were reported to the Attorney General’s office in 2013.  The report also outlined suggested best practices and provided recommendations on ways to improve data security. Statistics … Continue Reading

Microsoft and Other Leading K-12 School-Service Providers Pledge To Protect Student-Data Privacy

Yesterday, several big tech companies that offer educational and school services signed the “Student Privacy Pledge,” introduced by the Future of Privacy Forum (“FPF”) and The Software & Information Industry Association (“SIIA”) to safeguard student privacy as it relates to the collection, maintenance, and use of students’ personal information.  Among the fourteen education tech companies … Continue Reading

California Amends Data Breach Legislation

Continuing our coverage of the flurry of bills signed into law by California Governor Jerry Brown last week, we turn now to AB 1710, an amendment to California’s data breach legislation. The data breach amendment makes three notable changes to existing laws regarding personal information privacy: 1.  Requires Companies that Maintain Personal Information to Implement … Continue Reading

Calif. Gov. Brown Signs 8 Bills to Strengthen Privacy Protections

On Tuesday, September 30th, California Governor Jerry Brown signed into law 8 bills his office says were designed to “strengthen privacy [ ] protections.” Among the bills is AB 2306, which prevents the attempt to capture an image or sound recording in an offensive manner through the use of any technological device. Among other things, … Continue Reading

California AG Releases Online Tracking Disclosure Guidelines

California Attorney General Kamala Harris today released guidelines to help websites comply with a state law that went into effect on January 1, 2014, pertaining to online tracking disclosures. The law, which amended the California Online Privacy Protection Act (“CalOPPA”) and which we previously blogged about here, requires website operators to disclose (1) how they … Continue Reading

Appeals Court Affirms Dismissal of “Shine the Light” Suits

Last week, the U.S. Court of Appeals for the Ninth Circuit affirmed lower-court dismissals of two lawsuits under California’s “Shine the Light” law.  Shine the Light (or “STL”) requires businesses that disclose customers’ personal information to third parties for those parties’ direct marketing purposes to respond to customer requests for information about such disclosures.  The … Continue Reading

California AG Sues Company for Slow Breach Response, “Public” Display of Social Security Numbers

California Attorney General Kamala Harris has sued the Kaiser Foundation Health Plan for failing to promptly notify employees about a 2011 data breach.  California’s breach notice law requires breaches of personal information to be disclosed “in the most expedient time possible and without unreasonable delay.” Harris alleges that Kaiser violated this requirement after taking too … Continue Reading
LexBlog