Facebook’s parent company Meta has agreed to settle one of the longest-running data privacy lawsuits in the country for $90 million. This dispute, originally filed in 2012 in a total of 21 related cases, alleged that Facebook...more
California lawmakers wrapped up this year’s legislative session, passing roughly 900 bills this year. Among those were only a few privacy initiatives, which we outline below. ...more
In a highly anticipated decision, the Illinois Appellate Court finally clarified the correct application of the statute of limitations under the state’s Biometric Information Privacy Act (BIPA). In Tims v. Black Horse...more
In a first-of-its kind enforcement action, the SEC fined an alternative data provider for the mobile app industry and its former CEO for misrepresentations and misuse of confidential data. Together, they will pay over $10...more
California's Attorney General recently issued guidance for healthcare providers and facilities. The guidance serves as a reminder to comply with data privacy laws and with California Civil Code section 1798.82, which requires...more
A federal court in Illinois agreed with Google that a biometric privacy lawsuit filed against it in the Northern District of Illinois should be stayed in favor of a similar pending state court case. Although it is not...more
In a first-of-its-kind ruling interpreting the CCPA, a federal judge concluded that a business was subject to the CCPA because the complaint allegations satisfied the "for profit" requirement of this California privacy law....more
Another district court just ordered the defendant in a data breach class action to turn over the forensic report it believed was entirely protected from disclosure by the attorney-client privilege and work product doctrine....more
8/2/2021
/ Attorney-Client Privilege ,
Capital One ,
Class Action ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Disclosure ,
Forensic Examination ,
Motion to Compel ,
Work-Product Doctrine
To note the one year anniversary of the California Consumer Privacy Act (CCPA) enforcement date, California Attorney General Rob Banta held a press conference on July 19, 2021 to share key information about enforcement...more
On Friday, a sharply divided U.S. Supreme Court issued a ruling, which significantly impacts the plaintiffs’ ability to pursue privacy and data breach class actions in federal courts. In TransUnion LLC v. Ramirez, Case No....more
6/29/2021
/ Article III ,
Class Action ,
Class Members ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
SCOTUS ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
Although the California Consumer Protection Act (“CCPA”) went into effect on January 1, 2020 and over 100 class actions referencing the CCPA have been filed to date, very few class actions have actually made their way to...more
Earlier this week, the California Department of Justice unexpectedly released a third set of proposed modifications to the CCPA regulations. This move took place only two months after the California Attorney General’s Office...more
10/14/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Information Governance ,
Office of Administrative Law ,
Opt-Outs ,
Personal Information ,
Privacy Policy ,
State Attorneys General
2020 “back to school” has a whole new meaning in the age of COVID-19. Now, it is finally time for companies to take compliance with the California Consumer Privacy Act (“CCPA”) off the back burner and implement policies and...more
Last week, the plaintiffs in three related children’s privacy class actions sought preliminary approval of proposed settlements with sixteen defendants in those coordinated actions. The matters—known as the Kiloo Action, the...more
9/2/2020
/ Class Certification ,
Class Members ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Declaratory Relief ,
Disney ,
Federal Rules of Civil Procedure ,
Injunctive Relief ,
Mobile Apps ,
Online Safety for Children ,
Personal Data ,
Right to Privacy ,
Settlement ,
Settlement Negotiations ,
Website Owner Liability
Online stationery and craft company Minted Inc. has been hit with a CCPA class action lawsuit, stemming from a massive data breach the company disclosed in late May. The proposed class action lawsuit, filed in a California...more
6/17/2020
/ Breach of Implied Contract ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Putative Class Actions ,
State Attorneys General ,
Unfair Competition Law (UCL)
Companies planning to conduct pandemic-related temperature checks for California employees and visitors to their premises should consider their compliance obligations under the California Consumer Privacy Act (“the CCPA”). If...more
In an unprecedented ruling, one federal court recently held that the work product doctrine does not protect the expert cybersecurity report prepared after a data breach. The court ordered the release of the unredacted...more
The organization known as Californians for Consumer Privacy announced yesterday that it successfully secured enough signatures to qualify adding the California Privacy Rights Act (“CPRA”) to the state’s November 2020 ballot....more
Although it may not seem like it, there are privacy-related issues to discuss beyond COVID-19. Before the state of emergency, we saw the first complaint under the California Consumer Privacy Act (CCPA) filed in a California...more
While many companies around the world are coping with a global pandemic, some are facing additional challenges in light of a looming deadline triggered by the California Consumer Privacy Act (“CCPA”). Citing #covid19...more
The New York Department of Financial Services (NYDFS) issued guidance to financial institutions engaged in virtual currency business activities, mandating that an emergency preparedness plan from each firm be submitted to...more
In this post, we offer insights on the revisions recently made by the California Attorney General’s office to Article 4 of its draft regulations pertaining to verification requirements. Article 4 specifies how businesses...more
The companies Salesforce.com, Inc. and Hanna Andersson, LLC are on the receiving end of a novel lawsuit, which appears to be the very first data breach class action ever filed with alleged violations of the California...more
2/6/2020
/ Business & Professions Code ,
California Consumer Privacy Act (CCPA) ,
Cause of Action Accrual ,
Corporate Counsel ,
Data Breach ,
Hackers ,
Injury-in-Fact ,
Negligence ,
Personal Information ,
Privacy Concerns ,
Private Right of Action ,
Spokeo v Robins ,
Statutory Damages ,
Unfair Competition Law (UCL) ,
Web Scraping
The California Attorney General’s draft regulations specify how businesses verify consumers’ identities when they receive consumers’ data requests. Specifically, Section 999.323 requires a business (i) to verify consumers’...more
The California Attorney General’s office (CA AG) has published the long-awaited implementing regulations to the California Consumer Privacy Act (CCPA). In addition to the regulations, the CA AG also released a Notice of...more