California Attorney General Xavier Becerra said last week that “knowledge is power, and in today’s world knowledge is derived from data. When it comes to your own data, you should be in control…” These words came in an Advisory highlighting California consumers’ rights under the California Consumer Privacy Act (CCPA). The Advisory outlined several areas … Continue Reading
After much anticipation and trepidation, the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. Many companies are understandably still grappling with the details of the law, the amendments, and the proposed regulations and how to comply with them. If you have not determined whether the CCPA applies to your company, and … Continue Reading
In delving deeply into the California Consumer Privacy Act (CCPA), the Amendments recently signed by the California Governor, and the proposed Regulations issued by the California Attorney General, we thought it would be helpful to point out some details that are important to consider for compliance which are not obvious in the CCPA discussions we … Continue Reading
The pace at which data privacy and security laws are changing continues to move at warp speed. Back in the day, I would keep track of all privacy and security bills in state legislatures and Congress; about 10 years ago, I stopped that practice because many were never enacted. Now, however, state laws are being … Continue Reading
Last week was a busy week for the California Consumer Privacy Act (CCPA), as Attorney General Xavier Becerra released draft regulations on October 10 and Governor Newsom signed several pending CCPA amendments into law on October 11. The CCPA amendments clarified several important issues, including: employee information and business-to-business (B2B) communications are exempt from the … Continue Reading
While we’ve discussed the California Consumer Privacy Act (CCPA) at length, Nevada was busy amending its internet privacy law and in the process beat California’s deadline for the effective date by three months. Nevada’s SB 220 is effective as of October 1, 2019. This law prevents covered operators from selling individual’s personal information and allows … Continue Reading
The ADA was enacted in 1990 to prohibit discrimination against persons with disabilities. It did not include express rules about access to websites and mobile apps. But that hasn’t stopped a flood of lawsuits against companies based on claims their websites or mobile apps might not be accessible to people with disabilities, such as visual, … Continue Reading
Bloomberg Law reported this week that California Attorney General Xavier Becerra expects to issue draft regulations for the California Consumer Privacy Act (CCPA) in October. Bloomberg reported that AG Becerra told reporters the regulations would be published next month. Businesses and consumers will then be able to submit public comments to the regulations. Bloomberg also reported … Continue Reading
The California legislature passed six amendments to the California Consumer Privacy Act (CCPA) that are on their way to Governor Gavin Newsom’s desk. The Governor has until October 13, 2019, to act on the amendments. With the end of the legislative session on September 13, this means that should the Governor sign all the amendments, … Continue Reading
On September 10, 2019, California federal judge, U.S. District Judge Yvonne Gonzalez Rogers, entered a $267 million judgment against a debt collection agency, Rash Curtis & Associates (Rash Curtis), for its violation of the Telephone Consumer Protection Act (TCPA) for over 534,000 unsolicited robocalls. This judgment comes after a May jury trial in which the … Continue Reading
After all of the GDPR compliance assessments, implementation and hullaballoo in the last year or so, many companies chose to certify that they are compliant with the EU-U.S. Privacy Shield framework rather than implementing a full-blown GDPR compliance program. To attain Privacy Shield certification, companies must submit an application and certify that when consumer data … Continue Reading
In an unusual move, Delta Airlines (Delta) sued one of its vendors last week for the data breach it experienced in 2017. It’s an unusual move for several reasons. First, in our experience when a vendor causes a data breach, there is usually a contractual provision that can be followed that outlines the responsibility of … Continue Reading
We have been watching all of the activity around the proposed amendments to the California Consumer Privacy Act (CCPA) to see where the law settles to assist with compliance. Not surprisingly, but nonetheless important to know, is the fact that the California Assembly on May 29, 2019, unanimously passed an amendment to CCPA that excludes … Continue Reading
One of the first questions we ask our clients when they call about a security incident is whether they have insurance that may cover the costs associated with investigating the incident, potential forensic analysis, and coverage for a data breach. Sometimes the client will say “Yes, we have cyber coverage.” However, when reviewing the coverage … Continue Reading
Like many of you, I don’t answer my cell phone unless the number pops up as someone I know, because a majority of the calls I get are spam or robocalls. It’s so frustrating. Although these calls are probably a violation of the Telephone Consumer Protection Act (TCPA), the Federal Trade Commission (FTC) – the … Continue Reading
A few weeks ago, I pondered whether the California Consumer Privacy Act of 2018 (CCPA) is still a bit of a work in progress with the introduction of a proposed amendment. Recently, another amendment was proposed by Assembly Member Edwin Chau in the form of Assembly Bill 25. Assembly Bill 25 would exclude employees and … Continue Reading
The “Uber of weed” app developed by Eaze Solutions, Inc. (Eaze) provides information to users about the delivery of recreational and medical marijuana throughout California. Unfortunately, Eaze allegedly violated the Telephone Consumer Protection Act (TCPA) by inundating its users with unsolicited, autodialed text messages about how to buy marijuana. The named plaintiff alleges that she … Continue Reading
We write about data breaches and privacy issues all the time. We are desensitized in some ways to the fact that our privacy may have been, or will be, compromised and, quite frankly, many people now distrust some of the very companies with which they shared their information. California led the way regarding privacy legislation … Continue Reading
On the heels of working with clients on compliance with the European Union’s General Data Privacy Regulation (GDPR) and the rapidly evolving landscape of data privacy and security laws and regulations, the next hurdle to set compliance sights on for organizations is the California Consumer Privacy Act (CCPA). We have previously outlined the requirements of … Continue Reading
This was a busy week for activity and discussions on the federal level regarding existing privacy laws – namely the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). But the real question is, could a federal privacy law actually happen in 2019? Cybersecurity issues and the possibility of a … Continue Reading
Lead plaintiff, John Herrick, in the Telephone Consumer Protection Act (TCPA) class action lawsuit against GoDaddy.com LLC (GoDaddy.com) opposed an Arizona federal judge’s May 2018 decision to grant summary judgment in favor of GoDaddy.com. The court granted summary judgment on the grounds that the platform used to send the text messages did not qualify as … Continue Reading
This week we continue our series of articles on the California Consumer Privacy Act of 2018 (CCPA). One of the biggest challenges for all of us who are analyzing this law is that even before its 2020 effective date, it’s still a work in progress. This week, legislation was introduced by California State Senator Hannah-Beth … Continue Reading
Many companies’ sales and marketing department have no idea that there is a law that generally prohibits the use of robocalling or SMS texting for sales and marketing purposes without the express written consent of the recipient. Many of us get spam calls on our cell phones and residential phone lines (if they still exist) … Continue Reading
Last week, Florida skin care spa, Medspa Del Mar LLC (Medspa) was hit with a Telephone Consumer Protection Act (TCPA) class action in federal court for allegedly using an automatic dialing system to send unwanted text messages advertising its treatments. Lead plaintiff claims that Medspa invaded her and other class members’ privacy by sending a … Continue Reading
