The European Union’s General Data Protection Regulation (GDPR) first launched the concept of data minimization, which states that a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. This seems like a simple concept: an entity should only collect personal information that is
CCPA
CAAG Announces Investigative Sweep of Loyalty Programs’ Compliance with CCPA
California Attorney General Rob Bonta is serious about compliance with the California Consumer Privacy Act (CCPA). So serious, that on January 28, 2022, also known as Data Privacy Day, he announced that his office was commencing an investigative “sweep” of “businesses operating loyalty programs in California” and sent notices of noncompliance to businesses requiring them…
Recent CCPA Enforcement Actions Highlight the Importance of a CCPA-Compliant Privacy Policy
This is the time of year for thought pieces reflecting on the past year or so to speculate on the hot topics for next year. I began to wonder about California Consumer Privacy Act (CCPA) enforcement actions over the past year as this was something that we speculated about not that long ago. The California…
$2.35 Million Settlement in Dickey’s Barbecue Data Breach Class Action
This week, a proposed data breach class action against Dickey’s Barbecue Restaurants Inc. was settled for $2.35 million in the U.S. District Court for the Northern District of Texas with approval of the settlement terms by Judge Ed Kinkeade. Dickey’s is a Dallas-based restaurant chain that allegedly failed to implement appropriate security measures to protect…
Blackbaud Must Face CCPA Claims in Multi-district Class Action from Data Breach
Blackbaud, which suffered a data breach of its customers’ data in a ransomware attack in 2020, in which it admitted paying the ransom in a double extortion attack [view related posts], is facing multiple class action cases following the attack. The cases have been consolidated in multi-district litigation and now comprise 29 cases.
The…
Volkswagen and Audi Hit with Data Breach Class Action
This week, Volkswagen AG’s U.S. entity and its Audi brand were hit with a class action for a data breach that allegedly compromised 3.3 million consumers’ personal information. In the U.S. District Court for the District of New Jersey, a California consumer filed a suit against the automakers on behalf of other current and prospective…
Keep Biometric Information Laws on the Radar for Compliance
Ever since the enactment of the Illinois Biometric Information Privacy Act (BIPA), we have been watching the development of laws around the collection, use, disclosure and retention of biometric information. In general, BIPA and other biometric information privacy laws enacted since BIPA, require any company that is collecting biometric information, such as fingerprints, voice recognition,…
Dark Patterns and the CCPA: How Your Website Can Comply
The California Attorney General recently approved modified regulations under the California Consumer Privacy Act (CCPA). One part of the modified regulations bans “dark patterns” on a website. What are dark patterns? Public comments to the proposed regulations describe dark patterns as deliberate attempts to subvert or impair a consumer’s choice to opt-out on a website.…
Walmart Litigation Provides Guidance on Data Breach Class Action Suits Under the CCPA
Gardiner v. Walmart provided some guidance as to the specificity required to state a claim under the California Consumer Privacy Act (CCPA) and the types of damages that may be recoverable for breaches of California consumer data. On July 10, 2020, Lavarious Gardiner filed a proposed class action against Walmart, alleging that unauthorized individuals accessed…
Additional CCPA Regulations Approved
California Attorney General Xavier Becerra announced this week that the Office of Administrative Law approved additional California Consumer Privacy Act (CCPA) regulations, which became effective March 15, 2021.
The additional changes to the regulations primarily affect businesses that sell the personal information of California residents. The changes include a uniform Opt-Out Icon for the…