Tag Archives: California

Nevada Enacts Online Privacy Policy Law; Illinois ‘Right to Know’ Bill Carried Over

Nevada recently became the latest state to pass a law requiring operators of websites and online services to post a public notice regarding their privacy practices. California was the first state to pass such a law in 2004, and Delaware enacted a similar law effective January 1, 2016.  Similar to its predecessors, the new Nevada … Continue Reading

California Amends Its Breach Notification Statute

For the third time in as many years, California has once again amended its breach notification statute. This time it expanded the definition of “personal information,” clarified the term “encryption,” and mandated additional formatting and content requirements for individual notification letters. These amendments impact both companies and agencies and will go into effect on January … Continue Reading

CA AG Requires Chief Privacy Officer and Privacy Compliance Program

California’s Attorney General, Kamala Harris, has required Houzz, a home décor information and e-commerce website and mobile app publisher, to hire a chief privacy officer (CPO), conduct a company-wide privacy assessment, and maintain a privacy compliance program to settle a lawsuit that alleged Houzz failed to follow California law that requires disclosure of the recording … Continue Reading

California Attorney General Releases 2014 Data Breach Report and Recommendations, Finding More of the Same.

Editor’s Note: The author thanks Jaysen Borja for his contributions to this post. On October 28, 2014, Attorney General Kamala Harris released the second annual California Data Breach Report.  The report detailed the nature and scope of data breach notifications that her office received in 2013.  Her office has been analyzing notifications of data breaches … Continue Reading

California Extends Deadline for Reporting Breaches to the CDPH from 5 to 15 Business Days

On September 18, 2014, California Governor, Jerry Brown, signed Assembly Bill 1755 (“AB1755”) into law, amending breach notification provisions in the California Health and Safety Code applicable to licensed clinics, health facilities, home health agencies, and hospices. Under existing law, certain health care entities licensed by the California Department of Public Health (“CDPH”), including hospitals … Continue Reading

California’s Latest Amendments to Its Data Security Breach Notification Law – Much Ado about Nothing?

Editor’s Note: The authors would like to thank Jaysen Borja for his contributions to this post. On September 30, 2014, California Governor, Jerry Brown, signed Assembly Bill 1710 into law, amending California’s existing personal information privacy laws.  A.B. 1710 makes several changes to existing laws including: (1) the requirement that businesses that “maintain” personal information … Continue Reading

California Continues to Regulate Privacy and Advertising to Minors in New Law Regulating School-related Online Services

On September 29, 2014, California Governor Jerry Brown signed SB 1177 into law, effective Jan 1, 2015.  See Governor Brown Issues Legislative Update.  The new privacy and advertising regulation goes beyond FERPA, the federal student privacy law, and existing state student privacy laws that govern schools and requires them to obtain privacy protections for student … Continue Reading

New CA Privacy Disclosure Requirements Clarified By AG

California has a number of privacy notice requirements for businesses collecting data from California residents, including as of January 1 of this year a requirement that websites, mobile apps and online services make certain disclosures regarding how they respond to browser and other “do not track signals” and regarding the presence and functionality of tracking … Continue Reading

Opening the Flood Gates? California Voters May Create Presumption of Harm in Privacy Breach Cases

Authored by: Julian Perlman Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. California has moved one step closer towards amending its Constitution to create a presumption of harm whenever personal data is shared without a consumer’s express opt-in, a change that would clear a significant hurdle to many privacy breach … Continue Reading

California Data Breach Notification Laws Expand to Include Login Information

Authored by: Charles K. Shih On Friday, September 27, California governor Jerry Brown signed a bill, S.B. 46, which increases the online protection of potential identity theft for Californians by requiring companies to give notice when a California resident’s log in data is compromised. California’s attorney general sponsored the law, which was written by Senate … Continue Reading

California’s New “Eraser Button” Law Allows Regretful Teens to Remove Embarrassing Internet Postings

Authored by: Charles K. Shih California became the first state to sign into law a bill that requires websites and apps to provide an “eraser button” to its users under the age of 18.  The law, S.B. 568 signed by California Governor Jerry Brown, has two main elements.  First, it requires Internet companies to provide … Continue Reading

Delta’s Mobile Application’s “Wings Clipped”

A powerful reminder to the business community that it must take mobile application (“App”) privacy seriously was provided by California Attorney General Kamala D. Harris in the form a complaint filed against Delta Airlines, Inc. (“Delta”) last Thursday. Attorney General Harris announced first ever legal action taken under the California Online Privacy Protection Act (“CalOPPA”), … Continue Reading

California AG Puts Companies on Notice About App Privacy Non-compliance

On October 30, California Attorney General Kamala Harris announced that her office is notifying up to 100 companies and mobile application developers that they are not in compliance with the state’s Online Privacy Protection Act (“CalOPPA”). According to Harris’ sample letter, the problem is that the offending apps downloadable through the Apple App Store and … Continue Reading

Call Centers Increasingly Targeted in Class Action Lawsuits for Statutory Penalties Under Decades-Old California Law

Authored by: Paul Karlsgodt Editor’s Note – This article is a joint submission to BakerHostetler’s Class Action Lawsuit Defense blog. Companies that provide call center services to consumers are increasingly being targeted in class action lawsuits under an arcane section of the California penal code that provides a civil right of action and statutory damages … Continue Reading

California Attorney General Settlement on App Privacy Practices

The Attorney General of California (“AG”) released a Joint Statement of Principles (“Joint Statement“) among itself and Amazon.com Inc., Apple Inc., Google Inc., Hewlett-Packard Company, Research In Motion Limited and other companies (collectively the “Mobile App Market Companies”) describing the terms of a settlement relating to the AG’s review of mobile application marketplace privacy protections. The … Continue Reading

California Strengthens Breach Notification Requirements

This week California Governor Jerry Brown signed into law a new California data breach statute that strengthens notification requirements for residents of California. California currently has some of the most prolific and detailed consumer protection oriented laws impacting privacy and breach protection in the country. The current law requires that any entity that owns or … Continue Reading

Personal Information is Not Property Under California Unfair Competition Law

On May 12, 2011, a California federal court dismissed substantive claims in a class action privacy lawsuit against Facebook.  The plaintiffs alleged eight causes of action under federal and state law, claiming that Facebook shared users’ personal information with advertisers without the users’ consent.  Although the judge found that the plaintiffs had standing to bring … Continue Reading

California Social Networking Privacy Act Stalls

California SB 242 (Social Networking Privacy Act), which we covered here, would require social networking websites to design default privacy settings that prevent information about a user from being displayed without affirmative consent from the user.  On May 27, 2011, the bill failed to receive enough votes to pass the California Senate.      The bill faced … Continue Reading

California Retailers Who Collect Zip Codes In Credit Card Transactions May Now Face Class Action Lawsuits

On February 10, 2011, the California Supreme Court issued a decision in Pineda v. Williams-Sonoma (.pdf), finding that a ZIP code constitutes “personal identification information” under California’s Song-Beverly Credit Card Act of 1971 (the “Song-Beverly Act”).  The Song-Beverly Act prohibits retailers from requesting and recording “personal identification information” as a condition of a credit card transaction.  … Continue Reading
LexBlog