Privacy

Judge David O. Carter, in the Central District of California, made the following findings on a motion to dismiss: the CCPA is not retroactive despite allegations of an ongoing pattern and practice; the CCPA does not include a private right of action for "§§ 1798.100(b), 110(c), and 115(d)"; the "disclosure of consumers’ non-anonymized data was not a result of a… Read More

In Fraser v. Mint Mobile, LLC, No. C 22-00138 WHA, 2022 U.S. Dist. LEXIS 76772, at *2 (N.D. Cal. Apr. 27, 2022), Judge Alsup denied summary judgment to a defendant claiming that its data breach did not proximately cause the Plaintiff's cryptocurrency loss.  The facts were as follows: Defendant Mint Mobile, LLC is a mobile virtual network operator that currently… Read More

On a motion to dismiss, Judge Denise Cote of the Southern District of New York, dismissed Plaintiffs' CCPA cause of action.  In re Waste Mgmt. Data Breach Litig., No. 21cv6147 (DLC), 2022 U.S. Dist. LEXIS 32798, at *18-19 (S.D.N.Y. Feb. 24, 2022). [T]he [complaint] fails to state a claim for violation of the CCPA, because it does not plausibly allege… Read More

On March 10, 2022, the California Attorney General issued an Opinion letter in response to an inquiry from Assemblymember Kevin Kiley: QUESTION PRESENTED AND CONCLUSION Under the California Consumer Privacy Act, does a consumer’s right to know the specific pieces of personal information that a business has collected about that consumer apply to internally generated inferences the business holds about… Read More

Addressing what constitutes a cure under the current version of the CCPA, Judge Cote in the Southern District of New York, held that: the [Complaint] fails to state a claim for violation of the CCPA, because it does not plausibly allege that Waste Management breached its "duty to implement and maintain reasonable security procedures and practices appropriate to the nature… Read More

In Danfer-Klaben v. JPMorgan Chase Bank, N.A., No. SACV 21-262 PSG (JDEx), 2022 U.S. Dist. LEXIS 25553, at *16-17 (C.D. Cal. Jan. 24, 2022), Judge Gutierrez in the Central District of California held that: The CCPA provides relief to "any consumer whose nonencrypted and nonredacted personal information . . . is subject to an unauthorized access . . . or… Read More

On March 9, the SEC proposed Cybersecurity rules for public companies that if adopted,  would impose substantial new reporting obligations for material cybersecurity incidents and cybersecurity risk management, strategy, and governance.   A copy of the proposed Rules can be found at https://www.sec.gov/rules/proposed/2022/33-11038.pdf Read More

On October 27, 2021, the Federal Trade Commission ("FTC") announced important updates to the Gramm-Leach-Bliley Act's (the "Act") primary consumer protection rules. Enacted in 1999, the Act implemented regulations on financial institutions with regard to consumer privacy and data security concerns. It includes two primary parts, or "rules": the Privacy Rule and the Safeguards Rule. The Privacy Rule limits disclosure… Read More

On October 6, 2021, Governor Newsom signed several new bills into law: AB 1391 Adds section 1724 to the Civil Code and makes it unlawful for anyone to sell or sell access to data that was unlawfully obtained.  Similarly, it is unlawful for anyone to buy or use data that they know, or should know, was unlawfully obtained. AB 694 … Read More

In Maag v. United States Bank Nat'l Ass'n, No. 21cv31-H-LL, 2021 U.S. Dist. LEXIS 196307 (S.D. Cal. Oct. 12, 2021), Magistrate Lopez ordered production, subject to protective measures, of class discovery in a data breach case.  The Court addressed the standards for pre-certification class discovery. "The propriety of a class action cannot be determined in some cases without discovery, as… Read More