In Chien v. Bumble Inc., 641 F. Supp. 3d 913, 927–30 (S.D. Cal. 2022), District Court Judge Gonzalo P. Curiel addressed the sufficiency of California contacts for specific personal jurisdiction in a data privacy case that includes a claim for violation of the CCPA. In the context of a nationally accessible website, “something more” than operating a passive website is… Read More
In Bohnak v. Marsh & McLennan Companies, Inc., No. 22-319, 2023 WL 5437558, at *1 (2d Cir. Aug. 24, 2023), the Court of Appeals for the Second Circuit addressed Article III standing requirements and a framework in data breach cases where an individual whose personally identifying information (“PII”) is exposed to unauthorized actors, but has not (yet) been used for… Read More
In In re Marriott Int'l, Inc., No. 22-1744, 2023 WL 5313006, at *6 (4th Cir. Aug. 18, 2023), the Court of Appeals for the 4th Circuit rejected class certification in a data breach case. First, the Court of Appeals found that addressing the Defendant's contractual class-action waiver defense needed to be done prior to class certification and not after. The… Read More
Judge Larry Alan Burns of the Northern District of California addressed four different arguments on a Motion to Dismiss a CCPA cause of action. Holding No. 1: allegations that a business failed to utilize alleged industry technology was sufficient to plead a failure to implement and maintain reasonable security measures. [Defendant] argues that the CCPA doesn't impose a duty to… Read More
In People v. Ct. Ventures, Inc., No. G061093, 2023 WL 4673750, at *3–4 (Cal. Ct. App. July 21, 2023), the Court of Appeal in an unpublished decision limited the scope of the CRA to current owners/licensees of PII. Civil Code section 1798.82 provides in relevant part: “(a) A person or business that conducts business in California, and that owns or… Read More
The CFPB issued its Summer 2023 Supervisory Highlights, including a section on security protocols. "The CFPB’s Supervision program evaluates information technology controls at supervised institutions that may impact compliance with Federal consumer financial law or implicate risk to consumers. The CFPB assesses the effectiveness of information technology controls in detecting and preventing data breaches and cyberattacks. For example, inadequate security… Read More
United States District Court Judge Cynthia Bashant, of the Central District of California, ruled on several privacy claims on a motion to dismiss. Addressing injury in fact: "Plaintiff alleges Defendant collected his personal information in violation of the California Constitution and various California statutes. (Am. Compl. ¶ 1.) Among the collected data are his “geolocation, ... communications related to his… Read More
A District Court in Washington dismissed Plaintiffs' claim for statutory damages because they failed to give pre-suit notice under the CCPA. The Court dismissed the request for statutory damages without prejudice meaning Plaintiffs can give notice (despite the pending action) and then seek to amend and add back in a request for statutory damages. Plaintiffs ... insist that they seek… Read More
On June 30, 2023, the Sacramento County Superior Court granted Cal Chamber's petition for writ of mandate. The Court stayed the California Privacy Protection Agency's ability to enforce CPRA regulations for twelve months from implementation. The regulations that became final on March 29, 2023 may not be enforced by the Agency until March 29, 2024. Read More
In Aguirre v. Capital One Bank USA N.A., No. 8:23-cv-00128-FWS-JDE, 2023 U.S. Dist. LEXIS 105188, at *7 (C.D. Cal. June 15, 2023), Judge Slaughter kept the case in federal court under CAFA removal based on the defendant's guess-timate of damages. Defendant argues it has put forth reasonable assumptions demonstrating each Plaintiff's recovery exceeds $75,000, based on an estimate of $8,494… Read More
In Oceanside Health Prods. LLC v. Instock Goodies Inc., No. SACV 23-00266-CJC (DFMx), 2023 U.S. Dist. LEXIS 76671, at *10-11 (C.D. Cal. May 2, 2023), Judge Carney found in a non-CCPA tort case that the mere inclusion of CCPA privacy notices on a website was insufficient to demonstrate that a corporation intended to subject itself to tort claims in California.… Read More
The Court 0f Appeals for the 11th Circuit's limited the FTC's enforcement powers in LabMD, Inc. v. Federal Trade Commission, 894 F.3d 1221, 1237 (11th Cir. 2018). In follow-on litigation by LabMD against the FTC, Judge Brown dismissed on statute of limitations grounds a case against the FTC arising out the FTC's civil enforcement proceeding against LabMD. In Labmd, Inc.… Read More
On February 3, 2023, Judge Sykes of the Central District of California denied Goodyear's motion to transfer venue and its motion to dismiss Plaintiff's CIPA claim. Byars v. Goodyear Tire & Rubber Co., No. 522CV01358SSSKKX, 2023 WL 1788553 (C.D. Cal. Feb. 3, 2023). On the motion to transfer venue, the Court held: Where the internet contract falls into the browsewrap… Read More
In Mollaei v. Otonomo, Inc., Judge Thompson found that a vehicle's TCU did not constitute an "Electronic Tracking Device" because it was not "attached' to the vehicle and tracked the location only of the vehicle, and not the 'person', within the meaning of Penal Code 637.7. Penal Code 637.7 provides that (a) No person or entity in this state shall… Read More
OneTrust Data Guidance, a global leader in privacy and data protection, published an article today authored by Severson shareholders Genevieve Walser-Jolly and Scott Hyman on the proportionality doctrine under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"). Specifically, the CPRA amended the CCPA to provide additional consumer regarding their data, but a company should not… Read More
The FTC has announced additional time for financial institutions to comply with new Safeguards Rule changes. In response to personnel shortages and supply chain issues, the new deadline is June 9, 2023: What provisions are included in the six-month extension? Consult the Federal Register Notice for details, but the extension applies to provisions in the revised Rule that require covered companies to:… Read More
In Dhital v. Nissan N. Am., Inc., No. A162817, 2022 Cal. App. LEXIS 887, at *11-22 (Ct. App. Oct. 26, 2022), the California Court of Appeal found that the economic loss rule did not bar a fraudulent inducement claim so long as the claim was completely separate and apart from the Song-Beverly warranty claim. As noted, the trial court sustained… Read More
Today, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (E.O.) directing the steps that the United States will take to implement the U.S. commitments under the European Union-U.S. Data Privacy Framework (EU-U.S. DPF) announced by President Biden and European Commission President von der Leyen in March of 2022. The White House's press release… Read More
Today, the FFIEC issued an update to its October 2018 Cybersecurity Resource Guide. https://www.ffiec.gov/press/pdf/FFIECCybersecurityResourceGuide2022ApprovedRev.pdf The updated resource guide now includes ransomware-specific resources to address the ongoing threat of ransomware incidents. Read More
Ruling on a motion to dismiss a claim for violation of the California Consumer Privacy Act, the Hon. Mary M. Rowland of the United States District Court in the North District of Illinois, held: Defendants argue that [Plaintiff] fails to allege a specific action Defendants took or failed to take that breached a duty under the CCPA to maintain "reasonable"… Read More
