On June 30, 2023, the Sacramento County Superior Court granted Cal Chamber's petition for writ of mandate. The Court stayed the California Privacy Protection Agency's ability to enforce CPRA regulations for twelve months from implementation. The regulations that became final on March 29, 2023 may not be enforced by the Agency until March 29, 2024. Read More
In Aguirre v. Capital One Bank USA N.A., No. 8:23-cv-00128-FWS-JDE, 2023 U.S. Dist. LEXIS 105188, at *7 (C.D. Cal. June 15, 2023), Judge Slaughter kept the case in federal court under CAFA removal based on the defendant's guess-timate of damages. Defendant argues it has put forth reasonable assumptions demonstrating each Plaintiff's recovery exceeds $75,000, based on an estimate of $8,494… Read More
In Oceanside Health Prods. LLC v. Instock Goodies Inc., No. SACV 23-00266-CJC (DFMx), 2023 U.S. Dist. LEXIS 76671, at *10-11 (C.D. Cal. May 2, 2023), Judge Carney found in a non-CCPA tort case that the mere inclusion of CCPA privacy notices on a website was insufficient to demonstrate that a corporation intended to subject itself to tort claims in California.… Read More
The Court 0f Appeals for the 11th Circuit's limited the FTC's enforcement powers in LabMD, Inc. v. Federal Trade Commission, 894 F.3d 1221, 1237 (11th Cir. 2018). In follow-on litigation by LabMD against the FTC, Judge Brown dismissed on statute of limitations grounds a case against the FTC arising out the FTC's civil enforcement proceeding against LabMD. In Labmd, Inc.… Read More
On February 3, 2023, Judge Sykes of the Central District of California denied Goodyear's motion to transfer venue and its motion to dismiss Plaintiff's CIPA claim. Byars v. Goodyear Tire & Rubber Co., No. 522CV01358SSSKKX, 2023 WL 1788553 (C.D. Cal. Feb. 3, 2023). On the motion to transfer venue, the Court held: Where the internet contract falls into the browsewrap… Read More
In Mollaei v. Otonomo, Inc., Judge Thompson found that a vehicle's TCU did not constitute an "Electronic Tracking Device" because it was not "attached' to the vehicle and tracked the location only of the vehicle, and not the 'person', within the meaning of Penal Code 637.7. Penal Code 637.7 provides that (a) No person or entity in this state shall… Read More
OneTrust Data Guidance, a global leader in privacy and data protection, published an article today authored by Severson shareholders Genevieve Walser-Jolly and Scott Hyman on the proportionality doctrine under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"). Specifically, the CPRA amended the CCPA to provide additional consumer regarding their data, but a company should not… Read More
The FTC has announced additional time for financial institutions to comply with new Safeguards Rule changes. In response to personnel shortages and supply chain issues, the new deadline is June 9, 2023: What provisions are included in the six-month extension? Consult the Federal Register Notice for details, but the extension applies to provisions in the revised Rule that require covered companies to:… Read More
In Dhital v. Nissan N. Am., Inc., No. A162817, 2022 Cal. App. LEXIS 887, at *11-22 (Ct. App. Oct. 26, 2022), the California Court of Appeal found that the economic loss rule did not bar a fraudulent inducement claim so long as the claim was completely separate and apart from the Song-Beverly warranty claim. As noted, the trial court sustained… Read More
Today, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (E.O.) directing the steps that the United States will take to implement the U.S. commitments under the European Union-U.S. Data Privacy Framework (EU-U.S. DPF) announced by President Biden and European Commission President von der Leyen in March of 2022. The White House's press release… Read More
Today, the FFIEC issued an update to its October 2018 Cybersecurity Resource Guide. https://www.ffiec.gov/press/pdf/FFIECCybersecurityResourceGuide2022ApprovedRev.pdf The updated resource guide now includes ransomware-specific resources to address the ongoing threat of ransomware incidents. Read More
Ruling on a motion to dismiss a claim for violation of the California Consumer Privacy Act, the Hon. Mary M. Rowland of the United States District Court in the North District of Illinois, held: Defendants argue that [Plaintiff] fails to allege a specific action Defendants took or failed to take that breached a duty under the CCPA to maintain "reasonable"… Read More
In Vigil v. Muir Med. Grp. Ipa, No. A160897, 2022 Cal. App. Unpub. LEXIS 5858, at *17-32 (Sep. 26, 2022), the California Court of Appeal affirmed denial of class certification in a CMIA data breach case because each classmember would have to prove that an unauthorized party viewed the confidential information. The data breach facts were as follows. Muir is… Read More
In Moore v. Centrelake Med. Grp., No. B310859, 2022 Cal. App. LEXIS 795, at *4-7 (Ct. App. Sep. 16, 2022), the Court of Appeal allowed a UCL claim to proceed in a data breach case. The data breach facts were as follows: Centrelake is a medical provider operating eight medical facilities in southern California. Prior to January 9, 2019, appellants… Read More
The Conference of State Bank Supervisors recently released new tools for nonbank financial services companies to improve their cybersecurity posture. The CSBS - Baseline Nonbank Exam Program V1.0 and the CSBS - Enhanced Nonbank Exam Program V1.0 are tools used by state examiners nationwide to assess the cyber preparedness of nonbank entities, and provides these institutions the ability to improve their… Read More
The FTC announced an advanced notice of proposed rulemaking on commercial surveillance and security. “Commercial surveillance” is defined as the business of collecting, analyzing and profiting from consumer data. The FTC seeks public comment on implementation of new rules on how businesses "(1) collect, aggregate, protect, use, analyze, and retain consumer data, as well as (2) transfer, share, sell, or… Read More
On August 11, 2022, the CFPB issued a circular on data security and the question "[c]an entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?" The short answer is "yes." The CFPB highlights specific security measures to minimize risk. In line with the new… Read More
Ruling on Defendant's Motion to Dismiss (Aviva Kirsten v. Cal. Pizza Kitchen, Inc., No. 2:21-cv-09578-DOC-KES (C.D. Cal. July 29, 2022), Judge David O. Carter of the Central District of California held: Defendant argues that Plaintiffs’ CCPA claim fails because Plaintiffs provide no facts to maintain that Defendant failed to maintain reasonable security procedure and practices. Mot. at 20. However, Defendant… Read More
In Wynne v. Audi of Am., No. 21-cv-08518-DMR, 2022 U.S. Dist. LEXIS 131625, at *2-4 (N.D. Cal. July 25, 2022), Judge Ryu found that the CCPA, by itself, does not confer Article III standing under the SCOTUS' TransUnion decision. The facts of the data breach were as follows: Wynne makes the following allegations in the amended complaint: Defendant Audi is a… Read More
In Tukin v. Halsted Financial Services, LLC, Judge Wood found no Article III standing for a Hunstein claim (of sharing a consumer's data with a vendor) where the sharing was done by way of encrypted data transfer. First, of note, Judge Wood found no "glassine window" violation for use of an "Intelligent Mail Code" on the dunning letter's envelope. Count III alleges that… Read More
