Privacy

The CCPA went live on January 1, 2020, creating a cause of action and potential liability of between $100 to $750 per person for a data breach deriving from a business' failure to maintain reasonable policies and procedures.  Unfortunately, the CCPA does not define the term "reasonable".  While compliance lawyers and consultants properly have been advising their clients to shore… Read More

The FTC issued a press release summarizing, and providing links to, the various data breach settlements that it has reached with businesses in the last two years.  The FTC summarized its efforts to improve its data security orders and, in doing so, suggested the types of measures the FTC looks for in determining whether a business has implemented reasonable data… Read More

Here's our article on the CCPA's 30-day right to cure, published in the American Bar Association Consumer Financial Services Newsletter last month: https://www.americanbar.org/groups/business_law/publications/committee_newsletters/consumer/2019/201911/consumer/ Are you compliant and ready? Read More

Beginning on Monday, December 2, 2019, the California Attorney General began holding a series of four public comment hearings to receive comments on the draft regulations issued by the Attorney General in October 2019 regarding the California Consumer Privacy Act of 2018 (“CCPA”). Severson & Werson attorneys Joseph W. Guzzetta and Evelina Manukyan attended the San Francisco public comment hearing… Read More

In Adkins v. Facebook, Inc., No. C 18-05982-WHA, 2019 U.S. Dist. LEXIS 206271 (N.D. Cal. Nov. 26, 2019), Judge Alsup granted in part and denied in part a data breach class. This is a putative class action by plaintiff Stephen Adkins against defendant Facebook, Inc. Plaintiff asserts a claim for negligence based on Facebook's alleged faulty security practices in collecting… Read More

In Steven v. Carlos Lopez & Assocs., No. 18-CV-6500 (JMF), 2019 U.S. Dist. LEXIS 203621 (S.D.N.Y. Nov. 22, 2019), Judge Furman declined to  approve settlement of a data breach class due to the absence of Art. III standing. In June 2018, an employee of Defendant Carlos Lopez & Associates, LLC ("CLA"), a provider of mental and behavioral health services to… Read More

The CCPA enacted in 2018, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. It also requires the California Attorney General to solicit broad public participation and adopt regulations to further the CCPA’s purposes. Today, the AG issued proposed regulations designed to establish procedures to facilitate consumers’ new… Read More

On Wednesday, Californians for Consumer Privacy, the official proponent of the ballot initiative that became the California Consumer Privacy Act (“CCPA”), announced that it had filed a new voter-sponsored initiative with the California Secretary of State that will appear on the November 2020 ballot (if the requisite number of signatures can be gathered and certified).  The initiative, named the “California… Read More

The Firm’s depth and expertise in consumer privacy has been recognized through the publication of two of the definitive practice guides on privacy in California and on the California Consumer Privacy Act. Joe Guzzetta in the Firm’s San Francisco Office was retained by The Rutter Group to publish its California Practice Guide on Privacy Law, which is an in depth… Read More

In In re Facebook, Inc., No. MDL No. 2843, 2019 U.S. Dist. LEXIS 153505 (N.D. Cal. Sep. 9, 2019), Judge Chhabria allowed some claims to proceed against Facebook arising out of the Cambridge Analytica scandal. Facebook's motion to dismiss is littered with assumptions about the degree to which social media users can reasonably expect their personal information and communications to… Read More

Severson's own Joseph Guzzetta will moderate a panel of experts for The Rutter Group on the California Consumer Privacy Act.  The panel will consist of Mr. Guzzetta of the Firm's San Francisco office, Payal Mehra, the Senior Director of Privacy of RingCentral; and Rick Arney, Boardmember of Californians for Consumer Privacy and co-Author of the California Consumer Privacy Act.  A… Read More

In Anderson v. Kimpton Hotel & Rest. Grp., LLC, No. 19-cv-01860-MMC, 2019 U.S. Dist. LEXIS 133869, at *13-14 (N.D. Cal. Aug. 8, 2019), Judge Chesney dismissed a data breach claim under California's data breach statute, Civil Code 1798.81.5.  The facts were as follows: In their complaint, plaintiffs [*2]  allege "Kimpton uses an online reservation system that facilitates the booking of hotel… Read More

Thanks to David Trepp at BPM for collaborating with Severson & Werson on May 9, 2019 for a webinar on Cybersecurity Incident Avoidance and Response. https://lnkd.in/gYZYTqY Read More

In Patel v. Facebook, Inc., No. 18-15982, 2019 U.S. App. LEXIS 23673 (9th Cir. Aug. 8, 2019), the Court of Appeals for the 9th Circuit found that a class could be certified under the Illinois Biometric Privacy Act. The facts were as follows: When a new user registers for a Facebook account, the user must create a profile and agree… Read More

In Andrews v. Pa Afm Sirius Xm Radio, No. 18-55169, 2019 U.S. App. LEXIS 23670 (9th Cir. Aug. 8, 2019), the Court of Appeals for the 9th Circuit held that a used car stated no claim under the DPPA against Sirius radio.  The facts were as follows: On January 14, 2017, Andrews purchased a pre-owned 2012 Chevy Equinox from Auto… Read More

Severson's own Joseph Guzzetta will moderate a panel of experts for The Rutter Group on the California Consumer Privacy Act.  The panel will consist of Mr. Guzzetta of the Firm's San Francisco office, Payal Mehra, the Senior Director of Privacy of RingCentral; and Rick Arney, Boardmember of Californians for Consumer Privacy and co-Author of the California Consumer Privacy Act.  A… Read More

In In re Google Inc., No. 17-1480, 2019 U.S. App. LEXIS 23467, at *2-5 (3d Cir. Aug. 6, 2019), the Court of Appeals for the Third Circuit remanded the Google class action "cy-pres only" settlement back to the District Court for further evaluation. The defendant, Google Inc., created a web browser "cookie" that tracks an internet user's data (think following… Read More

In re Brinker Data Incident Litig., No. 3:18-cv-686-J-32MCR, 2019 U.S. Dist. LEXIS 128573 (M.D. Fla. Aug. 1, 2019), Judge Corrigan allowed a data-breach class action to proceed.  Hackers accessed Brinker's data network and installed malware on point-of-sale ("POS") systems at many Chili's restaurants, which Brinker owns, develops, operates, and franchises.  Brinker publicly announced the breach on May 12, 2018, stating: ”On May… Read More

In Bass v. Facebook, Inc., No. C 18-05982 WHA (JSC), 2019 U.S. Dist. LEXIS 104488 (N.D. Cal. June 21, 2019), Judge Alsup allowed a plaintiff to pursue Facebook for an ID Theft claim.  The facts were as follows: "Access tokens" star in the instant data breach. When a Facebook user logs into Facebook with a specific username and password, that… Read More

In AFGE v. OPM (In re United States OPM Data Sec. Breach Litig.), Nos. 17-5217, 17-5232, 2019 U.S. App. LEXIS 18609 (D.C. Cir. June 21, 2019), the Court of Appeals for the DC Circuit held that ID theft victims represented by their Union had article III standing.  The facts are rather dramatic. As its name suggests, the U.S. Office of… Read More