Press "Enter" to skip to content

Posts tagged as “Privacy”

And They’re Off! Multiple States Charging Ahead With Privacy Legislation    

As California Attorney General Xavier Becerra advises consumers of all their new rights under the California Consumer Privacy Act (CCPA), multiple states are introducing their own privacy acts, some of which are remarkably similar to the CCPA.  The most-watched privacy legislation is perhaps in Washington State, described below, which very nearly passed its Privacy Act last year.

2019: A Watershed Year for Consumer Financial Services Law

It has been an extraordinary 365 days for consumer financial services law. I cannot recall a year where so many states introduced legislation or proposed regulations or rules impacting the credit industry. At the federal level, proposed rules for the Fair Debt Collection Practices Act were (finally) released and California also proposed regulations under the California Consumer Privacy Act.

2019 Bankruptcy Year in Review: What We Have Seen and What to Expect in 2020

The year 2020 offers to be an interesting one for bankruptcy litigation. With several issues before the Supreme Court, at least one will have a material effect on financial services. In addition, higher credit costs will spur an increase in the number of bankruptcy filings, both on the consumer and commercial side. With the California Consumer Privacy Act taking effect on Jan. 1, it will not be long before we see issues arising from it percolating into bankruptcy cases. 

The 2019 Privacy Legislation Bomb Cyclone

The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and introduced privacy concepts that were new to some U.S. businesses.  Fortunately, the GDPR was developed over a period of time that allowed for thoughtful deliberation and careful drafting. The California Consumer Privacy Act (CCPA), on the other hand, was speedily enacted under the threat of a ballot initiative.

Illinois Legislature Passes Amendments to Data Breach Notification Law

On June 25, the Illinois Legislature sent Senate Bill 1624 to Gov. J. B. Pritzker.  The legislation adds a requirement to Illinois’ data breach notification law to notify the attorney general in the event of certain data breaches.  The bill will become law if not returned by the governor by Aug. 24, 2019. The legislation would amend the Personal Information Protection Act, 815 ILCS 530/10, by requiring that any data collector who must inform more than 500 Illinois residents of a data breach also provide notice to the attorney general describing: the nature of the breach; the number of affected residents;…

Texas Enacts Amendments to Data Breach Notification Law; Creates Privacy Protection Advisory Council

On June 14, Texas Gov. Greg Abbott signed into law House Bill 4390 which amends the notification requirements of Texas’ data breach law and creates an advisory council to study data privacy laws generally.  The provisions become effective Jan. 1, 2020. Currently, a person conducting business in Texas who “owns or licenses computerized data that includes sensitive data” must disclose the breach to any affected individual “as quickly as possible.”  Tex. Bus. & Com. Code § 521.053(b). The amendments will require the disclosure “be made without unreasonable delay and in each case not later than the 60th day after the…

9th Cir. Holds ‘Unlawful Information Collection and Sharing’ Class Action Improperly Removed Under CAFA

In a 2-1 decision, the U.S. Court of Appeals for the Ninth Circuit held that a putative class action against state entities and a private contractor for allegedly collecting and sharing personal data without authorization was essentially a local controversy and was therefore correctly remanded to state court under an exception in the federal Class Action Fairness Act (CAFA). Accordingly, the Ninth Circuit affirmed the ruling of the trial court remanding the matter to state court. A copy of the opinion in Kendrick v. Conduent State and Local Sols. is available at:  Link to Opinion. The plaintiffs sought to maintain an action in…

California Enacts Consumer Privacy Act of 2018

On June 28, California passed into law the California Consumer Privacy Act of 2018, which becomes operative on Jan. 1, 2020. As with the EU’s General Data Protection Regulation, the Privacy Act gives consumers greater control over the use and sharing of their personal information. The Privacy Act allows a consumer to request that a business disclose: the categories and specific pieces of personal information that it collects about the consumer; the categories of sources from which that information is collected; the business purposes for collecting or selling the information; the categories of third parties with which the information is…

CD Calif. Cites Lack of Clear Regulatory Guidance in Dismissing ADA Claims Relating to Website Accommodations for Visually-Impaired

The U.S. District Court for the Central District of California recently dismissed a claim brought under the federal Americans with Disabilities Act (ADA) brought by a visually-impaired plaintiff who alleged that the defendant pizza company’s website did not permit users to complete their purchases using a screen-reading software program.  The plaintiff also alleged that the company’s mobile app did not allow him to access the menu on his iPhone using a particular software. In dismissing the action without prejudice, the Court concluded that there were no regulations clarifying what web accessibility accommodations are required under the ADA.  Thus, the Court…

8th Cir. Reverses Data Breach Class Settlement, Holds Appellate Bond Not to Include Delay-Based Administrative Costs

In a data breach putative class action, the U.S. Court of Appeals for the Eighth Circuit recently held that the trial court had not conducted the required “rigorous analysis” of Federal Rule of Civil Procedure 23(a)’s class certification prerequisites when certifying the settlement class or when evaluating arguments raised by class objectors. Additionally, the Eighth Circuit also reversed the trial court’s ruling on the amount of the appeal bond, holding that an appellate bond should not include costs associated with delays in administering a class action settlement while the matter was on appeal. A copy of the opinion in Jim…

7th Cir. Upholds Dismissal of Unlawful Data Retention Claim Under Spokeo

The U.S. Court of Appeals for the Seventh Circuit recently held that although a consumer’s suit against a cable service provider for failing to destroy his personal information was a substantive violation of the federal Cable Communications Policy Act, it failed to allege a concrete injury sufficient to confer standing.