On August 24, 2022, the California Attorney General (AG) announced the entry of a final judgment to resolve claims that makeup retailer Sephora violated the California Consumer Privacy Act (CCPA). Notably, this is the California AG’s first enforcement action resulting in a fine and settlement under the CCPA. The California AG alleged that Sephora violated the CCPA by failing … Continue Reading
Given Broad Definitions, the Law Could Apply to Businesses That Do Not Consider Themselves Data Brokers While amending the California Consumer Privacy Act of 2018 (CCPA) last term, the California legislature also passed a CCPA-related privacy bill that applies to “data brokers.” Assembly Bill 1202 (AB 1202) requires businesses that qualify as data brokers to register, pay … Continue Reading
On May 22, 2019, WSGR and the Future of Privacy Forum (FPF) co-hosted an event focusing on advertising technology and how to overcome the challenges of complying with evolving global privacy requirements. Jules Polonetsky from FPF opened the program, focusing on the evolution of online advertising, from contextual to programmatic behavioral advertising. WSGR attorneys Lydia … Continue Reading
On May 1, 2019, WSGR held a panel discussing state and federal legislative privacy developments, including the California Consumer Privacy Act (CCPA). The panel, moderated by Chris Olsen, featured Ashkan Soltani, former chief technologist at the Federal Trade Commission (FTC), and Shaundra Watson, the senior director for policy at BSA (The Software Alliance). Here are … Continue Reading
On September 23, 2018, Governor Jerry Brown signed into law SB-1121, a bill that makes several amendments to the California Consumer Privacy Act (CCPA or the Act). The controversial privacy law, which is set to take effect in 2020, recently sparked a war of words among industry, privacy advocates, and the California Attorney General, each … Continue Reading
California Signs the First IoT Security Bill into Law, and the FTC Submits Comments to the Consumer Product Safety Commission Regarding the IoT California’s New IoT Law On September 28, 2018, California Governor Jerry Brown signed into law a cybersecurity bill governing Internet of Things (IoT) devices, the first law of its kind in the … Continue Reading
In a surprising twist, the California legislature rushed last week to pass one of the most comprehensive privacy laws in the country. The bill was introduced only a week prior, and within hours of passage, it was signed into law by Governor Jerry Brown. As strict as the act is, it was enacted to avoid … Continue Reading
Many businesses monitor or record customer service, telemarketing, and other telephone calls with consumers to help them improve customer service and for evidentiary reasons. Under federal and many state laws, calls may lawfully be monitored or recorded by businesses as long as those businesses have permission from their employees who participate on the calls. However, … Continue Reading
California Attorney General Kamala Harris recently announced a settlement with Houzz Inc., a home design website, over allegations that the company failed to notify individuals that it was recording their phone calls with the company.1 While the settlement included the payment of $175,000 in penalties and fees, it also included the surprising requirement that Houzz … Continue Reading
On September 17, 2015, California Attorney General Kamala Harris announced a $33 million settlement with Comcast Corp. to resolve an investigation into Comcast’s publishing of phone numbers that consumers had paid the company not to publish.1 Notably, the settlement is the largest privacy settlement on record to date, surpassing the recent $25 million settlement the … Continue Reading
By Wendell Bartnick and Joseph Molosky on Posted in Cybersecurity
Prompted by data breaches affecting large retailers in the United States, the California legislature recently passed Assembly Bill 1710 (A.B. 1710) to update the state’s breach notification law to require breached entities to provide free credit monitoring services to affected individuals following certain types of data breaches. This change, effective January 1, 2015, was recommended … Continue Reading
In keeping with its position as the nation’s leader on privacy issues, the state of California recently enacted significant new laws on student privacy and education data. The Student Online Personal Information Protection Act (SOPIPA) sets forth a variety of restrictions on how operators of online services offered in schools can use and disclose student … Continue Reading
A proposed California law, the Consumer Data Breach Protection Act (A.B. 1710),1 has the potential to upend the calculus of determining liability after retail data breaches, create additional data security requirements for retailers and other consumer-facing businesses operating in California, and establish new standards for data breach reporting for breaches affecting California residents. The bill, … Continue Reading
Kaiser Foundation Health Plan, Inc. (Kaiser) recently agreed to settle charges brought by California Attorney General Kamala Harris alleging that Kaiser, a component of Kaiser Permanente, the largest health maintenance organization in the U.S., violated California’s unfair competition law by taking too long to notify more than 20,000 current and former employees that their personal … Continue Reading
California, which enacted the pioneering security breach notification law in 2002, again has taken the lead in security breach notification legislation. In an effort to protect consumers against unauthorized access to their online accounts, California has extended its security breach notification law to cover individuals’ online account credentials (i.e., a user name or email address, … Continue Reading
