California Privacy Rights Act

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

FCC Reportedly Issues Letters of Inquiry Seeking Further Information on Wireless Providers Data Privacy Practices | Consumer Privacy World

The California Consumer Privacy Act (CCPA) currently has limited carve-outs for personal information (PI) collected from a job applicant, employee, owner, director, officer, medical staff member, or independent contractor of a business acting in such capacity (including, without limitation, communications, emergency contact and benefits PI) (HR data). An even broader exception applies to B-to-B communications and related PI (e.g., vendor, supplier and business customer contacts and communications) (B-to-B data). As a result, businesses subject to the CCPA are not currently required to honor CCPA rights requests received from persons concerning HR data and B-to-B data. These carve-outs are set to sunset on January 1, 2023, when the California Privacy Rights Act (CPRA), which substantially amends the CCPA, goes into full effect, at which point HR data and B-to-B data will be fully subject to all of the requirements of the CCPA/CPRA. Many business administrators had hoped that either the California legislature would extend the HR data exceptions (or maybe even make them permanent), or a federal law that limited data subject rights to traditional consumers would pass and preempt CCPA/CPRA. It is now clear that the former is impossible and the latter is highly unlikely. Accordingly, many companies have a lot to do by year-end to prepare to stand up a CCPA/CPRA program for HR data and B-to-B data.
Continue Reading HR and B-to-B Data Compliance Deadline Looming – Legislative Efforts to Extend California Consumer Privacy Act Exemptions Fail

On August 24, 2022, California Attorney General Rob Bonta issued a press release announcing the first public settlement by the Office of the Attorney General (OAG) involving alleged violations of the CCPA. The settlement involves a judicial judgment, civil penalties and ongoing monitoring and reporting. The use of noncompliance letters to cajole companies into compliance over many months now appears to be a closed chapter in the CCPA saga. Season 2 promises more drama, more action and more money. Entertaining unless you are the next target!
Continue Reading The Cookie Crumbles – Lessons from First California Consumer Privacy Act (CCPA) Monetary Settlement

This week a federal judge in Illinois granted final approval to a $92 million settlement to resolve TikTok privacy multidistrict litigation.  In Re: Tiktok, Inc., Consumer Privacy Litigation (Case: 1:20-cv-04699).  This case is notable for both its large class size and resolution of two dozen privacy litigations which had been previously filed against TikTok and

In a record-setting proposed settlement filed last week, T-Mobile has agreed to pay $350 million and boost its data security by $150 million over the next two years to resolve multidistrict litigation brought by T-Mobile customers whose data was allegedly exposed in a 2021 data breach.  Read on for the terms of the settlement, which may serve as a model in other high stakes data security cases going forward.

Recall that in August 2021, T-Mobile disclosed that it had been the victim of a cyberattack that resulted in the compromise of some current, former and prospective customers’ SSN, name, address, date of birth and driver’s license/ID information the “Data Event”).  By T-Mobile’s account, no “customer financial information, credit card information, debit or other payment information” was exposed in the attack.  Nevertheless, over 40 putative class action claims were filed seeking damages for the improper disclosure of Plaintiffs’ personal information.  In December 2021, the Judicial Panel on Multidistrict Litigation transferred and centralized the putative class actions into the MDL standing before the Western District of Missouri.Continue Reading T-Mobile Agrees in MDL to Record Setting $350 Million Data Breach Settlement to Resolve CCPA and Other Privacy Claims

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Online Safety in Digital Markets Needs a Joined Up Approach with Competition Law in the UK

China’s Didi Fined

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

FTC Emphasizes Commitment to Protection of Highly Sensitive Data

Federal and State Actions to Protect Robocall Invasion of Consumer

CPW’s Kristin Bryan and Glenn Brown recently jointed James Lee, Chief Operating Officer of the Identity Theft Resource Center (“ITRC”) and Eva Velasquez, Chief Executive Officer of the ITRC to discuss recent developments in privacy laws and privacy litigation.  Their podcast, which addresses recently enacted privacy laws, litigation trends, and what may be on the

This week Plaintiffs in thirteen consolidated cases brought against Accellion and other defendants filed a motion for preliminary approval of a class action settlement in California federal court.  This development is notable for its resolution (if approved) only as to Accellion and for the categories of relief offered to class members.  In re Accellion, Inc.

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

OOPS! And Other Takeaways from the First Draft of CPRA Regulations

Start Vetting Your Data Processors! Key Takeaways From