Photo of Alysa Zeltzer Hutnik

Email
(202) 342-8603
Bio

On Tuesday, the New York Attorney General Letitia James announced a settlement with Dunkin’ Brands, Inc. over allegations that the company failed to adequately respond to years of cyberattacks that compromised customers’ online accounts.

According to the lawsuit, Dunkin’ customers with “DD Perks” accounts were first targeted in early 2015 in a series of “credential

On August 30th, the California legislature passed a bill to continue the employee and business-to-business (B2B) exemptions contained in the CCPA for another year. Currently, the CCPA provides two limited exemptions for employee and B2B information, whereby this information is excluded from most CCPA requirements. Both of these exemptions become ineffective January 1, 2021. Assembly

The California Office of Administrative Law today approved the CCPA Regulations that the California Attorney General submitted in June, and the regulations are effective immediately. As we discussed here, the now-final regulations, for the most part, substantively match those that the AG released in March, with a few notable changes.

Significantly, the AG

It has been more than two years since the D.C. Circuit found the Federal Communications Commission’s (the “FCC”) discussion of predictive dialers and other equipment alleged to be an automatic telephone dialing system (“ATDS,” or “autodialer”) to “offer no meaningful guidance” on the question. In the absence of an FCC ruling on the remand, multiple

The replay for our July 30, 2020 California Consumer Privacy Act (CCPA) for Procrastinators: What You Need To Do Now If You Haven’t Done Anything Yet webinar is available here.

The coronavirus pandemic has put many things on hold, but CCPA enforcement is not one of them. The California Attorney General’s enforcement authority kicked

On July 22, the New York Department of Financial Services (DFS) announced the first enforcement action under its new Cybersecurity Regulation, which requires that businesses registered or licensed by DFS comply with a number of robust cybersecurity requirements. The action involves First American Title Insurance Company and, according to the Statement of Charges and Notice

January 1, 2020 was the effective date for the California Consumer Privacy Act (CCPA).  As we reported and summarized in our Q1 2020 CCPA Litigation Round-Up, private litigants wasted no time in filing consumer-related causes of action under the new law.

Here, we provide an update on material developments in that first wave of claims and report on additional private lawsuits commenced in the first half of the year.  We have further categorized the recently-filed cases based on those stemming from a data breach versus not.  In the latter category, the cases are further split based on the underlying alleged violations – last quarter, non-breach based claims related to the disclosures and opt-out mechanisms required by the CCPA as well as the scope of “personal information” covered by the CCPA.

1. Update on Cases Reported in Q1 2020


Continue Reading CCPA Litigation Round-Up: Q2 2020

On July 16, the European Court of Justice (CJEU) issued a highly-anticipated decision evaluating the validity of two popular mechanisms for transferring personal data from the EU to the United States: Privacy Shield and Standard Contractual Clauses (SCCs). The Court struck down Privacy Shield, but upheld the validity of SCCs – although not without providing

On July 9, 2020, the Supreme Court granted Facebook’s petition for certiorari in a case with potentially broad implications for both class action litigation and business communications with their current and potential customers.  The Supreme Court’s disposition of Facebook’s petition may settle the complex question of what qualifies as an automatic telephone dialing system (“ATDS”) under the Telephone Consumer Protection Act, 47 U.S.C. § 227, et seq. (“TCPA”).

The TCPA prohibits telemarketing calls to be placed using an ATDS without the requisite level of prior consent.  Thus, the definition of what technology qualifies as an ATDS is often a fundamental, threshold question upon which TCPA litigation turns.  Prior to 2015, the FCC had offered various, sometimes vague, interpretations of the term.  In 2015, the FCC offered an expansive definition, which was set aside in March 2018 in the ACA International decision.  While the issue has been before the FCC on remand for over two years now, courts nevertheless engaged in their own analysis of the statute, resulting in a broadening Circuit split on how the law is interpreted and applied and divergent outcomes based on the court in which the case is filed.  Now the Supreme Court is poised (potentially) to resolve that dispute.
Continue Reading Supreme Court to Weigh-in on the Definition of an Autodialer Under TCPA

On July 6, 2020, in a 7-2 decision, the Supreme Court upheld the constitutionality of the TCPA, but severed as unconstitutional the government debt exception.  William P. Barr et al. v. American Association of Political Consultants et al., Case No. 19-631 (2020).  Our preview of the Supreme Court’s consideration of the Barr case can