Photo of Tara Marciano

Email
(212) 808-7542
Bio

January 1, 2020 was the effective date for the California Consumer Privacy Act (CCPA).  As we reported and summarized in our Q1 2020 CCPA Litigation Round-Up, private litigants wasted no time in filing consumer-related causes of action under the new law.

Here, we provide an update on material developments in that first wave of claims and report on additional private lawsuits commenced in the first half of the year.  We have further categorized the recently-filed cases based on those stemming from a data breach versus not.  In the latter category, the cases are further split based on the underlying alleged violations – last quarter, non-breach based claims related to the disclosures and opt-out mechanisms required by the CCPA as well as the scope of “personal information” covered by the CCPA.

1. Update on Cases Reported in Q1 2020


Continue Reading CCPA Litigation Round-Up: Q2 2020

Earlier this month, we offered our analysis and takeaways from a Magistrate Judge’s decision that defendant Capital One was required to produce a third-party data breach assessment report as part of ongoing consumer litigation.  Available here.  Not surprisingly, Capital One appealed that order.  On June 25, 2020, District Court Judge Anthony Trenga affirmed the

Following a data breach, companies generally launch an investigation to determine the source and scope of the breach. These efforts are often led by in-house privacy, compliance, and/or litigation counsel with an eye firmly planted on the legal claims that might be asserted, or need to be defended, as a result of that breach. Often key to any data breach investigation is an incident response consultant that helps determine the scope and analyzes the causes of a potential breach. Many companies expect that any reports by, or communications with, the consultant would be protected by the attorney-client privilege and/or work product doctrine, which would shield relevant materials from production during any governmental investigations or third-party litigation that arise from the event. Recently, however, a federal court compelled production of just such a breach report and related documents, calling into question the scope of that protection for data breaches and possibly other corporate investigations.

This post discusses the background and rationale that led to the Court’s finding and offers our advice concerning steps that should be taken to maximize the potential scope of protection for consultant reports in data breach investigations and other corporate investigations.
Continue Reading Lessons Learned for Maintaining Attorney-Client Privileged Data Breach Investigation (and other Consultant) Reports

Ad Law Access Podcast - Operationalizing CCPACCPA compliance is a cross-functional exercise that requires active participation and buy-in from business units across the organization to tackle data mapping, work flows and employee training. On the latest episode of the Ad Law Access Podcast, special counsel Tara Marciano and associates Carmen Hinebaugh and Alexander Schneider discuss the ongoing challenges of operationalizing CCPA

While the Copyright Act has a three-year statute of limitations, most courts follow the “discovery rule,” pursuant to which “an infringement claim does not ‘accrue’ until the copyright holder discovers, or with due diligence should have discovered, the infringement.” See, e.g., Psihoyos v. John Wiley & Sons, Inc., 748 F.3d 120, 124  (2d

As we have previously advised, the Trump Administration is targeting the sale of counterfeit goods on e-commerce platforms. Early this year, the Department of Homeland Security issued its report to the White House on “Combating Trafficking in Counterfeit and Pirated Goods,” in response to which the White House entered its Executive Order aimed at blocking

The California Consumer Privacy Act (CCPA) took effect January 1, 2020.  While the California Attorney General’s enforcement authority is delayed until July 1, private litigants have already started to file direct claims under the CCPA as well as other consumer-related causes of actions predicated on alleged CCPA violations.  Notably, the California Attorney General takes the

Effective March 21, 2020, the New York SHIELD Act imposes data security requirements on most businesses that own or license computerized data that includes the “private information” (defined below) of New York residents. In sum, such businesses must develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of that private information.