On Thursday, California Attorney General Xavier Becerra released draft regulations implementing the California Consumer Privacy Act (CCPA). The regulations provide the first glimpse into how the Attorney General interprets the sprawling law, which is slated to go into effect on January 1.

The new regulations cover seven topics:

  1. Notices to Consumers: The draft regulations clarify

In June of this year, California passed the California Consumer Privacy Act (CCPA) giving California residents specific rights related to their online privacy, similar to those proscribed by GDPR. The law was passed hastily to avoid a stricter ballot measure on the subject, but Governor Brown recently signed a bill amending the law.

Many

Just when you think you’ve tackled the Wild, Wild West of GDPR and privacy compliance, California decides to mix it all up again.

This November 6th, California voters will decide on the California Consumer Privacy Act (“Act”), a statewide ballot proposition intended to give California consumers more “rights” with respect to personal information (“PII”) collected from or about them.  Much like CalOPPA, California’s Do-Not-Track and Shine the Light laws, the Act will have broader consequences for companies operating nationwide.

The Act provides certain consumer “rights” and requires companies to disclose the categories of PII collected, and identify with whom the PII is shared or sold. It also includes a right to prevent the sale of PII to third parties, and imposes requirements on businesses to safeguard PII.  If passed, the Act would take effect on November 7, 2018, but would apply to PII collected or sold by a business on or after nine (9) months from the effective date – i.e., on August 7, 2019.

Who is Covered?

The Act is intended to cover businesses that earn $50 million a year in revenue, or businesses that “sell” PII either by (1) selling 100,000 consumer’s records each year, or (2) deriving 50% of their annual revenue by selling PII. These categories of businesses must comply if they collect or sell Californians’ PII, regardless of whether they are located in California, a different state, or even a different country.
Continue Reading

Western UnionLast week, California became the 50th state to join the multistate settlement with Western Union over its alleged complicity in fraud-induced wire transfers.  This followed Western Union’s $5 million agreement with 49 state and the District of Columbia for costs and fees in January, not to mention a whopping $586 million in settlement agreements

On Monday, a California federal judge enforced the California choice-of-law clause in Facebook’s online terms of use, and on that basis refused to consider the claims of a New Jersey resident that aspects of those terms of use violated New Jersey’s consumer contract disclosure law, the Truth-in-Consumer Contract, Warranty, and Notice Act (“TCCWNA”).  The decision

Last week, California Governor Jerry Brown signed into law three bills that revise California’s data breach notification statute. The bills, which take effect January 1, 2016, establish specific formatting requirements for the consumer breach notice letter; define “encrypted”; and create notice, security, and privacy obligations for data captured by automated license plate recognition (ALPR) systems.

Last week, California Governor Jerry Brown signed into law A.B. 1116, prohibiting manufacturers’ use of smart televisions’ voice recognition feature for advertising purposes. Effective January 1, 2016, consumers must be “prominently informed” during initial set-up or installation of the operation of a voice recognition feature, and any recordings collected through the operation of the

Yesterday, the California Public Utilities Commission announced it had approved a $33.4 million settlement with Comcast, which resolves allegations that, due to vendor switches, the company disclosed and published the contact information – name, address, and telephone number – of almost 75,000 California customers. Although the information published included contact information only, the affected customers

Last week, Lands’ End tried a second time to dismiss a “Made in U.S.A.” class action with the novel argument that, because the company had already reimbursed the plaintiff for the necktie she purchased, she is not injured and lacks standing.

As background, in October 2014, plaintiff Elaine Oxina filed the putative class action in