As the nation closely watches the election results coming in, the majority of votes counted in California suggest that the California Privacy Rights Act of 2020 (“CPRA”, or commonly known as “CCPA 2.0”), is on track to pass.  Proposition 24 under the California General Election, as of the information available to us at the time

On June 1, 2020, California Attorney General Xavier Becerra submitted a finalized package of CCPA regulations to the California Office of Administrative Law (OAL).   The package included not only the final text of the regulations, but also the final statement of reasons for amendments to the previous drafts. There have been multiple rounds of drafts

On May 4, the Californians for Consumer Privacy (led by Alistair McTaggart, the real estate investor and activist behind the original ballot initiative that led to the CCPA), announced in a letter that it had collected over 900,000 signatures to qualify the California Privacy Rights Act (“CPRA”) for the November 2020 ballot.  This version of

On April 30, 2020, U.S. Sens. Roger Wicker (R-MS), chairman of the Senate Committee on Commerce, Science, and Transportation, John Thune (R-SD) chairman of the Subcommittee on Communications, Technology, Innovation, and the Internet, Jerry Moran (R-KS), chairman of the Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security, and Marsha Blackburn (R-TN),  announced plans

Last Friday, October 11, 2019, one day after the California Attorney General issued proposed regulations to implement the California Consumer Privacy Act of 2018 (“CCPA”), the California Governor, Gavin Newsom, announced that he signed all five of the September 2019 legislative amendments to the CCPA into law.  Those amendments include AB-25, AB-874, AB-1146, AB-1355, and

The FTC is seeking public comment on a petition by Sear’s to reopen and modify its 2009 consent order to restrict the broad definition of “tracking application”.

Background.  In 2009, the FTC issued an order settling charges that Sears Holdings Management Corporation (“Sears”) had failed to adequately disclose the scope of consumers’ personal information

This month, the Federal Trade Commission (FTC) issued guidance for businesses operating websites and online services looking to comply with the Children’s Online Privacy Protection Act (“COPPA”). COPPA addresses the collection of personal information from children under 13.  Importantly, the determination of whether a business’s website is “directed to children under 13” (and thus subject

Target Corporation has reached an $18.5 million settlement with 47 states and the District of Columbia to resolve the investigation into the retailer’s 2013 data breach, officials announced on May 23, 2017. The 2013 data breach incident triggered various state consumer protection and data breach laws when hackers accessed consumer data for over 110 million

Today, Vizio, Inc., agreed to pay $2.2 million to settle charges by the FTC and the New Jersey Attorney General that it installed software on its Smart TGVS to collect viewing data on 11 million consumer televisions without the consumers’ knowledge or consent. The $2.2 million payment includes a $1.5 million payment to the FTC,

computer securityCourts and litigants find themselves standing on the precipice of Spokeo v. Robins, a monumental Supreme Court decision that could have potentially wide-ranging implications for data breach cases. Given the Court’s holding in Spokeo that a plaintiff must allege and prove more than just “a bare procedural violation” to satisfy the “concrete injury” component of standing’s injury-in-fact requirement, it may prove difficult for data-breach plaintiffs to survive challenges to their allegations of standing. For example, even if a consumer’s data has been stolen, a third party (such as a bank) may ultimately pay for any out-of-pocket losses (for instance, in the case of stolen credit card numbers). Thus, in the absence of any actual monetary losses, which is often the case, plaintiffs are forced to rely on allegations of an increased likelihood of fraud or identity theft. But as the initial influx of post-Spokeo cases make clear, plaintiffs must establish that their risk of future harm is more than speculative, a leap which some courts have been reluctant to take.
Continue Reading Standing on the Precipice: The Actual Injury Requirement After Spokeo