On February 4, 2013 a sharply divided California Supreme Court held in Apple, Inc. v. Superior Court (Case No. S199384) (“Apple”) that the Song-Beverly Credit Card Act (the “Act”) does not apply to online purchases in which products are downloaded. The Act prohibits retailers from requesting or requiring consumers to provide personal identification information (“PII”) […]
James Denvil, an associate in our Washington office, contributed to this entry. This week, Washington lawmakers and California’s Attorney General focused their attention on mobile privacy. The Senate Judiciary Committee is considering a measure that would establish legal requirements for apps that collect or share location information from mobile devices. A Democratic congressman released for […]
On Tuesday, October 30, the California Attorney General Kamala Harris announced that her office has begun “formally notifying” mobile device application (“app”) operators that they are out of compliance with the notice provisions of the California Online Privacy Protection Act of 2003 (“CalOPPA”). The letters are a reminder that app developers and their partners should review their app data privacy and security practices and ensure that any apps collecting PII comply with the CalOPPA requirements, as well as other applicable Federal and state laws.
A new law that amends the California Confidentiality of Medical Information Act (CMIA) may provide some relief to HIPAA covered entities and business associates, some of whom have faced class action lawsuits seeking millions in statutory damages under the CMIA for large-scale data breaches. The changes to the CMIA are summarized in this entry.
California has become the latest state to pass a law prohibiting employers from requesting access to employees’ and job applicants’ social media information or accounts.
A new agreement this week between mobile app platform operators and the California Attorney General effectively creates enforceable, nationwide mobile app privacy standards that companies will need to follow going forward.
The California Attorney General recently launched an on-line form for businesses to report breaches of security, which is described in this entry.
A new amendment to California’s security breach notification statute establishes specific content requirements for data breach notifications and imposes a new Attorney General notification requirement for breaches affecting more than 500 California residents.
The U.S. Court of Appeals for the Ninth Circuit held on August 6, 2009 that standing for private plaintiffs under the CAN-SPAM Act is limited. Judge Richard Tallman, who authored the court’s opinion in Gordon v. Virtumundo, Inc., No. 07-35487 (Aug. 6, 2009, 9th Cir.), noted that this was the first case in which the […]