Tag Archives: California

UK and U.S. Regulators Introduce New Breach Guidance, Notification Forms

Posted on February 3, 2012 by Hunton & Williams LLP

In recent weeks, regulators in California and Illinois have issued guidance on responding to data security breaches, while UK and California authorities released online forms for organizations to use when providing notification of a breach to regulators.

In December 2011, the UK Information Commissioner’s Office (“ICO”) released a new breach notification form, reinforcing its expectation that organizations provide notification whether or not such notification is legally required. Sector-specific breach notification requirements were introduced in the UK by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, and since May 2011, public electronic communication service providers have been required to notify the ICO, and in some cases affected individuals, in the event of a data security breach. All other organizations are strongly encouraged to notify the ICO of serious security breaches, and the fact that an incident was reported voluntarily is something the ICO takes into consideration when determining the appropriate enforcement action.

Continue reading…

Tags: , , , , , ,

Massachusetts Court Dismisses ZIP Code Suit for Failure to Allege a Cognizable Injury

Posted on January 12, 2012 by Hunton & Williams LLP

On January 6, 2012, the United States District Court for the District of Massachusetts granted Michaels Stores, Inc.’s (“Michaels”) a motion to dismiss against a customer-plaintiff who alleged that Michaels’ in-store information collection practices violated Massachusetts law. Although the court ruled in Michaels’ favor, it found that customer ZIP codes do constitute personal information under Massachusetts state law when collected in the context of a credit card transaction. The plaintiff’s class action complaint alleged that “Michaels illegally requested customers’ ZIP codes when processing their credit card transactions in violation of” Massachusetts General Laws Chapter 93, Section 105(a) (“Section 105(a)”). Specifically, Section 105(a) states that “[n]o person, firm, partnership, corporation or other business entity that accepts a credit card for a business transaction shall write, cause to be written or require that a credit card holder write personal identification information, not required by the credit card issuer, on the credit card transaction form.”

Continue reading…

Tags: , , , , , ,

Netflix Litigation Ordered to Mediation as House Passes VPPA Amendment

Posted on December 15, 2011 by Hunton & Williams LLP

On December 1, 2011, a consolidated litigation against Netflix was ordered to private mediation pursuant to an agreement between the parties. As we previously reported, the plaintiffs allege that Netflix’s practice of maintaining customer movie rental history and recommendations after their subscriptions are cancelled violates the federal Video Privacy Protection Act (“VPPA”). In August 2011, several similar cases against Netflix were consolidated by a federal court in California.

News of the mediation order comes as a significant amendment to the VPPA awaits Senate approval. On December 6, 2011, the House of Representatives passed House Bill 2471 (“H.B. 2471”), which would allow video tape service providers to obtain consumers’ informed, written consent to disclose their personally identifiable information “[i]n advance for a set period of time or until consent is withdrawn.” H.B. 2471 also provides that “informed written consent” may be obtained electronically over the Internet. As we reported earlier this year, concerns regarding potential VPPA violations prompted Netflix to delay the U.S. launch of an integrated service with Facebook that would allow subscribers to share their television and movie viewing information. In July 2011, Netflix’s CEO criticized the VPPA as being “ambiguous” and “poorly drafted.” Discussing H.B. 2471 on the Netflix Blog, the company called on its customers to email Congress “to urge them to pass this modernizing legislation.”

Tags: , , , , , , , ,

Court Dismisses Facebook “Friend Finder” Lawsuit

Posted on November 3, 2011 by Hunton & Williams LLP

On October 27, 2011, the United States District Court for the Northern District of California dismissed claims that Facebook misappropriated users’ names and likenesses in promoting its “Friend Finder” feature. Friend Finder identifies potential “friends” for a Facebook user by matching his or her email contacts with users already registered with Facebook, then presenting the user with friend suggestions. Facebook promoted the feature by displaying the names and profile photos of current friends as examples of users who had found friends with Friend Finder.

Continue reading…

Tags: , , , , ,

California Passes Law Prohibiting Discrimination Based on Genetic Information

Posted on October 24, 2011 by Hunton & Williams LLP

As reported in the Hunton Employment & Labor Perspectives Blog:

California Governor Jerry Brown recently signed into law Senate Bill No. 559 (SB 559), which prohibits discrimination based on an individual’s genetic information. While SB 559 significantly expands the protections from genetic discrimination provided under the federal Genetic Information Nondiscrimination Act of 2008 (GINA), at this time, its impact on most California employers is thought to be limited to the potential for greater damages to be awarded under it than under its federal counterpart.

Continue reading…

Tags: , ,

California Joins the Growing List of States Restricting Employers’ Use of Consumer Credit Reports

Posted on October 21, 2011 by Hunton & Williams LLP

As reported in the Hunton Employment & Labor Perspectives Blog, on October 10, 2011, California became the seventh state to enact legislation restricting public and private employers alike from using consumer credit reports in making hiring and other personnel decisions. Assembly Bill No. 22 both adds a new provision to the California Labor Code — Section 1024.5 — and amends California’s Consumer Credit Reporting Agencies Act (“CCRAA”). Effective January 1, 2012, California employers will be prohibited from requesting a consumer credit report for employment purposes unless they meet one of the limited statutory exceptions, and those employers meeting an exception, will be subjected to increased disclosure requirements. Connecticut, Illinois, Hawaii, Oregon, Maryland and Washington already have similar laws on the books, and many other states, as well as the federal government, are contemplating similar legislation. This trend creates a potential “credit-centric” minefield for employers that do business in any one or more of these states. In light of the multiple laws affecting their use, employers who utilize consumer credit reports in making personnel decisions should proceed cautiously. Employers must evaluate the need for these reports in making personnel decisions, review and modify their policies to ensure compliance with the myriad of regulations in this area, and monitor any new developments to ensure continued compliance.

Continue reading…

Tags: , , , , , , , ,

New Jersey Courts Issue Conflicting Rulings in ZIP Code Collection Cases

Posted on October 18, 2011 by Hunton & Williams LLP

Last month, two New Jersey judges issued opposing decisions in class action lawsuits regarding merchants’ point-of-sale ZIP code collection practices. The conflicting orders leave unanswered the question of whether New Jersey retailers are prohibited from requiring and recording customers’ ZIP codes at the point of sale during credit card transactions.

Continue reading…

Tags: , , , , ,

Online Tracking Practices Face Increasing Scrutiny

Posted on September 9, 2011 by Hunton & Williams LLP

Over the past several weeks, online tracking practices involving the use of Flash cookies and ETags have been the subject of new research studies, class action lawsuits and significant media attention.

Continue reading…

Tags: , , , , , , , ,

California Bulks Up Security Breach Notification Requirements

Posted on September 2, 2011 by Hunton & Williams LLP

On August 31, 2011, California Governor Jerry Brown signed into law amendments to that state’s security breach notification statute.  The revisions establish new content requirements for breach notification letters to California residents, and mandate notification to the state Attorney General when a breach affects more than 500 Californians.  Senate Bill 24 was the third effort by State Senator Joe Simitian to build on the landmark California breach notification law he authored in 2002.  The two previous bills he proposed were passed by the California legislature, but vetoed by former Governor Arnold Schwarzenegger.

Continue reading…

Tags: , , , , ,

Netflix Backs Amendment to Video Privacy Protection Act

Posted on July 27, 2011 by Hunton & Williams LLP

On July 25, 2011, Netflix stated that it will hold off on the launch of its Facebook integration in the U.S. due to legal issues related to the Video Privacy Protection Act (“VPPA”).  The new Facebook feature would allow Netflix subscribers to share their movie viewing information with friends online.  Netflix indicated in its second quarter shareholder letter that it supports House Bill 2471 (“H.B. 2471”), a proposed bipartisan amendment to the VPPA intended to clarify the consent requirement for sharing consumer video viewing information.  The letter states that “[u]nder the VPPA, it is ambiguous when and how a user can give permission for his or her video viewing data to be shared” and that the VPPA “discourages us from launching our Facebook integration domestically.”  As a result, the company plans to limit the campaign to Canada and Latin America until questions concerning the VPPA are resolved. Continue reading…

Tags: , , , , , , , ,