Tag Archives: California

California Bulks Up Security Breach Notification Requirements

Posted on September 2, 2011 by Hunton & Williams LLP

On August 31, 2011, California Governor Jerry Brown signed into law amendments to that state’s security breach notification statute.  The revisions establish new content requirements for breach notification letters to California residents, and mandate notification to the state Attorney General when a breach affects more than 500 Californians.  Senate Bill 24 was the third effort by State Senator Joe Simitian to build on the landmark California breach notification law he authored in 2002.  The two previous bills he proposed were passed by the California legislature, but vetoed by former Governor Arnold Schwarzenegger.

Continue reading…

Tags: , , , , , ,

Netflix Backs Amendment to Video Privacy Protection Act

Posted on July 27, 2011 by Hunton & Williams LLP

On July 25, 2011, Netflix stated that it will hold off on the launch of its Facebook integration in the U.S. due to legal issues related to the Video Privacy Protection Act (“VPPA”).  The new Facebook feature would allow Netflix subscribers to share their movie viewing information with friends online.  Netflix indicated in its second quarter shareholder letter that it supports House Bill 2471 (“H.B. 2471”), a proposed bipartisan amendment to the VPPA intended to clarify the consent requirement for sharing consumer video viewing information.  The letter states that “[u]nder the VPPA, it is ambiguous when and how a user can give permission for his or her video viewing data to be shared” and that the VPPA “discourages us from launching our Facebook integration domestically.”  As a result, the company plans to limit the campaign to Canada and Latin America until questions concerning the VPPA are resolved. Continue reading…

Tags: , , , , , , , ,

Class Action Suit Filed Against Cloud Service over Data Breach

Posted on July 22, 2011 by Hunton & Williams LLP

A putative class action complaint filed on June 22, 2011, in the United States District Court for the Northern District of California alleges that the popular cloud-based storage provider Dropbox, Inc. failed to secure users’ private data or to notify the vast majority of them about a data breach.  According to the complaint, Dropbox announced in a blog post on its website that it had “introduced a bug” on June 19, 2011, which allowed users logged in to its system to log into other users’ accounts and access those users’ data stored on Dropbox.  The complaint further claims that Dropbox did not notify most, if not all, of its 25 million users that their information had been compromised.  The complaint defines the plaintiff class as all current or former Dropbox users as of June 19, 2011, whose accounts were breached. Continue reading…

Tags: , ,

Google and GroupMe Lawsuits Claim Group Texting Services Violate TCPA

Posted on June 9, 2011 by Hunton & Williams LLP

On May 27, 2011, a class action complaint was filed in the United States District Court for the Northern District of California against Google and its recently acquired subsidiary, Slide, alleging that they violated the Telephone Consumer Protection Act (“TCPA”) when they sent text messages to people’s cell phones without first obtaining their consent.

Continue reading…

Tags: , , , , ,

Twitter and AmEx Lawsuits Highlight Gap Between Text Message Law and Industry Standards

Posted on June 9, 2011 by Hunton & Williams LLP

In a pair of lawsuits filed against Twitter, Inc. and American Express Centurion Bank, plaintiffs in a California federal court are seeking class-action status to assert claims that the defendants violated the Telephone Consumer Protection Act (“TCPA”) by sending each plaintiff a single text message to confirm that they had processed the plaintiff’s request to opt-out of receiving further text messages.  This litigation highlights a potential vulnerability in the mobile marketing programs of companies that have not fully considered how telemarketing law should inform their implementation of the Mobile Marketing Association’s U.S. Consumer Best Practices (the “MMA’s Best Practices”), the authoritative compilation of policies enforced by the major wireless carriers.

Continue reading…

Tags: , , , , , ,

Court Issues Final Order and Approves Awards in Google Buzz Settlement

Posted on June 3, 2011 by Hunton & Williams LLP

On May 31, 2011, an Order was filed in the District Court for the Northern District of California granting final approval of the Google Buzz class action settlement and cy pres awards for organizations focused on Internet privacy policy or privacy education. Pursuant to the Order, the court adopted the Google Buzz settlement agreement and certified the proposed settlement class, which includes “all Gmail users in the United States presented with the opportunity to use Google Buzz through the Notice Date.” The court also approved the following list of organizations and award amounts for distribution of the cy pres funds to be paid by Google as part of the settlement agreement:

  • American Civil Liberties Union – $7,000,000
  • Berkeley Center for Law & Technology – $500,000
  • Berkeley Law School, Samuelson Law, Technology & Public Policy Clinic – $200,000
  • Berkman Center for Internet & Society at Harvard University – $500,000
  • Brookings Institution – $165,000
  • Carnegie Mellon, Cylab Usability, Privacy & Security Lab – $350,000
  • Center for Democracy & Technology – $500,000
  • Electronic Frontier Foundation – $1,000,000
  • Indiana University, Center for Applied Cybersecurity Research – $300,000
  • Stanford, Center for Internet & Society – $500,000
  • YMCA of Greater Long Beach – $300,000
  • The Electronic Privacy Information Center – $500,000
  • The Markkula Center for Applied Ethics Santa Clara University – $500,000
  • Youth Radio – $50,000
Tags: , , , , ,

FCRA Claim Against Spokeo Allowed to Proceed

Posted on May 26, 2011 by Hunton & Williams LLP

On May 11, 2011, in Thomas Robins v. Spokeo, Inc., the United States District Court for the Central District of California granted in part and denied in part defendant Spokeo, Inc.’s motion to dismiss claims that it violated the Fair Credit Reporting Act (“FCRA”).  The ruling allows the plaintiff to continue his action against Spokeo, a website that aggregates data about individuals from both online and offline sources. Continue reading…

Tags: ,

California Bill Targets Social Networking Privacy

Posted on May 17, 2011 by Hunton & Williams LLP

A new bill proposed in California, the Social Networking Privacy Act (the “Act”), would force social networking websites to establish default privacy settings for their users that prohibit such sites from publicly displaying most information about users without the users’ consent.  Given that many social networking websites currently have default settings that make user personal information and photos public unless the user changes those settings, the Act would represent a fundamental shift in social networking privacy. Continue reading…

Tags: , , , , ,

Gaming Security Breach: “Only on PlayStation?”

Posted on April 28, 2011 by Hunton & Williams LLP

On April 26, 2011, Sony Computer Entertainment America (“Sony”) disclosed an information security breach that may affect up to 77 million consumers.  On Sony’s PlayStation blog, Patrick Seybold, Senior Director of Corporate Communications and Social Media, wrote that an unauthorized person intruded into Sony’s PlayStation Network and Qriocity streaming music and video service between April 17 and April 19, 2011, and may have obtained users’ names, addresses, email address, birthdates, passwords and logins.  Mr. Seybold wrote that “out of an abundance of caution” Sony was advising its users that their credit card information also may have been obtained.  The blog post also noted that Sony is taking steps to address the breach, which include (1) turning off PlayStation Network and Qriocity services, (2) engaging an external security firm to investigate the incident, and (3) enhancing information security and strengthening its network infrastructure.  Sony further advised users to “review your account statements and to monitor your credit reports,” and provided the contact information for the three major credit bureaus in the United States.

Continue reading…

Tags: , , , ,

Court Finds Allegations of Harm Sufficient to Allow Breach-Related Class Action Suit to Proceed

Posted on April 22, 2011 by Hunton & Williams LLP

On April 11, 2011, the United States District Court for the Northern District of California declined to dismiss four of the nine claims in a class action lawsuit filed against RockYou, Inc. (“RockYou”), a publisher and developer of applications used on popular social media sites.  The suit stems from a December 2009 security breach caused by an SQL injection flaw that resulted in the exposure of unencrypted user names and passwords of approximately 32 million RockYou users.  RockYou subsequently fixed the error and acknowledged in a public statement that “one or more individuals had illegally breached its databases” and that “at the time of the breach, the hacked database had not been up to date with industry standard security protocols.”  After receiving notification of the security breach from RockYou in mid-December, on December 28, 2009, a RockYou user who had signed up for a photo-sharing application filed a complaint seeking injunctive relief and damages for himself and on behalf of all other similarly-situated individuals.  

Continue reading…

Tags: , , , ,