Tag Archives: California

California Amends Its Data Breach Notification Law…Again

Under this most recent change to California’s breach notification laws (California Civil Code sections 1798.29 and 1798.82), which takes effect January 1, 2017, businesses and agencies subject to the laws can no longer assume that notification is not required when the personal information involved in the breach is encrypted. Under current California law, notification of … Continue Reading

Employers Beware of Phishing Scams

On April 20, 2016, a class action lawsuit was filed in the United States District Court, Southern District of California against Sprouts Farmers Market, Inc. The lawsuit was initiated by a former employee whose W-2 was allegedly disclosed as part of a phishing scam that occurred in late March 2016 amid reports that Sprouts’ employees … Continue Reading

The Inexplicit Requirement and Definitive Necessity for Employers to Implement Privacy Policies

In the face of seemingly daily news reports of company data breaches and the mounting legislative concern and efforts on both the state and federal level to enact laws safeguarding personal information maintained by companies, employers should be questioning whether they should implement privacy policies to address the protection of personal information they maintain on … Continue Reading

Reasonable Data Security Defined by California AG

Last week, California Attorney General, Kamala D. Harris – who has been mentioned as a potential nominee to fill Justice Antonin Scalia’s recently vacated seat on the U.S. Supreme Court – issued the California Data Breach Report (Report).  The Report provides an analysis of the data breaches reported to the California AG from 2012-2015. The … Continue Reading

California Minors Gain Privacy Rights in the Online World

Thanks to a new state law enacted to protect minors from the modern follies of youth, minors in California can ring in the New Year by permanently deleting their regrettable online posts. This so-called “Online Eraser Law” – signed by Governor Jerry Brown on September 23, 2013 – will take effect on January 1, 2015. … Continue Reading

California AB-1710 – Requires Credit Monitoring Information in Data Breach Notice, Including Services Must Last 12 Months and Be Provided at No Cost

California Governor Jerry Brown signed AB-1710 into law yesterday amending its existing data breach notification statute. The most significant change – companies that experience a data breach must provide information in the notification that if identity theft prevention and mitigation services are provided, they must be provided for at least 12 months to affected persons … Continue Reading

California Healthcare Provider Defeats Data Breach Class Action on Definition of Medical Information

  In a victory for California healthcare providers, the California Court of Appeal recently held that a health care provider is not liable under California’s Confidentiality of Medical Information Act (CMIA) (Cal. Civ. Code, § 56 et seq.) when the health care provider releases an individual’s personal identifying information, but the information does not include … Continue Reading

California Attorney General Announces More Active Role in Dealing with Data Breaches, and Helpful Guide for Small Business

On Thursday, California Attorney General Kamala Harris announced heightened enforcement concerning data breaches, reports USAToday. AG Harris’ office also issued a Guide that provides recommendations to California businesses, particularly small businesses, to help them protect against and respond to the increasing threat of malware, data breaches and other cyber risks. The circumstances are certainly threatening for small business. According to … Continue Reading

NY Times Article Highlights State Action on Privacy

The New York Times published an interesting front page article by Somini Sengupta on October 31, 2013 about the growing trend of state legislative action on privacy issues, noting that over two dozen privacy laws have passed this year in more than 10 states. The piece also notes that the “patchwork of rules across the country” is … Continue Reading

How Do I Track Thee? Let Me Count The Ways.

California law soon may require commercial websites that collect personal data to disclose how they respond to “Do Not Track” signals from Web browsers. AB 370, an amendment to the California Online Privacy Protection Act (Act), which was sponsored by Attorney General Kamala Harris, passed the California Senate and Assembly at the end of August. Governor Jerry … Continue Reading

California Considers Broader and Tougher Data Disclosure Requirements for Use of Customer Personal Information

In the face of increasing incidences of and rising public concern regarding identity theft, the California Legislature is considering a bill with new personal information data disclosure requirements for California businesses and a broad definition of what constitutes personal information. California Assembly Bill 1291, would require businesses who have customer personal information and have disclosed … Continue Reading

Privacy on the Go: California’s Recommendations for Mobile Device/App Privacy and Security

In 2012, California took significant steps to increase privacy protections for users of mobile applications (apps) which involved working with companies such as Amazon, Apple, Facebook, Google, Hewlett-Packard, and Microsoft. In July 2012, the Attorney General created the Privacy Enforcement and Protection Unit, with the mission of protecting the inalienable right to privacy conferred by the … Continue Reading

California Employees Get New Rights to Personnel Records Beginning in 2013

California Governor Jerry Brown has signed into law (AB 2674) new requirements specifying when and how employers must respond to their employees’ requests for inspection and copying of their personnel files. The new requirements become effective January 1, 2013. Click here for more information about the new law.… Continue Reading

Don’t Mess With Texas–Amended Law Imposes Breach Notification Obligations In All 50 States

In a novel approach to data breach notification requirements, Texas has amended its breach notification law (Business & Commerce Code, Section 521.053) to require notification to residents of not only Texas, but to residents of each of the 50 states.  The amendment becomes effective September 1, 2012, and applies to “all persons who conduct business … Continue Reading

California and Massachusetts Legislatures Push Data Breach and Security Bills

In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively.   On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents are notified … Continue Reading
LexBlog