California Privacy Update: SB-1121 and the Consumer Privacy Act

As Californians gear up to vote in this week’s primary elections, the state’s businesses and voters should be aware of two separate privacy law developments: SB-1121 and the Consumer Privacy Act.

SB-1121 and Increased Liability for Data Breaches

On May 30, 2018, the California Senate recently voted to send SB-1121 to the state Assembly. The proposed amendment to the state’s current data breach laws (codified at Sections 1798.80-1798.84 of the Civil Code) would increase corporate liability for data breaches. The key provisions are as follows:

  • California “consumers,” not just “customers,” will be able to sue businesses under California’s data-breach protection laws. Under the existing rules, a California resident can only sue a business for a data breach if it provided information to the business for the purpose of buying products or services. This amendment would cover all businesses that maintain the personal data of California residents, regardless of the relationship between the business and the resident. The expansion of liability to consumers is in part responsive to the Equifax hack. In that situation, the credit agency reported that the records for about 148 million Americans were compromised, but very few of those people would be considered “customers” of Equifax.
  • California residents will be able to sue for a minimum of $200 in penalties per violation, without proof of consumer injury. This poses the risk of large-scale consumer class actions, for even minor data breaches, even where no one was harmed by the breach.
  • SB-1121 sets a 4-year statute of limitations “from the time the person discovered, or, through the exercise of reasonable diligence, should have discovered” a data privacy violation.Continue Reading California Privacy Update: SB-1121 and the Consumer Privacy Act

American Privacy Laws in a Global Context: Predictions for 2018

Should putative class members have privacy rights in class action claims under the CCPA?
Image Credit: kmicican from pixabay.com

[Originally published as the May 2018 Cover Story: Data Privacy and the Law – American Privacy Laws in a Global Context: Predictions for 2018, by Lily Li, in Orange County Lawyer Magazine, May 2018, Vol. 60 No.5.]

Cybersecurity Attacks Are Inevitable

Cybersecurity attacks are on the rise. According to the non-profit organization, Identity Theft Resource Center, there were over 1,579 publicly reported data breaches in 2017, compared to 1,091 in 2016, and 780 in 2015. Not only are these cyberattacks happening at high-profile companies like Equifax, Uber, and Yahoo, they are increasingly happening to businesses of all sizes. Any entity able to pay a ransom is now a potential target.

Law firms are no exception. In 2017, DLA Piper was hit with a “wiper-ware” attack, following previous email hacks of Cravath and Weil Gotshal in 2016. Earlier this year, UK-based cybersecurity firm, RepKnight, reported that almost 800,000 UK law firm email addresses and affiliated passwords were available on the dark web, with over 50% of these credentials posted in the last six months. These law firms did not just include local UK firms, but global law firms with a UK presence.

Given these alarming statistics, what should legislators do?

In the EU, Canada, and China, legislators have decided to develop and implement national data privacy and cybersecurity frameworks: GDPR, PIPEDA, and CSL respectively. The United States, by contrast, still relies upon a patchwork of sectoral laws and inconsistent state rules. This article will take a brief look at developments in the EU, Canada, and China, discuss the current United States privacy framework, and predict likely developments in U.S. privacy law over the next year.Continue Reading American Privacy Laws in a Global Context: Predictions for 2018

Chatbot Contracts: Enforcing TOS Agreements in Computer-Generated Conversations

[Originally published by Lily Li in the Spring 2017 Orange County ABTL Report]

Humanity has long imagined self-aware computers that can pilot our vehicles, purchase goods, and even sing songs for us, whether as the malevolent Hal in 2001: A Space Odyssey or the spunky Samantha in Her. Though fully sentient artificial intelligence is still science fiction (as far as we know), computer software has become “smart” enough to converse with us through text-based services like Facebook messenger, WhatsApp, or WeChat, or voice-operated services like Amazon’s Alexa or Apple’s Siri. As more e-commerce transactions are completed via these “chatbots” or “chatterbots” and away from browser-based websites, this begs the question: Will courts enforce the Terms of Service for chatbot contracts when the terms no longer appear on the same page – or even the same medium – as the transaction itself?
Continue Reading Chatbot Contracts: Enforcing TOS Agreements in Computer-Generated Conversations

Help! What Are My (Immediate) Defenses to a Federal Trade Secret Claim?

[Originally published as Help! What Are My (Immediate) Defenses to a Federal Trade Secret Claim?, by Lily Li and Andrea Paris, in Orange County Lawyer Magazine, September 2016, Vol. 58 No.9 on page 52.]

The Defend Trade Secrets Act of 2016 (DTSA), signed into law by President Obama on May 11, 2016 creates a new federal cause of action for trade secret theft. Not only does the DTSA open the doors of the U.S. district courts to trade secret plaintiffs, it weaponizes complaints. Now, upon a showing of immediate and irreparable injury, plaintiffs in trade secret cases can request extraordinary relief: court-ordered seizure of the misappropriated trade secrets without notice to the defendant. This relief is above and beyond what is provided for by the Uniform Trade Secrets Act (UTSA), the trade secret law adopted by most states, including California, and copies many of the civil seizure remedies previously available to copyright, trademark, and patent plaintiffs for infringing and counterfeit goods.
Continue Reading Help! What Are My (Immediate) Defenses to a Federal Trade Secret Claim?

1 9 10 11 12