On October 8, 2015, California Governor Jerry Brown signed the California Electronic Communications Privacy Act (CalECPA) into law. This law basically prevents the government from accessing private electronic communications or electronic data without a warrant, subpoena or wiretap order, or without consent of the appropriate individual. State Senator Mark Leno explained the impetus for seeking to pass this legislation: “For what logical reason should a handwritten letter stored in a desk drawer enjoy more protection from warrantless government surveillance than an email sent to a colleague or a text message to a loved one?” Kim Zetter, “California Now Has the Nation’s Best Digital Privacy Law,” WIRED Magazine, Oct. 8, 2015.
As the Electronic Frontier Foundation summarized, “CalECPA protects Californians by requiring a warrant for digital records including emails and texts, as well as a user’s geographical location.” Dave Maass, “Victory in California! Gov. Brown signs CalECPA, Requiring Police to Get a Warrant Before Accessing Your Data,” Electronic Frontier Foundation, Oct. 8, 2015.
The law focuses on two kinds of data sets: “electronic communication information” and “electronic device information.” 2015 Cal. Stat. Ch.651. Continue reading
Many of the top stories last year related to data breach – from the Target breach during the Christmas Shopping Season (Dec. 2013: Prior Post, Small Business Magazine article; additional news coverage) to the UPS Store data breach during the summer (Aug. 21, 2014) to, more recently, the intentional hacking of Sony Pictures‘ servers (Nov. 24, 2014) and Staples’ data breach (Dec. 19, 2014).
It would be easy to believe that data security breaches happen only to large organizations, but such a belief would be mistaken. In the last year, a number of smaller companies have experienced breaches of the records they maintain. These can occur in at least two ways – 1) they may be the third-party vendor through whom hackers invade a larger company like Target or Home Depot; or 2) they use a third-party vendor who experiences a breach that impacts the smaller company’s customers. Continue reading
On October 9, 2014, a class action complaint was filed in the U.S. District Court for the Northern District of California alleging that LinkedIn violated the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq., (“FRCA“) by offering to subscribers reports containing “Trusted References” without complying with the FCRA’s requirements to keep the data safe from disclosure. Sweet v. LinkedIn Corp., Civ. A. No. 5:14-cv-04531 (N.D. Cal. filed Oct. 9, 2014) (available at Law360 – subscription required).
Specifically, the complaint alleges that LinkedIn: 1) failed to comply with the certification and disclosure requirements of the FRCA for credit reporting agencies who furnish consumer reports for employment purposes; 2) failed to maintain reasonable procedures to limit the furnishing of consumer reports for the purposes enumerated in the FRCA and to assure the maximum possible accuracy of these reports; and 3) failed to provide the notices required by the FRCA to users of the consumer reports. Id. at 2. Plaintiffs seek both damages for past violations and injunctive relief to prevent the continued misuse of these reports in violation of the FRCA. Id. Continue reading
Many companies have document retention policies – in other words, policies determining how long they will keep certain kinds of documentation. These policies also frequently cover when documents may be destroyed in the normal course of business. (Assuming, of course, that no litigation is pending and that there is no other reason why the company would be legally obligated to keep these documents.) It’s almost a business necessity these days given the cost of document storage.
It is also a fairly safe bet that by now, most people have heard about the potential risks associated with data breaches, or at the very least, have heard about the Target data breach during the holiday season in 2013.
However, did you know that many states regulate how personal information can be destroyed? Or, more specifically, how documents and records that contain such personal information may be discarded? To date, at least thirty-one states have enacted laws like this (the link attached omits the Delaware law that was just enacted).
More articles on IP and privacy issues will be posted here soon, but in the meantime, here are several recent articles that have published in other media:
- Participated in a panel discussion on Shutting Down Rogue Websites: International and Domestic Solutions, before the ABA Section of Intellectual Property Law’s 29th Annual IP Conference, on April 3, 2014. An article previewing the session was published by our law student reporter, Anna Oakes, who live-tweeted during the presentation (in accordance with the law student reporter program). I re-tweeted relevant posts about our session that she and other law student reporters tweeted (see @PaTmLawyer). An article and presentation slides were published in connection with this session, but they are only available to meeting attendees.
- Interviewed by Smart Business Magazine, How to protect data security and customers’ trust, published on March 31, 2014. This article briefly describes ways that companies can begin to plan ahead for potential breaches so that their response(s) to breaches can be carefully considered and (hopefully) well-executed.
In addition, on May 9, I will be presenting during the DRI’s Intellectual Property Litigation Seminar on the ability to recover attorney fees in copyright and trademark cases. The article and presentation slides developed on this topic will be available to meeting attendees.
Following these presentations, more blog posts will begin to appear again. What can I say? It’s been a busy spring.
Stay tuned – more soon.