Skip to Content (Press Enter)

Skip to Nav (Press Enter)

CalCPA

Subscribe to Consumer Finance

Thank you for your desire to subscribe to Severson & Werson’s Consumer Finance Weblog. In order to subscribe, you must provide a valid name and e-mail address. This too will be retained on our server. When you push the “subscribe button”, we will send an electronic mail to the address that you provided asking you to confirm your subscription to our Weblog. By pushing the “subscribe button”, you represent and warrant that you are over the age of 18 years old, are the owner/authorized user of that e-mail address, and are entitled to receive e-mails at that address. Our weblog will retain your name and e-mail address on its server, or the server of its web host. However, we won’t share any of this information with anyone except the Firm’s employees and contractors, except under certain extraordinary circumstances described on our Privacy Policy and (About The Consumer Finance Blog/About the Appellate Tracker Weblog) Page. NOTICE AND AGREEMENT REGARDING E-MAILS AND CALLS/TEXT MESSAGES TO LAND-LINE AND WIRELESS TELEPHONES: By providing your contact information and confirming your subscription in response to the initial e-mail that we send you, you agree to receive e-mail messages from Severson & Werson from time-to-time and understand and agree that such messages are or may be sent by means of automated dialing technology. If you have your email forwarded to other electronic media, including text messages and cellular telephone by way of VoIP, internet, social media, or otherwise, you agree to receive my messages in that way. This may result in charges to you. Your agreement and consent also extend to any other agents, affiliates, or entities to whom our communications are forwarded. You agree that you will notify Severson & Werson in writing if you revoke this agreement and that your revocation will not be effective until you notify Severson & Werson in writing. You understand and agree that you will afford Severson & Werson a reasonable time to unsubscribe you from the website, that the ability to do so depends on Severson & Werson’s press of business and access to the weblog, and that you may still receive one or more emails or communications from weblog until we are able to unsubscribe you.

Judge Davila of the Northern District of California held that the file transfer service was not a "business" under the CCPA and grants defendant's motion to dismiss.  The analysis turns on whether or not defendant determine how or why to process consumer PI. Accellion moves to the dismiss Plaintiffs' CCPA claim on two grounds: (1) Accellion is not a “business”… Read More

On a motion to dismiss, Judge Cormac Carney in the Central District of California discusses whether plaintiff alleged sufficient facts to show that defendant lacked reasonable security procedures for a cause of action under the CCPA: MKS first argues that Plaintiff's CCPA claim must be dismissed because his “threadbare and conclusory” allegations “fail[ ] to allege any facts to support… Read More

In Chien v. Bumble Inc., 641 F. Supp. 3d 913, 927–30 (S.D. Cal. 2022), District Court Judge Gonzalo P. Curiel addressed the sufficiency of California contacts for specific personal jurisdiction in a data privacy case that includes a claim for violation of the CCPA. In the context of a nationally accessible website, “something more” than operating a passive website is… Read More

Judge Larry Alan Burns of the Northern District of California addressed four different arguments on a Motion to Dismiss a CCPA cause of action. Holding No. 1:  allegations that a business failed to utilize alleged industry technology was sufficient to plead a failure to implement and maintain reasonable security measures. [Defendant] argues that the CCPA doesn't impose a duty to… Read More

A District Court in Washington dismissed Plaintiffs' claim for statutory damages because they failed to give pre-suit notice under the CCPA.  The Court dismissed the request for statutory damages without prejudice meaning Plaintiffs can give notice (despite the pending action) and then seek to amend and add back in a request for statutory damages. Plaintiffs ... insist that they seek… Read More

On June 30, 2023, the Sacramento County Superior Court granted Cal Chamber's petition for writ of mandate.  The Court stayed the California Privacy Protection Agency's ability to enforce CPRA regulations for twelve months from implementation.  The regulations that became final on March 29, 2023 may not be enforced by the Agency until March 29, 2024.   Read More

Ruling on a motion to dismiss a claim for violation of the California Consumer Privacy Act, the Hon. Mary M. Rowland of the United States District Court in the North District of Illinois, held: Defendants argue that [Plaintiff] fails to allege a specific action Defendants took or failed to take that breached a duty under the CCPA to maintain "reasonable"… Read More

On August 11, 2022, the CFPB issued a circular on data security and the question "[c]an entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?"  The short answer is "yes." The CFPB highlights specific security measures to minimize risk. In line with the new… Read More

Ruling on Defendant's Motion to Dismiss (Aviva Kirsten v. Cal. Pizza Kitchen, Inc., No. 2:21-cv-09578-DOC-KES (C.D. Cal. July 29, 2022), Judge David O. Carter of the Central District of California held: Defendant argues that Plaintiffs’ CCPA claim fails because Plaintiffs provide no facts to maintain that Defendant failed to maintain reasonable security procedure and practices. Mot. at 20. However, Defendant… Read More

In Wynne v. Audi of Am., No. 21-cv-08518-DMR, 2022 U.S. Dist. LEXIS 131625, at *2-4 (N.D. Cal. July 25, 2022), Judge Ryu found that the CCPA, by itself, does not confer Article III standing under the SCOTUS' TransUnion decision.  The facts of the data breach were as follows: Wynne makes the following allegations in the amended complaint: Defendant Audi is a… Read More

On May 27, 20222, the California Privacy Protection Agency issued its first draft of Proposed Regulations under the California Privacy Rights Act.  The rulemaking timeline is unclear but we expect additional information at the upcoming June 8, 2022 board meeting (agenda: https://cppa.ca.gov/meetings/agendas/20220608.pdf).  The Proposed Regulations can be found here https://cppa.ca.gov/meetings/materials/20220608_item3.pdf  High-level topics in the Proposed Regulations include: Restrictions on the Collection… Read More

Judge David O. Carter, in the Central District of California, made the following findings on a motion to dismiss: the CCPA is not retroactive despite allegations of an ongoing pattern and practice; the CCPA does not include a private right of action for "§§ 1798.100(b), 110(c), and 115(d)"; the "disclosure of consumers’ non-anonymized data was not a result of a… Read More

On a motion to dismiss, Judge Denise Cote of the Southern District of New York, dismissed Plaintiffs' CCPA cause of action.  In re Waste Mgmt. Data Breach Litig., No. 21cv6147 (DLC), 2022 U.S. Dist. LEXIS 32798, at *18-19 (S.D.N.Y. Feb. 24, 2022). [T]he [complaint] fails to state a claim for violation of the CCPA, because it does not plausibly allege… Read More

On March 10, 2022, the California Attorney General issued an Opinion letter in response to an inquiry from Assemblymember Kevin Kiley: QUESTION PRESENTED AND CONCLUSION Under the California Consumer Privacy Act, does a consumer’s right to know the specific pieces of personal information that a business has collected about that consumer apply to internally generated inferences the business holds about… Read More

Addressing what constitutes a cure under the current version of the CCPA, Judge Cote in the Southern District of New York, held that: the [Complaint] fails to state a claim for violation of the CCPA, because it does not plausibly allege that Waste Management breached its "duty to implement and maintain reasonable security procedures and practices appropriate to the nature… Read More

On October 6, 2021, Governor Newsom signed several new bills into law: AB 1391 Adds section 1724 to the Civil Code and makes it unlawful for anyone to sell or sell access to data that was unlawfully obtained.  Similarly, it is unlawful for anyone to buy or use data that they know, or should know, was unlawfully obtained. AB 694 … Read More

The California Office of the Attorney General (OAG) is responsible for enforcing the CCPA. The OAG began sending notices of alleged noncompliance to companies on July 1, 2020, the first day CCPA enforcement began. Once a company is notified of alleged noncompliance, it has 30 days to cure that noncompliance.  The OAG identified 27 case examples summarizing the alleged violations… Read More

A South Carolina District Court Judge denied Blackbaud's Motion to Dismiss a claim for violation of the California Consumer Privacy Act.  In re Blackbaud_ Inc._ 2021 U.S. Dist. LEXIS 151831 (August 12, 2021). Here, California Plaintiffs adequately allege that Blackbaud qualifies as a "business" under the CCPA. First, they specifically maintain that "Blackbaud and its direct customers determine the purposes… Read More

In Karter v. Epiq Systems, Inc., et al., Judge Carney denied Epiq's Motion to Dismiss the CCPA cause of action. For two reasons, the Court found that Plaintiff sufficiently alleged Epiq is a "business" under the CCPA and therefore, subject to the private right of action.  "First, Plaintiff alleges that in order to perform its services, which it performs pursuant to… Read More

On February 2, 2021, Judge Susan Van Keulen, in the Northern District of California, denied in part and granted in part Defendant's Motion to Dismiss.  Flores-Mendez et al v. Zoosk, Inc. et al. (N.D. CA; 3:20-cv-04929-WHA). Evaluating Article III standing based on Plaintiff's consent to Defendant's online privacy policy and terms of use, the Court held that: [i]f “the contract language… Read More

1 2 3