Skip to Content (Press Enter)

Skip to Nav (Press Enter)

Privacy

Subscribe to Consumer Finance

Thank you for your desire to subscribe to Severson & Werson’s Consumer Finance Weblog. In order to subscribe, you must provide a valid name and e-mail address. This too will be retained on our server. When you push the “subscribe button”, we will send an electronic mail to the address that you provided asking you to confirm your subscription to our Weblog. By pushing the “subscribe button”, you represent and warrant that you are over the age of 18 years old, are the owner/authorized user of that e-mail address, and are entitled to receive e-mails at that address. Our weblog will retain your name and e-mail address on its server, or the server of its web host. However, we won’t share any of this information with anyone except the Firm’s employees and contractors, except under certain extraordinary circumstances described on our Privacy Policy and (About The Consumer Finance Blog/About the Appellate Tracker Weblog) Page. NOTICE AND AGREEMENT REGARDING E-MAILS AND CALLS/TEXT MESSAGES TO LAND-LINE AND WIRELESS TELEPHONES: By providing your contact information and confirming your subscription in response to the initial e-mail that we send you, you agree to receive e-mail messages from Severson & Werson from time-to-time and understand and agree that such messages are or may be sent by means of automated dialing technology. If you have your email forwarded to other electronic media, including text messages and cellular telephone by way of VoIP, internet, social media, or otherwise, you agree to receive my messages in that way. This may result in charges to you. Your agreement and consent also extend to any other agents, affiliates, or entities to whom our communications are forwarded. You agree that you will notify Severson & Werson in writing if you revoke this agreement and that your revocation will not be effective until you notify Severson & Werson in writing. You understand and agree that you will afford Severson & Werson a reasonable time to unsubscribe you from the website, that the ability to do so depends on Severson & Werson’s press of business and access to the weblog, and that you may still receive one or more emails or communications from weblog until we are able to unsubscribe you.

In Patterson v. Med. Review Inst. of Am., LLC, No. 22-cv-00413-MMC, 2022 U.S. Dist. LEXIS 111617, at *5-8 (N.D. Cal. June 23, 2022), Judge Chesney surveyed California law on the subject and dismissed a data breach case on Art. III standing grounds. First, with respect to an increased risk of fraud and identity theft, although Patterson alleges the hackers "accessed… Read More

In United States v. Thompson, No. CR19-159-RSL, 2022 U.S. Dist. LEXIS 101558, at *3-7 (W.D. Wash. June 7, 2022), Judge Lasnik denied the Government's Motion in Limine to exclude evidence regarding cyber-security vulnerabilities at the corporate victim or other victim entities that are unrelated to the specific vulnerability that defendant allegedly exploited in the case at hand The government moves… Read More

On May 27, 20222, the California Privacy Protection Agency issued its first draft of Proposed Regulations under the California Privacy Rights Act.  The rulemaking timeline is unclear but we expect additional information at the upcoming June 8, 2022 board meeting (agenda: https://cppa.ca.gov/meetings/agendas/20220608.pdf).  The Proposed Regulations can be found here https://cppa.ca.gov/meetings/materials/20220608_item3.pdf  High-level topics in the Proposed Regulations include: Restrictions on the Collection… Read More

Judge David O. Carter, in the Central District of California, made the following findings on a motion to dismiss: the CCPA is not retroactive despite allegations of an ongoing pattern and practice; the CCPA does not include a private right of action for "§§ 1798.100(b), 110(c), and 115(d)"; the "disclosure of consumers’ non-anonymized data was not a result of a… Read More

In Fraser v. Mint Mobile, LLC, No. C 22-00138 WHA, 2022 U.S. Dist. LEXIS 76772, at *2 (N.D. Cal. Apr. 27, 2022), Judge Alsup denied summary judgment to a defendant claiming that its data breach did not proximately cause the Plaintiff's cryptocurrency loss.  The facts were as follows: Defendant Mint Mobile, LLC is a mobile virtual network operator that currently… Read More

On a motion to dismiss, Judge Denise Cote of the Southern District of New York, dismissed Plaintiffs' CCPA cause of action.  In re Waste Mgmt. Data Breach Litig., No. 21cv6147 (DLC), 2022 U.S. Dist. LEXIS 32798, at *18-19 (S.D.N.Y. Feb. 24, 2022). [T]he [complaint] fails to state a claim for violation of the CCPA, because it does not plausibly allege… Read More

On March 10, 2022, the California Attorney General issued an Opinion letter in response to an inquiry from Assemblymember Kevin Kiley: QUESTION PRESENTED AND CONCLUSION Under the California Consumer Privacy Act, does a consumer’s right to know the specific pieces of personal information that a business has collected about that consumer apply to internally generated inferences the business holds about… Read More

Addressing what constitutes a cure under the current version of the CCPA, Judge Cote in the Southern District of New York, held that: the [Complaint] fails to state a claim for violation of the CCPA, because it does not plausibly allege that Waste Management breached its "duty to implement and maintain reasonable security procedures and practices appropriate to the nature… Read More

In Danfer-Klaben v. JPMorgan Chase Bank, N.A., No. SACV 21-262 PSG (JDEx), 2022 U.S. Dist. LEXIS 25553, at *16-17 (C.D. Cal. Jan. 24, 2022), Judge Gutierrez in the Central District of California held that: The CCPA provides relief to "any consumer whose nonencrypted and nonredacted personal information . . . is subject to an unauthorized access . . . or… Read More

On March 9, the SEC proposed Cybersecurity rules for public companies that if adopted,  would impose substantial new reporting obligations for material cybersecurity incidents and cybersecurity risk management, strategy, and governance.   A copy of the proposed Rules can be found at https://www.sec.gov/rules/proposed/2022/33-11038.pdf Read More

On October 27, 2021, the Federal Trade Commission ("FTC") announced important updates to the Gramm-Leach-Bliley Act's (the "Act") primary consumer protection rules. Enacted in 1999, the Act implemented regulations on financial institutions with regard to consumer privacy and data security concerns. It includes two primary parts, or "rules": the Privacy Rule and the Safeguards Rule. The Privacy Rule limits disclosure… Read More

On October 6, 2021, Governor Newsom signed several new bills into law: AB 1391 Adds section 1724 to the Civil Code and makes it unlawful for anyone to sell or sell access to data that was unlawfully obtained.  Similarly, it is unlawful for anyone to buy or use data that they know, or should know, was unlawfully obtained. AB 694 … Read More

In Maag v. United States Bank Nat'l Ass'n, No. 21cv31-H-LL, 2021 U.S. Dist. LEXIS 196307 (S.D. Cal. Oct. 12, 2021), Magistrate Lopez ordered production, subject to protective measures, of class discovery in a data breach case.  The Court addressed the standards for pre-certification class discovery. "The propriety of a class action cannot be determined in some cases without discovery, as… Read More

The CFPB announced that as part of its overall CMS assessment, the CFPB may evaluate the technology controls of an institution and its service providers. Institutions within the scope of the CFPB’s supervision and enforcement authority include both depository institutions and non-depository consumer financial services companies. These institutions operate in a dynamic environment influenced by challenges to profitability, increased focus on… Read More

In In re Sonic Corp. Customer Data Sec. Breach Litig., No. 1:17-md-2807, 2021 U.S. Dist. LEXIS 168504, at *13-16 (N.D. Ohio Sep. 7, 2021), Judge Gwin denied summary judgment to the defendants, who argued that the criminal hacking constituted a supervening cause. Here, Sonic can only prevail by showing that the hackers' criminal acts were independent of Sonic's negligent security… Read More

The California Office of the Attorney General (OAG) is responsible for enforcing the CCPA. The OAG began sending notices of alleged noncompliance to companies on July 1, 2020, the first day CCPA enforcement began. Once a company is notified of alleged noncompliance, it has 30 days to cure that noncompliance.  The OAG identified 27 case examples summarizing the alleged violations… Read More

In Brooks v. Thomson Reuters Corp., No. 21-cv-01418-EMC, 2021 U.S. Dist. LEXIS 154093, at *18-22 (N.D. Cal. Aug. 16, 2021), Judge Chen found that the CCPA did not insulate CLEAR from a claim asserting that CLEAR improperly sold consumer data.  The facts were as follows: Thomson Reuters "aggregates both public and non-public information about millions of people" to create "detailed… Read More

A South Carolina District Court Judge denied Blackbaud's Motion to Dismiss a claim for violation of the California Consumer Privacy Act.  In re Blackbaud_ Inc._ 2021 U.S. Dist. LEXIS 151831 (August 12, 2021). Here, California Plaintiffs adequately allege that Blackbaud qualifies as a "business" under the CCPA. First, they specifically maintain that "Blackbaud and its direct customers determine the purposes… Read More

In In re Ge/Cbps Data Breach Litig., 2021 U.S. Dist. LEXIS 146020, at *16-18 (S.D.N.Y. Aug. 4, 2021), Judge Polk Failla found Article III standing and a negligence case arising out of a data breach.  The facts were as follows: GE contracts with Canon to process documents relating to current and former GE employees and their beneficiaries. (Compl. ¶ 41).… Read More

In In re Sonic Corp. Customer Data Sec. Breach Litig. Fin. Insts., No. 1:17-md-2807, 2021 U.S. Dist. LEXIS 142001, at *5-6 (N.D. Ohio July 30, 2021), Judge Gwin refused to seal some of the data breach investigation from the Sonic data breach hack. In 2017, unidentified third parties accessed Sonic customers' payment card data. The hackers obtained customer payment card… Read More

1 2 3 4 5 8