California Attorney General Kamala Harris has sued Kaiser Foundation Health Plan over what it considers a too-slow data breach notification. California’s breach notification law requires notification of affected individuals “in the most expedient time possible and without unreasonable delay.” Kaiser notified individuals of the breach in March, 2012, but California alleges in its complaint that Kaiser had sufficient information to notify between December 2011 and February 2012.
The number of class-action lawsuits brought under the Telephone Consumer Protection Act (TCPA) against businesses that regularly call consumers for telemarketing and non-telemarketing purposes is rapidly increasing, according to WebRecon LLC. Under the TCPA, businesses making autodialed or prerecorded calls or sending texts to consumers may need to obtain prior express consent from those consumers or find themselves in violation of the law. WebRecon assembled data on lawsuits filed over the past year and found that TCPA complaints had grown 116 percent from the same period last year. Because the TCPA permits call recipients to bring class action lawsuits and its technologically outdated terms can be interpreted broadly, the TCPA has become a favorite of the class-action plaintiffs’ bar.
View the full story here (source: InsideARM).
The US Federal Communication Commission’s Consumer and Governmental Affairs Bureau is seeking comment on a petition aimed at clarifying that the “capacity” of an automatic telephone dialing system (ATDS) is limited to what a system is capable of at the time a call is placed. The ambiguity present in the law has led to numerous class-action lawsuits being filed against businesses around the country, with a variety of different opinions emerging as judges are tasked with interpreting and applying the antiquated technological terms used in the statute to modern communications networks. The petition for expedited declaratory ruling and/or expedited rulemaking, filed by the Professional Association for Customer Engagement (PACE), asks the FCC to rule that a dialing system is not an ATDS under the TCPA unless it can dial numbers without human intervention. A public notice released said that comments are due Dec. 19, 2013, and replies are due Jan. 4, 2014, in CG docket 02-278.
View the full story here (source: FCC).
As if the tidal wave of TCPA robocall lawsuits wasn’t enough, the Seventh Circuit recently ruled that the TCPA does not preempt more restrictive state laws, thus clearing the way for Indiana to pursue its claims in the case, and likely encouraging the filing of private putative class actions under the same law and related Indiana laws that provide a private right of action with a statutory minimum damages penalty. The Seventh Circuit’s ruling shows that telemarketing practices must be cognizant not only of the TCPA and its new and more stringent consent requirements, but also the patchwork of state laws that are even more onerous and stringent.
View the full story here (source: Reuters).
California continued its role as a privacy first-mover in recently enacting three first-of-their-kind laws strengthening online privacy protections. First, California extended minors the right to remove content the minor posted up until their 18th birthday. The right is limited to content posted by a minor and does not cover content posted by others about the minor. Second, the California Online Privacy Protection Act was amended to require disclosure of how websites and online services respond to Do Not Track or similar signals expressing a consumer’s choice regarding tracking across the Internet. Finally, the California breach notification statute was updated to include breaches of user names and passwords even where no other personal information was breached.
On October 23rd, the member firms of Dentons will host a Global TMT Innovation Summit in Silicon Valley, CA. Industry leaders will join Dentons lawyers to address the strategic issues and opportunities shaping the global outlook for the Technology, Media & Telecommunications sectors. The line-up of topics includes:
- Global Market Trends
- Future Money
- Digital Media Distribution
- Emerging Markets
- Cloud Computing
- Hardware 2.0
- Social Gaming & Gambling
- Government Data Requests
More information and to register, click here.
Provisions of the Nova Scotia Cyber-safety Act came into force today, as announced by the Minister of Justice of Nova Scotia.
It is now possible, in Nova Scotia, for the targets of cyberbullying to make an application for a protective order to a justice of the peace. If the target is a minor, the minor’s parent may make an application.
The Cyber-safety Act defines cyberbullying as:
means any electronic communication through the use of technology including, without limiting the generality of the foregoing, computers, other electronic devices, social networks, text messaging, instant messaging, websites and electronic mail, typically repeated or with continuing effect, that is intended or ought reasonably be expected to cause fear, intimidation, humiliation, distress or other damage or harm to another person’s health, emotional well-being, self-esteem or reputation, and includes assisting or encouraging such communication in any way
If an individual is found to have engaged in cyberbullying, the justice of the peace may make orders such as restricting or prohibiting communication with the target or using the Internet-enabled devices for a period of up to one year.
If the identity of the alleged cyberbully cannot be determined, the justice of the peace may make orders necessary to assist in identifying the alleged cyberbully. For example, the justice of the peace may order any person having custody or control of information respecting the ownership or use of any electronic device or use of any Internet Protocol address, website, username or account, electronic-mail address or other unique identifier, identified as being used for the purpose of the cyberbullying, to disclose information to assist in identifying the alleged cyberbully.
The provisions of the Cyber-safety Act creating the new statutory tort of cyberbullying have also been proclaimed into force. A court may award damages (including general, special, aggravated and punitive damages) to compensate the target of cyberbullying, as well as issue injunctions and any other order the court considers just and reasonable in the circumstances.
Parents of a cyberbully who is a minor may be parties to the tort if they know of the the minor’s activity, know or ought reasonably to expect the activity to cause harm to the target and fail to take steps to prevent the activity from continuing.
Even if parents are unaware of the minor’s activities, they may be jointly and severally liable for damage awards unless they satisfy a reverse onus to demonstrate that they exercised reasonable supervision over the minor who engaged in the cyberbullying and made reasonable efforts to prevent or discourage the kind of activity that resulted in the loss or damage.
Other provisions of the Cyber-safety Act, including those dealing with creating a unit to investigate cyberbullying complaints are not yet in force. However, the government announced it is hiring and invited applications.