In just a few short months, on January 1, 2020, the California Consumer Privacy Act (CCPA) is set to go into effect, establishing new consumer privacy rights for California residents and imposing significant new duties and obligations on commercial businesses conducting business in the state of California. Consumer rights include the right to know what

Senate Bill 561, which would have generated even greater compliance challenges and litigation risk for businesses, has been held in committee and placed on suspense. This development effectively prevents the bill from advancing for a vote and is a bit of CCPA good news for businesses. It also serves as a minor setback to consumer

California, home to more than 40 million people and the 5th largest economy in the world, has passed the California Consumer Privacy Act (CCPA), its omnibus consumer privacy law. The law creates sweeping new requirements concerning the collection, maintenance, and tracking of information for both employees or customers who are residents of California. Many aspects of the implementation and enforcement are still being finalized by the California Attorney General. However, companies with employees or customers in California need to take stock of the information they are processing that could qualify as “personal information” for California residents, and they need to begin establishing mechanisms for compliance before the end of 2019.
Continue Reading The California Consumer Privacy Act of 2018: What Businesses Need to Know Now

The European Data Protection Board (EDPB) recently issued a report after their November 16, 2018 plenary session.  The statement covered a range of topics being discussed by the Board, but no substantive publications.  The EDPB is charged with ensuring that GDPR is applied consistently across the EU and that there is consistent enforcement by DPAs

At the end of June, the California legislature passed its Bill 375, the California Consumer Privacy Act of 2018.  The Act contains a number of concepts that would be familiar to those who are working to bring their companies and organizations into compliance with GDPR.  The new law defines a category of “Personal Information” that radically departs from a traditional definition of Personal Data commonly found in various State Data Privacy Laws, which usually ties an individual name to other identifiers like social security number, account number, or other factors.  Instead, the California Act defines “Personal Information” as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  It does not, mercifully, include publicly available information, but it still comes closer to a GDPR-like definition of “personal data” than any other US law.

The Act provides California residents some rights that also appear familiar.  For example:

  • Consumers can request a copy of all the Personal Information a business has collected;
  • Consumers have the right to request that the business delete their Personal Information (subject to some exceptions), and a right to direct a company to not share their Personal Information with third parties; and
  • Consumers can request that a business disclose the categories of information it has collected, the sources of information, the purpose for the collection and/or its sale of the information, and the third parties with whom the information is shared.


Continue Reading California’s Consumer Privacy Act of 2018 – Get Ready for New GDPR Style Requirements in the US

A trial court opinion involving allegations of spoliation of text messages on a mobile phone in the Southern District of New York has gotten attention because of the application of legal preservation standards.  Ronnie Van Zant, Inc. v. Pyle 2017 BL 3018, S.D.N.Y. 17 Civ. 3360 (RWS), 8/23/17) is an interesting read, not just because it involves odd characters, intrigue and drama surrounding one of the greatest Southern Rock bands of all time.  It also includes some instructive information about the application of the “practical ability” test for preservation, and the uphill battle for witnesses who lose credibility in testimony about what they did and did not do in a preservation effort.

Not long after the tragic plane crash that resulted in the deaths of Lynyrd Skynyrd lead singer Ronnie Van Zandt and his co-founding band member Steven Gaines,  Artimus Pyle, the former drummer, entered an agreement with the surviving heirs and other members of the band.  The agreement involved promises to never perform as “Lynyrd Skynyrd,” or to generally profit from the name of the band or the tragic deaths of Van Zant or Gaines without approval of the original parties to the agreement.  Their dramatically named “blood oath” agreement was more concretely memorialized in a Consent Order in 1988, following other litigation, which Pyle signed.

Over 20 years after the 1988 Consent Order, the drama that spawned the litigation began in a story that sounds like it came from a Netflix mini-series.  A film director named Jared Cohn, who worked under contract for an independent record label-turned movie producer, Cleopatra Records, Inc. (“Cleopatra”) reached out to Pyle about making a movie centered around the band and Pyle’s life in it.  Cohn was hired by the founder and co-owner of Cleopatra Records, Brian Perera, who is another interesting character in his own right. Pyle met and consulted with Perera on multiple occasions about ideas for a film generally depicting his life and the plane crash, which Pyle survived.  In their first conversations, Pyle did not mention the 1988 Consent Order, but the Order eventually was delivered to Cleopatra.  The copy of the Order was also eventually followed by a “cease and desist” letter and other correspondence from the Plaintiffs’ counsel.  All the while, Cleopatra’s movie production work continued.
Continue Reading Spoliation and Southern Rock

Seyfarth eDiscovery attorneys Jason Priebe and Natalya Northrip will present “A Practical Roadmap for EU Data Protection and Cross-Border Discovery” at this year’s RelativityFest on October 24, 2017.

This presentation will provide attendees with practical tips for leveraging the new Sedona International Principles to help in your compliance with stringent GDPR requirements, and in seeking