More Unpacking of the California Consumer Privacy Act [Podcast]

Goldberg Segalla’s Albert Alikin, Marc Voses and Courtney Zucker join Timely Notice for an update of the California Consumer Privacy Act (CCPA). Marc and Courtney give a brief overview of what types of businesses must comply, offer tips on taking the first steps toward compliance and provide insight into the first lawsuits referencing CCPA. Plus, they flag noteworthy changes in the February 2020 AG Guidelines update. Access Timely NoticeContinue Reading

Part 5: A Game of “Who’s Who” Under the CCPA

This is our fifth blog post in a multi-part series addressing what insurers need to know about the California Consumer Privacy Act (CCPA). This post focuses on the differences between data collectors, service providers, and third parties. We also discuss data brokers and their specific obligations under the CCPA. While this post does not require any background on the CCPA, if you would like the benefit of our preliminary discussions before diving into this post we invite you to start with Part 1: The California Continue Reading

Data Breach Lawsuit Raises Specter of the CCPA

It was only a matter of time, but we now have our first lawsuit that references California’s new consumer data protection act, the California Consumer Privacy Act (CCPA), which went into effect on Jan. 1, 2020. The CCPA permits each consumer that can establish a violation of certain provisions of the CCPA to seek damages of up to $750, or actual damages, whichever is greater. As the CCPA hangs over businesses like a Sword of Damocles, it remains to be seen whether it will have… Continue Reading

Countdown to New Year’s Day and the CCPA

The California Consumer Privacy Act (CCPA) becomes effective on January 1, 2020. We are counting down 10 practical measures you can take to begin down the path for CCPA compliance: 10. Determine whether your business must comply with the CCPA.
  • You must comply with the CCPA if:
    • You are a for-profit entity with over $25 million in gross revenues that conducts business in the state of California and collect the personal information of California residents
    • You annually buy, receive for the business’ commercial purposes, sell,
Continue Reading

Part 4: Privacy Policy Requirements Under the CCPA

This is our fourth blog post in a multi-part series addressing what insurers need to know about the California Consumer Privacy Act (CCPA). This post focuses on a business’ obligations when it comes to their privacy policy, such as including and disclosing certain information regarding consumers’ rights. While this post does not require any background on the CCPA, if you would like the benefit of our preliminary discussions before diving into this post we invite you to start with Part 1: The California Consumer Privacy Continue Reading

ADA Website Accessibility: Courts Continue To Provide Clarity, At Cost to Businesses

  • The California Court of Appeals ruled in Thurston v. Midvale Corp. regarding website-related Americans with Disabilities Act (ADA) suits, specifically requiring a restaurant to bring its website into compliance with the Web Content Accessibility Guidelines (WCAG) 2.0.
  • The court adopted the now-majority viewpoint that websites are covered by the ADA when there is a nexus between the website and access to a physical place of public accommodation
  • Prospective plaintiffs are now armed with caselaw out of multiple states establishing that WCAG 2.0 is essentially the
Continue Reading

Part 3: Coverage Considerations Under CGL Policies for CCPA Violations

This blog post is our third in a multi-part series addressing what insurers need to know about the California Consumer Privacy Act (CCPA). Imagine this: You own a successful string of sporting goods stores across California. Not only do you sell goods directly, but you also finance large purchases to well-qualified buyers and have a generous rewards program. When customers log in to your website, you gather personal information (e.g., name, email address, cell number, etc.). In order to participate in the rewards… Continue Reading

Cyber Insurance: Enabler of Ransomware Events? Not Quite

Ransomware is once again front and center in the news with reports of a rash of attacks on public and private entities throughout the United States. Some suggest that the proliferation of cyber insurance is fanning the flames of cyberattacks, but there is scant evidence to support that conclusion. In fact, cyber insurance merely offers insureds options in how to respond to a ransomware event. A recent ProPublica article speculates that cyber insurance’s ability to assist insured’s operations to quickly recover from a ransomware event… Continue Reading

Part 2: Insurance Company Compliance with the CCPA as Businesses


This blog post is our second post in a multi-part series addressing what insurers need to know about the California Consumer Privacy Act (CCPA). This post focuses on insurers’ compliance obligations under the CCPA. If you would benefit from a background discussion on the CCPA, please visit our first post in this series entitled “Part 1: The California Consumer Privacy Act – What Insurers Need to Know.” The CCPA applies to insurers to the extent they qualify as “businesses” that “collect or determine… Continue Reading

Biometric Class Action Against Facebook Greenlit by Ninth Circuit Court of Appeals

In an opinion article dated August 8, 2019, the Ninth Circuit Court affirmed the district court’s order certifying a class action of users who claim Facebook’s facial-recognition technology violates Illinois’s Biometric Information Privacy Act (BIPA). A copy of the Ninth Circuit’s opinion can be found here.  At issue is Facebook’s use of facial-recognition technology without first obtaining the consent of its users. The court agreed that the plaintiffs had sufficiently alleged a concrete and particularized harm sufficient to confer Article III standing. The court… Continue Reading