Consumer class actions under California’s Song-Beverly Credit Card Act have been shaped by significant case law developments over the last few years. Friday’s Ninth Circuit decision in Sinibaldi v. Redbox is a decisive victory for retailers of rented goods which will allow them wide latitude to collect personal information, such as zip codes, when using credit cards as a form of security.
The new year will ring in significant privacy, data protection and cybersecurity changes in the U.S., Europe, Asia and elsewhere around the world. Below are some key developments and possible concrete action items for General Counsels, Chief Privacy Officers and Chief Information Officers:
On January 1, 2004, a bill recently signed by Governor Gray Davis will take effect that has been hailed by many as the toughest anti-spamming law in the nation. With narrow exceptions, the bill, SB 186, prevents marketers and advertisers from sending unsolicited email advertisements from California, regardless of whether the recipient is located in or outside the state. Targeting marketers and advertisers located outside California, SB 186 also prohibits sending unsolicited commercial email advertisements to a California email address. However, as explained below, SB 186 may well eventually be superseded by impending federal legislation.
The recent release of new guidelines on responding to computer security breaches offer important guidance for all companies with valuable electronic information. On October 10, 2003, the Office of Privacy Protection within the State of California’s Department of Consumer Affairs issued its “Recommended Practices on Notification of Security Breach Involving Personal Information.” The Office of Privacy Protection is tasked with recommending policies and practices that protect California consumers’ privacy.
In a recent case of first impression, the California Supreme Court unanimously held a trial court’s preliminary injunction preventing publication of a computer program for descrambling digital video disks did not violate the defendant’s free speech rights, assuming the trial court properly issued the injunction under California’s trade secret law. In its August 25, 2003 decision in DVD Copy Control Assoc., Inc. v. Andrew Bunner, the Court resolved an apparent conflict between the free speech clauses of the United States and California Constitutions and California’s trade secret laws. This decision is significant because it is one of the first in the country to deal with the interplay between the free speech rights of parties who wish to publish technical information on the Internet and the property rights of parties who claim trade secret ownership in such information.