In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Passage of Federal Privacy Bill Remains Possible This Year, Remains a Continued Priority | Consumer Privacy World

Webinar Registration Open: Mitigating Cybersecurity Class Action Litigation Risks: Policies, Procedures, Service Providers, Notification, Damages | Consumer Privacy World

Kyle Fath appointed to Connecticut Privacy Legislation Working Group | Consumer Privacy World

FCC Adopts Rulemaking Proposal to Protect Consumer Privacy From Invasion by Unwanted Text Messages | Consumer Privacy World

Update on the California Privacy Protection Agency: Still No Date Certain for the CPRA Regulations | Consumer Privacy World

“Delaware Ruling Highlights Challenges Of Data Breach Biz Disputes” Article, Co-Authored by CPW’s Kristin Bryan, Jesse Taylor and Caroline Dzeba, is Published on Law360 | Consumer Privacy World

Third Circuit Announces Standard for Determining Accuracy of Credit Reports Under FCRA | Consumer Privacy World

2023 State Privacy Laws: How to Assess and Ensure Readiness by Year-end

Malcolm Dowden and Niloufar Massachi Discuss Vendor Contracting Requirements Under New US Privacy Laws and the GDPR

New topic for EDPB’s coordinated enforcement action: the DPO

Dark Patterns under the Regulatory Spotlight Again

CPW’s Shea Leitch and Kyle Dull to Speak at ACC South Florida’s 12th Annual CLE Conference

CPW’s David Oberly Examines Recent Major Changes to Consumer Privacy Legal Landscape in Latest Issue of the Cincinnati Bar Association’s CBA Report Magazine

CPW’s Kristin Bryan Discusses Session Replay Software Litigation Trends With The Seattle Times

Office of Management and Budget Takes Action to Enhance the Security of Software Supply Chain

CPW’s Kristin Bryan, Jesse Taylor and Shing Tse Co-Author Chapter for Lexis Practical Guidance on Privacy, Cybersecurity and Data Breach Litigation: Key Laws and Considerations

Data Protection and Digital Information Bill Delayed – Aspects to Consider While We Wait

CPW’s David Oberly Analyzes the FTC’s Largest FTC Contact Lens Rule Settlement to Date in Law360

 

Several developments this week underscored the continued importance of a bill that has been introduced to implement uniform privacy federal privacy standards.

Continue Reading Passage of Federal Privacy Bill Remains Possible This Year, Remains a Continued Priority

Join CPW’s Kristin Bryan as she discusses practical solutions for corporate counsel to mitigate potential cybersecurity class action risks during the upcoming Strafford webinar, “Mitigating Cybersecurity Class Action Litigation Risks,” on Thursday, November 10, 1:00pm-2:30pm EST. 

Continue Reading Webinar Registration Open: Mitigating Cybersecurity Class Action Litigation Risks: Policies, Procedures, Service Providers, Notification, Damages

Kyle Fath, partner in the firm’s Data Privacy, Cybersecurity & Digital Assets group and Los Angeles Office, was appointed this month to serve on the Connecticut Data Privacy Act (CTDPA) working group by the joint standing committee of the Connecticut General Assembly.

Continue Reading Kyle Fath appointed to Connecticut Privacy Legislation Working Group

In October of 2021, then Acting Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel circulated a proposal among her Commissioner colleagues to address the problem of illegal robotexts invading consumer privacy. At the time, she noted that the FCC has seen “a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that try to trick consumers to share sensitive information or click on malicious links. It’s time we take steps to confront this latest wave of fraud and identify how mobile carriers can block these automated messages before they have the opportunity to cause any harm.”  Continue Reading FCC Adopts Rulemaking Proposal to Protect Consumer Privacy From Invasion by Unwanted Text Messages

On Friday, September 23, the California Privacy Protection Agency (CCPA) held a Board meeting about various CPPA administrative activities. Continue Reading Update on the California Privacy Protection Agency: Still No Date Certain for the CPRA Regulations

With rising concerns from consumers about data protection, companies across the nation are doing their utmost to avoid data incidents. As such, the seriousness of allegations that a data breach has occurred, true or not, can potentially lead to lasting damage to an organization’s credibility, leaving many companies to wonder what actions can be taken if they find themselves in the midst of these accusations. CPW’s Kristin Bryan, a 2022 Law360 Privacy & Cybersecurity MVP, Jesse Taylor and Caroline Dzeba take a look at Doehler North America Inc. v. Davis, where a ruling from US District Court for the District of Delaware helps to clarify how courts may interpret such allegations in this recently released Law360 article Delaware Ruling Highlights Challenges Of Data Breach Biz Disputes.  If you are interested in reading more, please click here.

Last month, the United States Court of Appeals for the Third Circuit decided a set of consolidated appeals in Fair Credit Reporting Act (“FCRA”) actions brought by consumers against a credit reporting agency.  The consumers all alleged that a notation in their credit reports was misleading and inaccurate under the FCRA, which requires credit reporting agencies to “assure maximum possible accuracy.”  The appeals presented a common question: what standard should courts use to determine if information in a credit report is misleading?  In adopting and applying a “reasonable reader” standard, the Third Circuit has provided FCRA defendants a holding that will be useful for early dismissal of consumer claims based on alleged misleading portions of credit reports.

In Bibbs, 43 F.4th 331, 2022 U.S. App. LEXIS 21819, 2022 WL 3149216 (3d Cir. Aug. 8, 2022), three consumers each failed to repay student loans from their respective lenders.  Sometime after the consumers’ loan payments were over 120 days past due, the lenders transferred each loan to another entity and closed the consumer’s account.  On each consumer’s credit report provided by the defendant credit reporting agency, the student loans were listed as closed with a $0 balance.  However, each report also contained a “Pay Status” notation on the student loan account stating “Account 120 Days Past Due.”

The consumers (through the same lawyer) brought claims against the credit reporting agency for violations of the FCRA for failing to maintain information to the maximum possibly accuracy and for failing to modify inaccurate information after being informed by the consumers.  In particular, the consumers argued that their credit reports were inaccurate because the pay status notation inaccurately reflected that the consumers still had payment obligations (and were delinquent) on the closed accounts.  The district courts all granted the credit reporting agency’s motions for judgment on the pleadings and held that the pay status notations—which reflect historical pay status—were not inaccurate or misleading to a reasonable creditor.  The consumers appealed.

The Third Circuit affirmed the judgments in favor of the credit reporting agency, but differed from the district court on the appropriate standard for determining whether a credit report is misleading.  Turning to the text of the FCRA, the Court observed that the statute permits persons other than creditors to request credit reports, “including, but not limited to, potential and actual employers, investors, and insurers.”  Reasoning that Congress could not have intended that only sophisticated creditors be able to understand credit reports, the Third Circuit rejected the “reasonable creditor” standard used by the district courts and advanced by the credit reporting agency.  Instead, the Court adopted a “reasonable reader” standard to determine whether a credit report is inaccurate and noted that “the reasonable reader standard runs the gamut to include sophisticated entities like banks and less sophisticated individuals such as local landlords.”

The Court went on to apply the reasonable reader standard to the consumers’ credit reports and determined that the pay status notations were not misleading or inaccurate.  Emphasizing that the information in a credit report cannot be viewed in isolation and must be read in conjunction with the entire report, the Court reasoned that the notations were not misleading because “multiple conspicuous statements reflect[] that the accounts are closed and [consumers] have no financial obligations to their previous creditors” and “a reasonable interpretation of the reports in their entirety is that the Pay Status of a closed account is historical information.”

While the Third Circuit’s adoption of a “reasonable reader” standard over a “reasonable creditor” standard may sound plaintiff-friendly, the Court’s application of the standard will likely prove useful for defendants in FCRA actions.  With the clarification that purported misleading information in a credit report cannot be read in isolation, credit reporting agencies in future cases will likely be able to point to other accurate information in a credit report that disambiguates isolated statements that draw the attention of plaintiffs’ attorneys.

You can be sure CPW will be monitoring litigation developments in this space and will keep you in the loop.

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2023 State Privacy Laws: How to Assess and Ensure Readiness by Year-end

Malcolm Dowden and Niloufar Massachi Discuss Vendor Contracting Requirements Under New US Privacy Laws and the GDPR

New topic for EDPB’s coordinated enforcement action: the DPO

Dark Patterns under the Regulatory Spotlight Again

CPW’s Shea Leitch and Kyle Dull to Speak at ACC South Florida’s 12th Annual CLE Conference

CPW’s David Oberly Examines Recent Major Changes to Consumer Privacy Legal Landscape in Latest Issue of the Cincinnati Bar Association’s CBA Report Magazine

CPW’s Kristin Bryan Discusses Session Replay Software Litigation Trends With The Seattle Times

Office of Management and Budget Takes Action to Enhance the Security of Software Supply Chain

CPW’s Kristin Bryan, Jesse Taylor and Shing Tse Co-Author Chapter for Lexis Practical Guidance on Privacy, Cybersecurity and Data Breach Litigation: Key Laws and Considerations

Data Protection and Digital Information Bill Delayed – Aspects to Consider While We Wait

CPW’s David Oberly Analyzes the FTC’s Largest FTC Contact Lens Rule Settlement to Date in Law360

Congratulations to CPW’s Kristin Bryan on Being Named a 2022 Cybersecurity & Privacy MVP by Law360!

FCC Reportedly Issues Letters of Inquiry Seeking Further Information on Wireless Providers Data Privacy Practices

Webinar Registration Open: Navigating Cross-border Challenges Relating to HR Data Protection and Employee Right-to-Work Compliance

HR and B-to-B Data Compliance Deadline Looming – Legislative Efforts to Extend California Consumer Privacy Act Exemptions Fail

We head into the fourth quarter on the heels of the first public California Consumer Privacy Act (CCPA) civil penalty, while also looking ahead to the new state privacy laws in Virginia, Colorado, Connecticut, and Utah and the significant updates that the California Privacy Rights Act (CPRA) will bring to the CCPA. Considering that regulations are yet to be finalized in both California and Colorado, it is no surprise that some businesses are uncertain regarding how to proceed. To help businesses address both current risks, as demonstrated by recent enforcement, as well as the “new” 2023 privacy requirements, we have developed guidance materials, including high-level workstreams, covering the following topics:

  1. Preparing for the 2023 State Privacy Laws
  2. HR and B-to-B Data CCPA/CPRA Compliance Primer
  3. Lessons from the First CCPA Civil Penalty Case
  4. Takeaways from the First Draft of Revised CCPA/CPRA Regulations

Click here to download the guidance. More detailed guidance and workstreams, as well as model materials with customization support, are available to clients. Contact your SPB relationship partner for more information.