Earlier this year, a number of individuals brought a lawsuit in the United States District Court for the Western District of Washington against Washington-based company Wyze Labs, Inc (Wyze), which manufactures “smart” home cameras and security equipment. See In re: Wyze Data Incident Litigation, Case No. C20-0282-JCC (W.D. Wa. 2020). The lawsuit – which centered around a 2019 data breach incident – alleged that Wyze failed to comply with Federal Trade Commission requirements for safeguarding users’ personal information.
Continue Reading Arbitration Agreements in Privacy Disputes: The Wyze Decision and the CCPA

Various state laws require data breach notification and different state laws have different triggers for when notification is required and who must be notified. In California, for example, a breached company must give notice to each affected California resident, but the California AG need be notified only if the breach affected 500 or more individuals in California. In New York, on the other hand, AG notification is required if any NY residents were affected by the breach.

While all such laws generally address notification of affected parties, the AG, credit reporting agencies, other holders of the data, and certain other constituents, they are not the only word in disclosure requirements.
Continue Reading Data Breach Disclosure Requirements Implicate More Than Privacy Law

It was recently discovered that a certain software product, in this case used by numerous cannabis companies around the country, was not secure and allowed access to consumer data of companies using the software. You can read more about it in this linked article. This isn’t the first time a security vulnerability was introduced by the use of third-party software, and it won’t be the last. The CCPA requires “reasonable security measures” be taken to protect consumer data. It is likely that employing vulnerable software will be seen to violate this standard (it has yet to be tested), but will it lead to liability of the company employing the software?  I think it will.

So what is a company to do when purchasing third-party software that will store or otherwise have access to consumer data?
Continue Reading Data Security: Are you looking at your third party software?