CCPA Class Action Lawsuits Are Coming. Are You Ready?
March 23, 2020 —
Daniel Schneider & Jeffrey Dennis – Newmeyer DillionThe only certainties in life used to be death and taxes. In 2020, it would be safe to add California Consumer Privacy Act (CCPA) class actions to that "distinguished" list. On February 3, Barnes v. Hanna Andersson, LLC, N.D. Cal., Case No. 20-cv-00812, was filed in the Northern District of California, setting in motion the certainty that CCPA class actions are on their way, if not already here.* Filed on behalf of all California residents, the Barnes complaint alleges that between September and November 2019, clothing retailer Hanna Andersson and Salesforce, its online payment services provider, failed to properly safeguard the personally identifiably information (PII) of its customers after hackers stole customers' private information and posted it to the dark web for sale.
What You Need to Know
- Under the CCPA, a data breach is any unauthorized access, theft or disclosure of a consumer's non-encrypted and non-redacted personal information that results from a company's failure to implement and maintain "reasonable" security procedures and practices. Here, the complaint alleges that the defendants failed to maintain reasonable security procedures and practices in order to protect the consumers' PII.
- Although the CCPA is largely viewed as new law related to California consumers' privacy rights (and placement of subsequent obligations to companies doing business in California), the CCPA includes potentially draconian damages for a data breach permitted by unreasonable cybersecurity. Under the new law, an individual need not show any actual harm caused by a data breach, yet he/she may seek statutory fines of up to $750 per incident per individual in the event of a breach. Plaintiffs estimate that at least 10,000 California residents could have been affected by this breach, thereby exposing defendants to up to $7.5 million dollars in damages if proven true.
- There exists a duty to monitor and ensure that third party organizations are properly safeguarding a company's data. During the course of the investigation into the breach, it was discovered that the Salesforce ecommerce platform was infected with malware which allowed the hackers to steal consumers' PII from Hanna Andersson's website.
- The CCPA went into effect on January 1, 2020, yet enforcement by the California Attorney General is not allowed until July 2020. However, no such delay is required for private litigation under the data breach portion of the CCPA. Interestingly, although the complaint alleges that the data breach occurred in 2019, the court could choose to apply the CCPA but that is still yet to be determined.
While Barnes may be the first class action lawsuit to mention violation of the CCPA, it certainly will not be the last. In fact, numerous class actions lawsuits have been filed in the new year which either mention the CCPA or utilize CCPA-like language to style particular claims. As such, it is evident that the Plaintiffs' bar sees the CCPA as a potential for extensive class action litigation. Expect to see an ongoing deluge of class action litigation in California under the data breach portions of the CCPA. In addition, although the Barnes' plaintiffs may not be able to invoke the CCPA due to the data breach occurring in 2019 (before the CCPA took affect), Barnes serves as a stark reminder that implementing and maintaining reasonable data security is vital to defend a business against CCPA claims. Newmeyer Dillion can assist companies analyze their cyber risk profile, and provide access to experienced forensic teams which can ensure reasonable security exists in your organization.
*While Barnes does not yet expressly state a cause of action under the CCPA, relying upon violations of the California Unfair Competition Law in its place, we anticipate that an amendment will soon be filed to include a CCPA claim.
Daniel Schneider is a Partner in Newmeyer Dillion's Privacy & Data Security group. Focused on advocating on behalf of clients when cyber threats inevitably happen, Dan also advises on best practices to help protect the company and mitigate future concerns. Dan can be reached at daniel.schneider@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
Maximizing Contractual Indemnity Rights: Insuring the Indemnitor's Obligation
December 02, 2015 —
William Kennedy – White and Williams LLPContracting parties can circumvent the limitations of common law tort doctrines by drafting contracts with language that details the allocation or shifting of the risk of tort loss. Properly composed, “broad form” contractual indemnity provisions can permit an Indemnitee to shift the full range of tort exposure – damages and defense fees and costs – if they have the kind of specificity set forth in Part Two of this series, "Maximizing Contractual Indemnity Rights: Components of an Effective Provision." In most business transactions, however, both the Indemnitee and the Indemnitor want the indemnity obligation to be insured.
Part Three: Insuring the Indemnitor's Obligation
“Insured Contract Coverage”
Although CGL policies do not typically cover an Insured’s breaches of contract, per se, most insurance policies do cover a policyholder’s “incidental contracts” or “insured contracts” under which the policyholder has an obligation to indemnify an Indemnitee. The business contract (as opposed to the insurance policy) should require the Indemnitor to take all steps necessary to have the Indemnitee identified as either a Covered Person, Insured, or Additional Insured on the Indemnitor’s applicable insurance policies. There are subtle, but potentially significant legal rights and responsibilities that hinge on whether an entity is a Covered Person, Insured, Additional Insured, or some other classification. Purported Indemnitees may need to consult insurance coverage counsel to ensure that they are seeking the appropriate status from the Indemnitor’s CGL insurer.
Read the court decisionRead the full story...Reprinted courtesy of
William Kennedy, White and Williams LLPMr. Kennedy may be contacted at
kennedyw@whiteandwilliams.com
OSHA Updates: You May Be Affected
July 19, 2017 —
Louis “Dutch” Schotemeyer – Newmeyer & Dillion LLPGovernor Brown Signs Legislation Increasing Cal/OSHA Fines
Cal/OSHA has increased its maximum fines for the first time in more than twenty years pursuant to legislation recently signed into law by Governor Brown. The changes nearly double the maximum fines and have brought California in line with the Federal standard. The increase in fines will not be isolated to this year, as fines will now be automatically increased annually based on the percentage increase in the Consumer Price Index for All Urban Consumers (CPI-U). Additionally, any employer who repeatedly violates any occupational safety or health standard, order, or special order, or Section 25910 of the Health and Safety Code, can no longer receive any adjustment of a penalty assessed based on the good faith or the history of previous violations. Such adjustments were previously commonplace.
Specific increases are listed below (all increases refer to maximum fines, Cal/OSHA has discretion as to the amount of the fine when issuing the citation):
- Section 6427 of the Labor Code was amended to increase fines, not of a serious nature, from $7,000 for each violation to $12,471 for each violation.
- Section 6429 of the Labor Code has increased fines for repeat violations; raising the maximum fine from $70,000 to $124,709 for each violation. Additionally, Section 6429 also raised the minimum fine for repeat violations from $5,000 to $8,908.
- Section 6431 raised fines for posting or recordkeeping violations from $7,000 to $12,471 per violation.
Full text of the penalty section of the labor code may be found
here
California OSHA Emergency Action Plan elements revised; California now more consistent with Federal Standards
Revisions to General Safety Orders section 3220(b) became effective on June 5, 2017 and contain two minor changes for California employers with regards to Emergency Action Plans (EAP).
The first change requires that an employer’s EAP be more detailed in describing the type of evacuation that is to be performed, not just the route for an evacuation. The previous element of the EAP simply required that the plan contain, “[e]mergency escape procedures and emergency escape route assignments.” The current element of the EAP requires that, “[p]rocedures for emergency evacuation, including type of evacuation and exit route assignments,” be identified.
The second change clarifies the language surrounding employees performing rescue or medical duties. Previously the only requirement in the EAP regarding rescue and medical duties was for employees that performed rescue and medical duties. The current version requires that the EAP contain, “[p]rocedures to be followed by employees performing rescue or medical duties. The use of the word and created potential gaps in plans as it is likely that employees may not be performing both rescue and medical duties, instead performing just rescue or medical duties. Plans must now include procedures to be followed by employees who perform either rescue or medical duties.
It is recommended that your EAP be in writing and updated to comply with the revised General Safety Orders section 3220. The full text of General Safety Orders section 3320 can be seen
here. Please contact us if you would like further details regarding your Emergency Action Plan.
Deadline for Electronic Submission of OSHA 300 Log Records for Injuries and Illnesses Delayed
On May 12, 2016, the Federal Occupational Safety and Health Administration (OSHA) published a rule entitled “Improve Tracking of Workplace Injuries and Illnesses” which required certain employers subject to Federal OSHA regulations to submit the information from their completed 2016 Form 300A to OSHA via electronic submission no later than July 1, 2017. On June 28, 2017, OSHA, via a
Notice of Proposed Rule Making, has proposed a December 1, 2017 deadline for the electronic reporting; the electronic reporting system is scheduled to be available on August 1, 2017.
Per the California Department of Industrial Relations, California employers are not required to follow the new requirements and will not be required to do so until "substantially similar" regulations go through formal rulemaking, which would culminate in adoption by the Director of the Department of Industrial Relations and approval by the Office of Administrative Law.
Cal/OSHA drafted a proposed rulemaking package to conform to the revised federal OSHA regulations by amending the California Code of Regulations, title 8, sections 14300.35, 14300.36, and 14300.41; these are currently under review with the State.
It is currently unclear what, if any, impact the delay by OSHA will have on the proposed amendments to the California Code.
We will keep you posted as to the changes in California recordkeeping requirements. Please contact Louis “Dutch” Schotemeyer with any questions regarding Cal OSHA or your safety program. Dutch is located at Newmeyer & Dillion’s Newport Beach office and can be reached at dutch.schotemeyer@ndlf.com or by calling 949.271.7208.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Partner Jason Taylor and Senior Associate Danielle Kegley Successful in Appeal of Summary Disposition on Priority of Coverage Dispute in the Michigan Court of Appeals
December 11, 2023 —
Jason Taylor & Danielle K. Kegley - Traub LiebermanIn this appeal brought before the Michigan Court of Appeals, the appellate court ruled in favor of Traub Lieberman’s insurance carrier client (the “Carrier” or “Client”), affirming an award of summary disposition in favor of the Carrier in a coverage lawsuit. The coverage lawsuit involved a priority dispute between the Carrier and another insurer over which company’s policy had responsibility to cover the defense of their mutual insured, a heating and cooling contractor (the “Insured”) in an underlying lawsuit alleging carbon monoxide poisoning. The Carrier issued a contractor’s pollution liability policy and the other insurer issued a commercial general liability policy to the Insurer. Both the Carrier and the other insurer filed cross-motions for summary disposition in the trial court on the priority of coverage issue. The trial court granted the Client’s motion, holding that the CGL carrier was the primary insurer based on the language in the policies’ “other insurance” clauses. The trial court rejected the CGL carrier’s argument to apply the “total policy insuring intent” or “closest to the risk” tests—tests which Michigan courts have not adopted. Specifically, the court rejected the CGL carrier’s argument that the Client’s contractor’s pollution liability policy was more specifically tailored to the loss in the underlying lawsuit. The trial court also rejected CGL carrier’s alternative argument that the “other insurance” clauses in the policies were irreconcilable, requiring a pro rata allocation based on the respective limits of the policies.
Reprinted courtesy of
Jason Taylor, Traub Lieberman and
Danielle K. Kegley, Traub Lieberman
Mr. Taylor may be contacted at jtaylor@tlsslaw.com
Ms. Kegley may be contacted at dkegley@tlsslaw.com
Read the court decisionRead the full story...Reprinted courtesy of
NTSB Outlines Pittsburgh Bridge Structure Specifics, Finding Collapse Cause Will Take Months
February 21, 2022 —
Tom Ichniowski - Engineering News-RecordOfficials in Pennsylvania are moving forward on building a replacement for the Fern Hollow Bridge in Pittsburgh, which collapsed on Jan. 28, selecting a team of HDR Inc. and Swank Construction to design and construct the new structure, and the approval of $25.3 million in federal funds for the project.
Reprinted courtesy of
Tom Ichniowski, Engineering News-Record
Mr. Ichniowski may be contacted at ichniowskit@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
Patriarch Partners Decision Confirms Government Subpoenas May Constitute a “Claim” Under D&O Policy; Warns Policyholders to Think Broadly When Representing Facts and Circumstances to Insurers
January 08, 2019 —
Michael S. Levine, Sergio F. Oehninger, & Joshua S. Paster - Hunton Andrews KurthThe Second Circuit recently confirmed in Patriarch Partners, LLC v. Axis Insurance Co. that a warranty letter accompanying the policyholder’s insurance application barred coverage for a lengthy SEC investigation, which ripened into a “Claim” prior to the policy’s inception date. The opinion left intact the lower court’s finding that the SEC subpoena constituted a “demand for non-monetary relief” and thus qualified as a “Claim” under the directors and officers (D&O) insurance policy.
Reprinted courtesy of Hunton Andrews Kurth attorneys
Michael S. Levine,
Sergio F. Oehninger and
Joshua S. Paster
Mr. Levine may be contacted at mlevine@HuntonAK.com
Mr. Oehninger may be contacted at soehninger@HuntonAK.com
Mr. Paster may be contacted at jpaster@HuntonAK.com
Read the court decisionRead the full story...Reprinted courtesy of
Apartment Projects Fuel 13% Jump in U.S. Housing Starts
May 19, 2014 —
Michelle Jamrisko and Hui-yong Yu – BloombergA surge in construction of multifamily dwellings in April propelled U.S. housing starts to the highest level in five months, helping overcome slack demand for single-family homes.
Housing starts climbed 13.2 percent to a 1.07 million annualized rate following March’s 947,000 pace, according to figures released today by the Commerce Department in Washington. Another report showed a measure of consumer confidence unexpectedly declined from a nine-month high.
An almost 40 percent increase in construction starts on projects such as condominiums and apartment buildings accounted for almost all of the April gain, as single-family activity was held back by declining affordability. The report highlights a shift in demand for housing in the wake of the financial crisis, which left many Americans wary of taking on new debts.
Michelle Jamrisko may be contacted at mjamrisko@bloomberg.net; Hui-yong Yu may be contacted at hyu@bloomberg.net
Read the court decisionRead the full story...Reprinted courtesy of
Michelle Jamrisko and Hui-yong Yu, Bloomberg
Snooze You Lose? Enforcement of Notice and Timing Provisions
November 11, 2024 —
Cornelius F. "Lee" Banta, Jr. - ConsensusDocsDeadlines are an inescapable part of the construction industry. Bid deadlines. Submittal deadlines. Material delivery deadlines. Substantial completion. Final completion. And so, inevitably, fighting about deadlines becomes a necessary byproduct. Was the deadline really a deadline? Was the schedule slippage on the critical path? Should there be an equitable extension to the date of substantial completion? Given the amount of attention and concern conferred on deadlines, those drafting construction contracts naturally seek to clarify which deadlines really matter with the inclusion of notice and timing provisions.
A contract’s change order and claims procedures are often a key friction point for those drafting and administering the contract. Should there be a requirement for prior written notice of a claim for cost/time relief? How much advance notice? Who should the request be sent to? Is a specific form of notice required? What are the consequences of failing to provide timely notice? A practitioner should pay careful attention to negotiating these terms on the front end, because rest assured, these contract provisions will garner scrutiny when a change order dispute boils over.
Read the court decisionRead the full story...Reprinted courtesy of
Cornelius F. "Lee" Banta, Jr., Peckar & Abramson, P.C.Mr. Banta may be contacted at
lbanta@pecklaw.com
