Category: Data Privacy and Security

Class Action Certified in In re Yahoo Mail Litigation for Violations of Stored Communication Act and California’s Invasion of Privacy Act 0

Class Action Certified in In re Yahoo Mail Litigation for Violations of Stored Communication Act and California’s Invasion of Privacy Act

On May 28, 2015, U.S. District Judge Lucy Koh in the Northern District of California certified a class of email users in a privacy action that claims Yahoo Inc. (“Yahoo”) violated the federal Stored Communications Act (“SCA”) and California’s Invasion of Privacy Act (“CIPA”) through its practice of scanning and analyzing emails of non-Yahoo Mail subscribers in order to display targeted ads to Yahoo Mail subscribers. In re Yahoo Mail Litigation, No. 13-CV-04980-LHK, (N.D. Cal. 2015). Plaintiffs are non-Yahoo Mail subscribers who sent emails to Yahoo Mail subscribers from non-Yahoo email accounts and allege that Yahoo routinely copies and extracts key words from emails and stores this information for later use. Plaintiffs allege that Yahoo’s practices violate § 2702(a)(1) of the SCA, which prohibits, among other items, divulging the contents of a communication without consent and § 631 of CIPA, which prohibits the recording or reading of any type of communication without the prior consent of all parties.

Bill to Expand Data Breach Notification Requirements Passes New Jersey Assembly 0

Bill to Expand Data Breach Notification Requirements Passes New Jersey Assembly

On December 15, 2014, the New Jersey Assembly voted 75-to-0 to advance a bill that would expand the existing data breach notification requirements for companies doing business in the state. The bill, A3146, would broaden the type of information that, if compromised, would trigger a company’s obligation to notify customers of the breach. The proposal now heads to the Senate, where a similar bill, S2188, has been pending in the Commerce Committee since June.