We’re a quarter of the way through 2020 — even if March may have seemed liked several years unto itself — and it is shaping up to be another big year for TCPA litigation. We’ve gone through the dozens of TCPA decisions published this year and identified the five most notable cases and storylines that we will be following closely for the rest of 2020.
Smart companies have been worried about data security for years—no one wants to be in the headlines as the next big company to have a breach, the next corporation to face a class action lawsuit or the next business facing federal or state regulatory scrutiny. It’s only heightened in recent years as companies faced new regulations imposed by the GDPR and the CCPA. Well, things are not getting any better in 2020—now an increasing number of municipalities are getting in on the act.
San Francisco was the first city to have this awakening in 2017. In response to the Equifax data breach on September 7, 2017, San Francisco filed claims against Equifax under California’s Unfair Competition Law (UCL). A few months later, Los Angeles brought a similar lawsuit against Uber claiming that the company paid hackers to delete stolen data and failed to notify consumers of the breach in violation of the UCL. But most state statutes do not give cities standing to bring lawsuits.
The California Consumer Privacy Act (the “CCPA”), as initially passed, was the hastily-drafted alternative to an even more stringent ballot initiative, resulting in a seemingly endless list of open questions about how it would be interpreted and enforced. Since its passage on June 28, 2018, privacy pundits around the nation have opined about the meaning of the first domestic privacy regulation reminiscent of its European cousin, the GDPR.
In response, the California legislature entered its 2019 session considering a whopping 19 possible amendment bills to the CCPA. When the dust settled, seven of those bills were signed into law.
Perhaps not surprisingly, there was no vacation this summer for TCPA litigation. We already addressed the 11th Circuit’s big decision on Article III standing in Salcedo. But we’ve also combed through the 150+ TCPA-related decisions over the summer to keep you apprised of the latest developments in this area of the law. We’ve compiled the most noteworthy decisions since our last report, and they’re listed below by issue category in alphabetical order.
For the vast majority of Americans, receiving a single unsolicited text message is a mere annoyance that does not warrant a federal lawsuit. But spurred by the language of the TCPA and a series of judicial decisions nationwide, a cottage industry has sprung up around filing putative class action lawsuits centered around this sort of alleged “harm.” Last week, the 11th Circuit dealt a significant blow to such cases, finding that receipt of a single unsolicited text message in violation of the TCPA is not sufficient to establish standing.
The volume of TCPA cases nationwide makes it incredibly difficult to keep up with all of the latest developments. Who wants to engage in the tedious task of reading more than 100 published decisions related to the TCPA several times a year? Lucky for you, the answer is us! We have once again taken on the burden of slogging through the swampy flood of TCPA cases nationwide, so you don’t have to. We have compiled the most noteworthy decisions since our last report, and they are listed below by issue category in alphabetical order.
On April 24, 2019, the U.S. Supreme Court issued an important decision touching a number of hot button issues and litigation threats facing American businesses — including class actions, arbitration agreements and data privacy.
The case, Lamps Plus, Inc. v. Varela, 17-988, 2019 WL 1780275 (U.S. Apr. 24, 2019), stemmed from a data breach in which a hacker posing as a company official “tricked” a Lamps Plus employee into disclosing the tax information of approximately 1,300 workers. Among those 1,300 workers was Frank Varela, the named plaintiff. Id. at *2. Following the data breach, Mr. Varela became the victim of identity theft when a fraudulent federal income tax return was filed in his name. Continue Reading SCOTUS Catapults Class Arbitration Onto the Endangered Species List
Recognizing that different levels of culpability warrant different annual civil penalty limits, the Department of Health and Human Services adopted a notification April 23, 2019, to be published in the Federal Register April 30, 2019, that reduces the majority of the caps on annual civil penalties. See 45 C.F.R. Part. 160. Continue Reading HIPAA Civil Penalty Annual Limits Plummet
One of the most common things we discuss with clients is the need to ensure that privacy policies accurately reflect the actual procedures in place for handling confidential information. The SEC reiterated that point last week in a Risk Alert that encouraged SEC-registered companies to review their written policies and procedures to ensure adequate implementation and compliance with the law. In the Risk Alert, the Office of Compliance Inspections and Examinations (“OCIE”) published a list of issues under Regulation S-P (the privacy rule) it has seen in the context of exams. Continue Reading SEC: Practice What You Preach on Privacy
Although there have not been any groundbreaking cases to start the new year, 2019 is off to a good start for the TCPA defense bar. Several courts have denied class certification in putative TCPA class actions while other courts have granted dismissal or summary judgment for the defendants. Below are the most notable cases for this review period. The decisions are listed by issue category in alphabetical order.