Bryan Cave Leighton Paisner Retail Blog

Retail Law

Other Posts

Main Content

CPSC Notifies Consumer Product Manufacturers of Possible Data Breach of Safety Information

A number of retailers and manufacturers have recently received notices from the U.S. Consumer Product Safety Commission concerning a possible data breach. The CPSC’s letter advises recipients of an unauthorized release of confidential information that did not go through the procedures of 15 U.S.C. § 2055, also known as “Section 6(b)” of the Consumer Product Safety Act (CPSA).

Section 6(b) is intended to encourage candor between the CPSC and regulated companies, by assuring that sensitive information will be handled under procedures intended to ensure the accuracy and fairness of any disclosure.  Section 6(b) restricts the CPSC’s public disclosure of manufacturer and product specific information, and applies to information from which the public can readily determine the identity of a manufacturer.

The breach appears to concern a mass inadvertent disclosure of nonpublic manufacturer and product specific information.  It appears the information could have been released months ago, but the CPSC only recently

California Passes Amendments to Consumer Privacy Act

California Governor Brown recently signed into law SB 1121, which amends the California Consumer Privacy Act of 2018 to provide much-needed relief to retailers and other businesses that collect consumer information. The amendments take effect immediately.

The California Retailers Association (CRA) worked successfully with other business leaders as part of the Privacy Coalition to secure passage and signature of SB 1121, and will continue to work on a more comprehensive clean-up bill in 2019.

As we previously reported, the Act grants consumers various rights with regard to their personal information held by businesses, including:

  • The right to request that a business provide it with specific information the business has collected about them, including categories of information sold, and third parties to whom information is sold.
  • The right to request deletion of personal information the business has collected about the consumer. The business must comply unless one

California Enacts Sweeping Privacy Legislation Concerning Consumers’ Personal Information

California enacted privacy legislation yesterday that is the first of its kind in the United States and moves California law closer to the protections afforded in the European Union by the General Data Protection Regulation (GDPR).  The law also creates a private right of action to pursue a lawsuit against a company arising out of a breach of personal information, which will likely give rise to a substantial increase in data breach lawsuits in California. There is a lot to unpack in this new piece of legislation, which spans 28 pages and will engender various regulations before its January 2020 effective date.  The new law forestalls possibly more onerous requirements from a citizen ballot initiative.

Following is a breakdown of the new California Consumer Privacy Act of 2018.

How is this like the GDPR?

Like the GDPR, the California law defines “personal information” far more broadly than seen before in the

Data Breach Litigation Report: An Analysis of Federal Class Action Lawsuits Involving Data Security Breaches

Data security breaches – and data security breach litigation – dominated the headlines in 2015 and continue to do so in 2016.  While data breach litigation is an important topic for the general public, and remains one of the top concerns of general counsel, CEOs, and boards alike, there remains a great deal of misinformation reported by the media, the legal press, and law firms. At best this is due to a lack of knowledge and understanding concerning data breach litigation; at worst some reports border on sensationalism or fearmongering.

Bryan Cave LLP began its survey of data breach class action litigation four years ago to rectify the information gap and to provide clients, as well as the broader legal, forensic, insurance, and security communities, with reliable and accurate information concerning data breach litigation risk.  The 2016 report covers litigation initiated over a 15 month period from the fourth quarter