Photo of Bretta Oluyede

Since California enacted its Automatic Purchase Renewals Law (APRL) in 2010, the plaintiffs’ class action bar has been active in suing companies with subscription-based services for their alleged failures to comply with the APRL requirements. The lawsuits stem from the alleged failure to comply with the disclosure, consent, and acknowledgment requirements applicable to many types of subscriptions. Non-compliance has resulted in million-dollar class action settlements and government civil penalties. This summer, the APRL got tougher.

The APRL applies to companies that charge payment cards of California consumers as part of using “automatic renewals” or providing “continuous services.” An “automatic renewal” is an arrangement to automatically renew and charge for a subscription at the end of its term. A “continuous service” is an arrangement where subscription continues and charges are initiated until the consumer cancels the service.

Generally, and even before the amendment, the APRL requirements include:

  • Presenting the terms of the automatic renewal offer or continuous service in a clear and conspicuous manner where or when the offer is made.
  • Obtaining consumer’s affirmative consent before charging a consumer for the automatic renewal or continuous service.
  • Providing an acknowledgment of key terms, including cancellation instructions, to the consumer.
  • Implementing a method to cancel (as described in the acknowledgment) by toll-free phone, email, mail, or other “cost-effective, timely, and easy-to-use” method, and permitting consumers to cancel prior to charging at the end of a free trial.
  • Notifying the consumer in a clear and conspicuous manner prior to any material changes to the original terms.

Continue Reading California toughens law governing subscription auto-renewals

Arizona and its Attorney General’s office have emerged as key players in the effort to prioritize data security on the national stage. Since his inauguration in 2015, Arizona Attorney General Mark Brnovich has struck a balance between supporting innovation and protecting Arizonans’ privacy rights. With the support of Governor Doug Ducey, Arizona is taking active steps to broaden the scope of state privacy protection initiatives.

As the current Chair of the Conference of Western Attorneys General (CWAG), AG Brnovich will host CWAG’s 2018 Chair Initiative in Scottsdale, Arizona on May 3 and 4, focusing specifically on data privacy, cybersecurity, and digital piracy. The meeting will bring together AGs from around the country as well as thought leaders and key stakeholders in the private sector to tackle new horizons on issues such as breach notification, the European Union’s data protection regulations, national security, and FinTech. To read more about AG Brnovich’s 2018 Chair Initiative, and his take on how attorneys generals are tackling privacy and data security issues, check out Reed Smith Partner Divonne Smoyer and Associate Kimberly Chow’s recent Q&A with AG Brnovich on the website of the International Association of Privacy Professionals.Continue Reading Arizona emerges as privacy innovator as its AG and Governor lead the charge

In February, we reported that South Dakota and Alabama were the last two U.S. states without data breach notification laws. Since then, both states have enacted data breach laws.

South Dakota governor Dennis Daugaard signed South Dakota Bill No. 62 into law on March 21, making it the 49th state to pass a data breach notification law. The law integrates contemporary principles found in other recently enacted state data breach laws. These principles include a broad definition of personal information—for example, employee ID numbers together with an access code or biometric data fall within the scope of the definition. The law requires companies to disclose a breach to affected consumers no later than 60 days from the date of discovery or notification of the security incident. Affected consumers include any South Dakota resident whose “personal or protected information was, or is reasonably believed to have been, acquired by an unauthorized person.”Continue Reading A complete quilt: South Dakota and Alabama are final two states to enact data breach laws

In a published decision, a unanimous panel of the Appellate Division rejected “the notion that plaintiffs – in alleging an invasion of privacy in an office building’s bathroom – could only claim the presence of a hidden recording device by demonstrating their images were actually captured.” Jaime Friedman et al. v. Teodoro Martinez et al., case number A-4896-15T1.  In so doing, the panel rejected a lower court ruling and allowed plaintiffs to survive summary judgment on the basis of more circumstantial evidence.

The plaintiffs in Friedman alleged that a janitor placed hidden recording devices in a women’s restroom and recorded private activities for six months to a year. The police recovered footage of about eight hours of such illicit surveillance. The plaintiffs, sixty women, sued the janitor and his employer, as well as the owner of the building and the company managing the building. Each plaintiff alleged that she had used that women’s restroom while the hidden camera had been activated.

In discovery, the trial court required each plaintiff to identify one or more images of herself on the recovered recording. Thirty-five of the plaintiffs were unable to do so. As to those plaintiffs, the trial court granted defendants’ summary judgment.Continue Reading New Jersey Appellate Division allows some video surveillance claims to proceed, even though plaintiffs cannot identify themselves in the recovered recording

The International Association of Privacy Professionals and Reed Smith’s Washington, D.C. office co-hosted the Association’s KnowledgeNet Chapter meeting, “Key Federal and State Regulatory and Enforcement Trends in Privacy to Watch in 2018 – Direct from the Regulators” on February 27, 2018.

Reed Smith partner Divonne Smoyer moderated a panel discussion featuring Utah Attorney General Sean

Democrat Phil Murphy has been elected as the next Governor of the State of New Jersey. Murphy comes in to the office with a double-digit victory over departing lieutenant governor Kim Guadagno (R), and the backing of a state legislature controlled by Democrats.  Governor-Elect Murphy, who has never served in elected office, promises to take the Garden State in a new direction.

Among the portions of his platform most likely to be of interest to businesses, Governor-Elect Murphy has committed to:

  1. “Establishing a state-level Consumer Financial Protection Bureau and strengthening existing regulations in light of President Trump’s efforts to roll-back the federal Dodd-Frank Wall Street reform law”;
  2. “Holding bankers accountable by prosecuting financial fraud”;
  3. “Requiring telecom providers and ISPs to seek permission before collecting personal information”;
  4. “Appointing an Attorney General who will enforce consumer protections around data privacy”;
  5. “Improving our state’s existing cybersecurity and other Homeland Security initiatives”; and
  6. “Convening stakeholders in government, industry, and academia to share best practices in cybersecurity and to foster new innovations.”

Continue Reading Businesses Operating in the Garden State Brace For NJ Governor Murphy