Photo of Alicia A. Baiardo

Ali, a partner in the San Francisco office of McGuireWoods, is a commanding commercial litigator trusted by three of the largest U.S. banks and numerous Fortune Global 500 companies to defend multimillion-dollar class actions and other complex litigation. She defends nationwide consumer class actions brought on behalf of millions of class members, California-wide cases alleging unfair competition, fraud, and violation of various consumer protection statutes, and complex Ponzi-scheme matters brought against banks.

Update: On the evening of June 24, 2020—the same date we published the post below and the day before the original deadline for verification of signatures—the Secretary of State announced that the CPRA reached the signature verification threshold and qualified for the fall 2020 ballot.  While the Mactaggart lawsuit will now be a mere footnote in the history of the CPRA, any way you look at it, this was a successful week for Californians for Consumer Privacy.

On June 19, 2020, the Superior Court for Sacramento County, California issued a ruling providing relief to the promoters of the California Privacy Rights Act ballot initiative (the “CPRA”).  We wrote here about the potential problem with the timing of the signature verification process required for the CPRA to qualify for the Fall 2020 ballot, but that issue now appears to be resolved.

The specifics are to be ironed out in a further order to be jointly proposed by the parties, but suffice it to say that the procedural issue with the timing of signature verification will not prevent the CPRA from appearing on the Fall 2020 ballot.  For now, the Court ordered as follows:Continue Reading CPRA Back on Track Following Court Order

On May 14, California Secretary of State Alex Padilla announced that the California Privacy Rights Act of 2020 (the “CPRA”) had obtained sufficient raw signatures to qualify for the November 3, 2020 ballot.  Those signatures are currently being verified by the counties in which they were obtained.  However, based on a complaint filed June 8 by Alastair Mactaggart and other members of Californians for Consumer Privacy—the proponents of the CPRA—it appears that the verification process may not be completed in time for the CPRA to appear on the ballot this Fall.

The lawsuit, Alastair Mactaggart, et al. v. Padilla, filed in Sacramento County Superior Court, alleges that Secretary of State Padilla failed to adhere to a provision of the California Elections Code requiring his office to “immediately” notify county officials to begin the verification process upon receipt of a sufficient number of raw signatures.  Here is a brief timeline of the events alleged in the Complaint:Continue Reading A Day Late, but Will it Fall Short? CPRA Ballot Initiative May Not Appear on Fall Ballot

On June 1, 2020, the California Attorney General submitted the final text of the CCPA Regulations to the California Office of Administrative Law (the “OAL”).  This was the last step the AG needed to take before the Regulations become enforceable.  But whether enforcement will still start on July 1, 2020 as set forth in the CCPA remains uncertain.

What does this mean for the timing of CCPA enforcement?

Some have questioned whether the AG’s delay in submitting the Regulations following the end of the last comment period in March signaled an intent by the AG to delay enforcement of the CCPA.  So far, however, there is no indication of any intended delay in either the AG’s press announcement regarding submission of the Final Regulations or his prior comments reiterating his intention to keep enforcement on track despite COVID-19.  Indeed, the AG requested expedited review of the Regulations by OAL in order to meet the July 1 deadline.Continue Reading AG Submits Final CCPA Regulations—Is Enforcement Still on Track for July 1, 2020?

The global coronavirus pandemic continues on, and the cyberattacks and scams continue to multiply.  In the midst of the pandemic, hackers are capitalizing on fears surrounding the outbreak by crafting COVID-19-themed attacks aimed at infecting computers with malware or obtaining sensitive, personal information.  Below are some of the latest examples of attacks and vulnerabilities to be aware of:
Continue Reading Update: Coronavirus Cyberscams and Other Attacks – Scammers Are Still at It

In the midst of the coronavirus pandemic, hackers are capitalizing on fears surrounding the outbreak by crafting COVID-19-themed attacks aimed to infect computers with malware or obtain sensitive, personal information.

For example, readers may be familiar with a popular interactive dashboard created by Johns Hopkins University using real-time data from the World Health Organization to track the spread of the virus. It has become a go-to source for many wishing to stay up to date on the virus. Recently hackers have circulated links via social media, email attachments and online advertisements to malicious websites that are disguised as the university’s COVID-19 map. However, the deceptive links open an applet that, when installed, infect the device with malware designed to steal personal data such as login credentials, banking information and other sensitive data. To ensure you are accessing the “real” COVID-19 map, directly access it through Johns Hopkins’ official home page, rather than clicking any unidentified links or searching the internet.Continue Reading Coronavirus Cyber Scams: Outbreak Map Used to Spread Malware and Cyber Attack Experienced by the HHS

Here we go again.  On March 11, 2020, the California Attorney General (AG) published a second set of modifications to its Regulations under the California Consumer Privacy Act.  Unlike the AG’s modifications from just last month, the substantive changes this time are not quite so numerous.  There are, however, a few provisions worth noting.

As a general matter, the most significant changes this time around consist of undoing some of the additions made in the first set of modifications.  There is also some new language in the Regulations that provides further guidance for businesses that do not directly collect personal information as well as businesses working to draft CCPA-compliant privacy policies.Continue Reading California Attorney General’s Second Set of Modified CCPA Regulations: Undoing, Redoing, Clarifying

On February 7, 2020, the California Attorney General (AG) published a set of Modified Regulations under the California Consumer Privacy Act (CCPA).  The Modified Regulations take into account some of the comments received from the public late last year and make key changes to multiple definitions and provisions, in at least some cases providing more clarity and specificity than the original version.  The regulatory process is not yet done—the AG is accepting written public comments on the Modified Regulations until February 24, 2020—but it is unlikely there will be many more substantial revisions from this point forward.  It also now seems possible that we will see final Regulations in advance of the July 1, 2020 deadline.  The last step in the process is the AG’s submission of the final rulemaking record for approval by the CA Office of Administrative Law (OAL), which has 30 working days to approve the record before filing of the final Regulations with the Secretary of State.
Continue Reading California Attorney General’s Modified CCPA Regulations: Top Ten Changes

In less than one month, the California Consumer Privacy Act of 2018 (CCPA) will go into effect and begin a new era of data breach litigation. While the California Attorney General is charged with generally enforcing the state’s landmark privacy law, consumers’ ability to rely on a violation of the CCPA as a basis for violations of other state law statutes will be a concern.

For background, Section 1798.150(a)(1) of the CCPA gives consumers a limited private right of action. The provision allows consumers to sue businesses that fail to maintain reasonable security procedures and practices to protect “nonencrypted or nonredacted personal information” of a consumer and further fail to cure the breach within 30 days. A violation of this data security provision allows recovery of statutory damages of $100 to $750 per consumer per incident or actual damages, whichever is greater, as well as injunctive relief. To determine the appropriate amount of statutory damages, courts must analyze the circumstances of the case, including the number of violations, the nature, seriousness, willfulness, pattern, and length of the misconduct, and the defendant’s assets, liabilities, and net worth.Continue Reading CCPA Review: The CCPA May Prohibit Some, But Not All, State Consumer Protection Law Claims

This week, the California Attorney General held public hearings on the draft California Consumer Privacy Act (CCPA) regulations it issued in October.  We attended the hearings in both Los Angeles and San Francisco.  One clear message resounded — unintended consequences of the proposed regulations if left as drafted.

Both hearings were well-attended, with dozens of comments from businesspeople, attorneys, and a handful of concerned citizens.  In addition to these two hearings, the Attorney General also held public hearings in Sacramento and Fresno, and is accepting written comments through Friday, December 6, 2019.  If the Los Angeles and San Francisco hearings are any indication, there are many areas in which the Attorney General could provide further clarity should it choose to revise the current draft regulations.Continue Reading California Attorney General’s Public Hearings on CCPA Regulations in Los Angeles and San Francisco—An Overview

Welcome back to our three-part series providing an overview of CIPA, recent CIPA class actions, and class action defenses. In Part I we provided an overview of CIPA and its recent resurgence in the age of smart speakers.  In Part II we highlighted recent class actions alleging CIPA violations involving the use of smart speakers. Here, we address potential defenses in response to a motion to certify a CIPA class.

Defenses to a CIPA Class Action

These recent lawsuits are good reminders of the real privacy concerns with new developing technologies.  Below is an overview of practice pointers and lessons learned from CIPA lawsuits if you are named in CIPA litigation.
Continue Reading The Revitalization of CIPA Claims in the New Age of “Smart” Speakers (Part III)