Consumer Law

Data Mining and Privacy Concerns

Published on: August 11, 2014 | by Law Offices of Salar Atrizadeh

Where you visit online seems to say a lot about you. Online privacy has been in the spotlight recently, as consumers come to terms with the reality that their online tracks define who they are to marketers and government agencies. By studying this data, third parties can paint a picture about consumers—i.e., where they go, what they do, their preferences, and even any illegal conduct. Now, data brokers can also compile and study large bodies of data to find patterns in behavior. While this carries huge potential for technological advancement, it also comes with greater threats to consumer privacy.

What Is Data Mining?

Data mining is the intricate process whereby data brokers collect, store, and study large sets of data for patterns. The data includes everything from shopping habits, healthcare records, online practices, and public records (e.g., court and property records). This data is then used in a variety of fields, including intelligence gathering, statistics, database systems, and machine learning. Usually, data mining is used to compile lists for targeted marketing purposes—such as lists of diabetics, smokers, and political affiliations. However, recent reports indicate that data mining has been used to compile more personal lists—rape victims, addicts, and AIDS victims. The U.S. government has used data mining in various surveillance projects. These projects were ultimately terminated because of rising concerns that they violate the Fourth Amendment protection against unreasonable searches and seizures. It is most shocking that the subjects never know they are victims to data mining. At a glance, most of these categories seem harmless. However, the underlying threat is that data brokers conduct mining projects without notifying consumers and without obtaining consent.

California’s Anti-Spam Laws

Published on: August 4, 2014 | by Law Offices of Salar Atrizadeh

In recent years, consumers have received numerous emails from merchants, all trying to sell a service or a product. While marketing and commercial activity is central to the American economy, the recipients of these emails must also enjoy their privacy. In an effort to protect against these disruptive emails, the California Legislature passed anti-spam laws in order to regulate commercial email activity. In addition, a recent district court opinion further clarified the types of emails that are implicated by these statutory standards.

What Are California’s Anti-Spam Laws?

In general, California’s anti-spam laws are codified under Business & Professions Code sections 17529 et seq. First, commercial email advertisements must come from a domain name registered to the sender. Commercial email advertisements include any email sent for the specific purpose of selling or advertising a product or service. The purpose of these laws is to limit promotional emails with false or misleading subject information. These laws apply to any U.S.-based company that sends emails to California consumers. It does not matter whether the sender is located in California. In fact, it may not even matter whether the sender knew the recipient was in California. Furthermore, California’s anti-spam laws provide a greater degree of protection than their federal equivalent—i.e., Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM”). For example, CAN-SPAM requires that each email contain an “opt-out” option that allows consumers to quickly unsubscribe from future emails. The sender must comply with such a request within ten business days. In California, there are no such requirements. Indeed, the recipient can collect these emails and sue the sender for up to $1,000 per email. So, the charges can quickly add up. If the sender of commercial emails is faced with a lawsuit, it bears the burden of proving that it was in compliance with both the state and federal standards.

Class Action Fairness Act

Published on: June 23, 2014 | by Law Offices of Salar Atrizadeh

When a person harms another, the harmed party has the option of filing a lawsuit to seek damages. However, certain harms affect large groups of people, sometimes reaching into the thousands. In these cases, state and federal civil procedure rules provide for class action lawsuits. A class action lawsuit is brought by a group of parties who have all suffered a similar harm from a defendant’s actions. The defendants can also make up a class where several defendants contributed to the harms at issue. In 2005, in an effort to provide greater protection for harmed plaintiffs, Congress passed the Class Action Fairness Act (“CAFA”) revolutionizing class action procedures.

What Are the Terms of the Class Action Fairness Act?

First, CAFA dramatically expands federal jurisdiction to include a larger body of class action claims. There are two federal class action jurisdiction requirements. First, the case must be for more than $5 million. Second, at least one plaintiff must be from a different state than one defendant. There are exceptions to the second requirement. For example, if at least two-thirds of the plaintiffs are from the same state as the main defendant, federal courts may not have jurisdiction. By expanding jurisdiction, CAFA changed the class action landscape. In turn, this led to several ambiguities in the case law. This also meant that attorneys skilled in traditional class action procedures had to reinvent their practices to comply with CAFA’s new requirements. The American Bar Association provides resources to demonstrate the applications of CAFA.

The Song-Beverly Act Prohibits Brick and Mortar Retailers From Collecting Email Addresses For Marketing Purposes

Published on: April 28, 2014 | by Law Offices of Salar Atrizadeh

Identity theft and personal privacy are major issues, as more information is available over the Internet and linked together through social media networks. However, even as early as the 1970s, legislatures were taking steps to protect personal information from public exposure and marketing schemes. For example, California’s legislature has passed the Song-Beverly Credit Card Act. In essence, this law prohibits retailers from collecting personal identification information during a credit card transaction from consumers for marketing purposes. As the market for consumer goods spreads to the Internet, courts must decide how far protection of personal information will extend.

What Are the Provisions of the Song-Beverly Act?

The Song-Beverly Act is intended to protect consumers from unwanted marketing efforts. This protects privacy and personal information. More specifically, retailers are not allowed to request and record customers’ email addresses to complete a credit card transaction. Furthermore, these retailers cannot later use these addresses for marketing purposes. However, according to recent case law, this law only applies to “brick and mortar retailers,” or retailers that maintain a physical presence. As such, the statute only applies to in-store transactions and not web transactions. This is an important distinction in light of the fact that an increasing number of purchases take place online.

California’s Anti-Spam Statute

Published on: March 17, 2014 | by Law Offices of Salar Atrizadeh

In recent years, electronic spam has become a public nuisance. In response, several states, including, but not limited to, California, have enacted statutes to prevent electronic spam. As with most legislation that deals with the constantly-changing nature of the web, these statutes struggle to define the extent of their application while staying current with trends. Therefore, courts are charged with the responsibility of interpreting the intent of these laws.

What Are The Provisions of California’s Anti-Spam Statute?

In fact, California’s Business and Professions Code section 17529.5 prohibits any person or entity from sending commercial email advertisements, or spam, in three defined circumstances. First, spam is prohibited if an email advertisement uses a third-party domain without the third-party’s permission. Second, the statute prohibits email advertisements that use misrepresented information in the header. Finally, it is unlawful to use a subject line that is reasonably likely to mislead a recipient about the content or subject of the message. This section applies if the email is sent from California or if it is sent to a California email address. Accordingly, the reach of California’s legislation into other jurisdictions is also an issue for courts to interpret. Furthermore, a party bringing suit may recover both actual damages and liquidated damages. Liquidated damages are limited to $1,000 for each unlawful email and may go up to $1,000,000.

Federal Privacy Laws

Published on: February 2, 2014 | by Law Offices of Salar Atrizadeh

In general, the federal government enforces privacy rights at the federal level and state governments regulate privacy standards at the state level. Depending on the area of privacy laws at issue, different government agencies have enforcement authority. For example, Office of the Attorney General, Federal Trade Commission, and Department of Health and Human Services have certain enforcement authority.

What are federal privacy rights?

The federal Privacy Act of 1974 applies privacy standards for the information that federal executives and agencies can access and disclose. However, these requirements apply only to information about U.S. citizens and legal alien residents. They do not apply to illegal immigrants or corporations.

California Privacy Laws

Published on: January 27, 2014 | by Law Offices of Salar Atrizadeh

In recent years, online transactions, such as activities on social media networks, have exposed personal privacy to greater risks. With so much personal information available over the Internet, it is increasingly important to be aware of the applicable laws, so that your privacy is better enforced and protected. The risks can include identity theft, and data, medical, financial, or workplace breaches.

In the United States, there are overarching federal privacy laws that apply to the states. Also, each state has its own privacy laws. In general, the states can provide greater privacy protection than federal laws, but they cannot provide less protection. Privacy right violations can lead to both civil and criminal penalties, depending on the extent of the violation and the applicable laws.

What are the applicable privacy laws in California?

Mass Tort Litigation

Published on: January 20, 2014 | by Law Offices of Salar Atrizadeh

Tort litigation, unlike criminal litigation, involves civil wrongs committed against a party or entity–such as a corporation. A plaintiff must demonstrate in court that the defendant is liable for plaintiff’s damages to be successful in a tort case. Mass tort litigation involves very much the same concepts except the number of plaintiffs and defendants is different. Specifically, mass tort litigation involves large numbers of plaintiffs who have suffered an injury at the hands of the same defendant, or group of defendants.

What Is Mass Tort Litigation?

Mass tort litigation involves a single wrongful act that results in harm to several victims. These types of cases involve many plaintiffs, who are all suing defendants for the wrongful act. Generally, mass tort litigation involves cases where a large group of plaintiffs are injured by defective drugs, or defective products. Cases dealing with defective drugs, or pharmaceutical claims, deal with medical products that have caused injury to consumers. These cases include both over-the-counter and doctor prescribed drugs. Alternatively, defective product cases involve consumer product claims where plaintiffs have sustained injuries, or even died, from defective products. Courts must grant permission for parties to proceed with mass tort litigation. Courts will look to see how many plaintiffs are involved, how far these consumers are located from one another, whether there are similar injuries among the plaintiffs, and whether the injuries come from a common cause or product. This last factor is necessary for a mass tort case. Otherwise, courts balance the other three factors to determine whether a case is properly deemed mass tort litigation.

Class Action Lawsuits and Internet Law Violations

Published on: January 13, 2014 | by Law Offices of Salar Atrizadeh

Class action lawsuits are a staple in the American court system. The notion that there is strength in numbers is shown in the extraordinarily large settlements that come from these cases. In recent years, there has been a significant increase in class action suits involving internet-based companies (e.g., Facebook, Google, Tumblr, Instagram, or MySpace).

As consumers spend more time on the Internet, sharing their work, preferences, and private information, there is a growing potential for internet law violations. Since numerous consumers engage in same or similar activities, e.g., use email to send/receive information, a single violation implicates the rights of a large group of consumers. In turn, this sparks a class action suit.

How Are Class Action Lawsuits Different From Other Suits?

Target’s Security Breach and Identity Theft Threats

Published on: January 5, 2014 | by Law Offices of Salar Atrizadeh

On December 19, 2013, Target issued a statement confirming a major security breach. According to the statement, approximately 40 million customers were at risk for identity theft because of the breach. Hackers had gained access to customer information, including their names, credit card numbers, debit card numbers, card expiration dates, and security codes. This incident brought light to the ongoing threat of identify theft for customers who use credit or debit cards to make purchases, either in stores or online. With this growing threat, consumers need to take care to protect themselves against potential attacks.

What Is the Extent of the Target Security Breach?

According to Target’s investigations, the hackers began accessing customer information from before Thanksgiving until mid-December. With the information they stole, which is stored on a card’s magnetic strip, the hackers could have made purchases all around the world. Indeed, hackers can also use this information to create new credit or debit cards. Although, there is no evidence the hackers also stole pin numbers, but if they had, they could have withdrawn money from customers’ bank accounts. The United States Secret Service is looking into this massive security breach. In the past, federal and state authorities have held companies liable, even issuing fines, if investigations reveal that a company did not take adequate steps to protect customer information. Analysts predict that here Target may have to spend over $100 million in legal costs to fix the security breach. Costs will increase even more if it’s forced to reimburse credit card companies for fraudulent purchases. However, in the meantime, Target’s first priority has been to act quickly to secure and protect customer information. Although, they have not reached any conclusions, initial investigations suggest the breach could have come entirely from outside hackers, or it could have been achieved with help from its employees. Either way, this level of a security breach suggests that it reached deep within the corporation.