Alyssa Sones

Alyssa M. Sones is an associate in the Business Trial Practice Group in the firm's Century City office.

Contact:

California Regulator Drives Inquiry into Vehicle Data

By Liisa Thomas & Alyssa Sones on August 15, 2023

Posted in California Privacy, CCPA, Consumer Privacy, Telemetrics, US Privacy

The enforcement division of the California Privacy Protection Agency (CPPA) recently announced it intends to review the privacy practices of connected vehicles. The driving force behind the review is the technologies in connected cars that raise privacy concerns. These include location sharing and smartphone integration. Connected cars often also have cameras and web-based entertainment systems. These cars—and the technologies in them—may monitor people both in the car and outside of it. For many Californians, the car is part of their daily routines. Connected vehicles can effectively becoming a constant data generator.Continue Reading California Regulator Drives Inquiry into Vehicle Data

Illinois High Court Allows Biometric Privacy Claims to Go Back Five Years

By David Poell & Alyssa Sones on February 10, 2023

Posted in Biometrics, Illinois Privacy, Tracking

A plaintiff has her fingerprints forever. But she doesn’t have forever to file a lawsuit for improper retention, deletion, collection, or use of her fingerprints. For years, Illinois courts have been perplexed on what statute of limitations applies to different claims under the Illinois Biometric Information Privacy Act (“BIPA”). That left an unanswered question: how long does a plaintiff have to file a BIPA claim before losing it? The Illinois Supreme Court weighed in last week, siding with the plaintiffs’ bar. In Tims v. Black Horse Carriers, Inc., that Court held that plaintiffs have five years to file any BIPA claim.Continue Reading Illinois High Court Allows Biometric Privacy Claims to Go Back Five Years

Mint Gets Data Breach Claims Dismissed

By Alyssa Sones on May 13, 2022

Posted in Data Breach

California federal Judge William Alsup dismissed various claims against Mint Mobile LLC based on a data breach that exposed personal information of Mint customers. Plaintiff Daniel Fraser alleged that Mint, a mobile virtual network operator using the T-Mobile network infrastructure, was hit with a data breach in June 2021. According to Fraser, the breach resulted in disclosure of his and others’ personal information, including names, addresses, email addresses, phone numbers, account numbers, and passwords.
Continue Reading Mint Gets Data Breach Claims Dismissed

Supreme Court Decision Impacts How FTC May Pursue Privacy Cases

By Liisa Thomas & Alyssa Sones on June 7, 2021

Posted in Consumer Privacy, FTC, US Privacy

The Supreme Court recently dealt a potential blow to the FTC’s enforcement tool chest. In particular, the decision impacts its ability to seek monetary relief under a theory it has used in a wide variety of cases, included privacy and security ones, that monetary relief constitutes a “permanent injunction” on consumers’ behalf. In AMG Capital Management, LLC v. Federal Trade Commission, the Supreme Court held that while the FTC should be able to obtain injunctive relief to stop unfair practices, that power does not extend to seeking monetary relief for injured consumers.
Continue Reading Supreme Court Decision Impacts How FTC May Pursue Privacy Cases

California Governor Pulls the Plug on Genetic Information Privacy Act

By Alyssa Sones on October 20, 2020

Posted in California Privacy, CCPA, Consumer Privacy, COVID-19, Digital Health, Healthcare Privacy

Governor Gavin Newsom of California vetoed a bill that would have created new limitations on data sharing for direct-to-consumer genetic testing companies.
Continue Reading California Governor Pulls the Plug on Genetic Information Privacy Act

French Regulator Says “Oui” to GDPR Fines for Under-Protected and Over-Retained Data

By Alyssa Sones on July 29, 2019

Posted in Consumer Privacy

CNIL, the French data privacy regulator, issued a 400,000 euro ($448,358) fine against a company for GDPR violations stemming from sensitive information collected on its website. Investigating a complaint, CNIL discovered that the online real estate company Sergic allowed customer information to be freely accessed online and kept that information longer than needed. By editing the text of a certain URL, a Sergic user could retrieve sensitive files that another home rental candidate had uploaded into the website. This security defect led the trove of nearly 300,000 tax and identity documents to be accessible to anyone who thought to change the text of that URL. CNIL said that this website design flaw affected the confidentiality of data in violation of Article 32(1)(ii) of GDPR.
Continue Reading French Regulator Says “Oui” to GDPR Fines for Under-Protected and Over-Retained Data

Washington State’s Comprehensive Privacy Law Bill Continues to Navigate Through State Legislature

By Alyssa Sones on April 17, 2019

Posted in CCPA, Consumer Privacy, GDPR

The Washington Privacy Act (SB 5376) is making its way through that state’s House after gaining nearly unanimous approval in the state Senate just weeks after being introduced. This bill promises to overhaul how Washington protects the personal information of its residents. The proposed Act closely mirrors the California Consumer Privacy Act of 2018 (CCPA) and is expressly modeled around the European General Data Privacy Regulation (GDPR) that went into effect last May. Despite borrowing heavily from these current regimes, the Washington Act is adding its own twists on privacy standards.
Continue Reading Washington State’s Comprehensive Privacy Law Bill Continues to Navigate Through State Legislature

UK Issues Fine for Unsolicited Funeral Marketing Emails

By Alyssa Sones & Liisa Thomas on October 26, 2018

Posted in Communication Privacy, Email Marketing, EU Privacy

The U.K. data protection authority recently fined a lead generation company £90,000 ($118,000) for a 2017 unsolicited email marketing campaign. The company, Boost Finance Ltd, sent over 4 million emails promoting pre-paid funeral plans under the name findmeafuneralplan.com. In reaching its decision, the ICO (the UK data protection regulator), said that the company violated the UK’s Privacy and Electronic Communications Regulations by sending the messages without consent.
Continue Reading UK Issues Fine for Unsolicited Funeral Marketing Emails

Vermont Is First Mover Regulating Data Brokers

By Alyssa Sones & Liisa Thomas on July 16, 2018

Posted in Data Protection, Data Security

Vermont recently enacted a data broker security law, one of the first of its kind. The law requires data brokers to develop and implement a comprehensive security program. The program needs to include administrative and technical safeguards to protect personal information. Data brokers are defined as businesses that collect and sell or license data about consumers with whom the business does not have a direct relationship.
Continue Reading Vermont Is First Mover Regulating Data Brokers

FTC Expresses Concerns Over Mobile Security Updates

By Alyssa Sones & Liisa Thomas on May 17, 2018

Posted in Consumer Privacy, FTC

In its recent report (Mobile Security Updates: Understanding the Issues), the FTC expressed concerns with the process for keeping mobile devices updated and secure. Of particular concern for the FTC were inconsistencies in the length of time that support is offered for mobile devices, the frequency of updates and the perceived lapse of time between identifying a vulnerability and effectively installing a patch on consumers’ devices. Further, the FTC was worried that information about device support and update frequency is not always clear to consumers, and is not always maintained by manufacturers.
Continue Reading FTC Expresses Concerns Over Mobile Security Updates

Eye On Privacy