California Invasion of Privacy Act Lawsuits Challenge Website Live Chats

Posted by:

California Invasion of Privacy Act Lawsuits Challenge Website Live Chats

Does your business use live chats to offer customer service support to your customers?  Throughout the past year, hundreds of nearly identical suits have been filed alleging that the live chat features on businesses’ websites may violate the California Invasion of Privacy Act (CIPA).  Most of the lawsuits have been filed by attorneys at the Newport Beach, California, firm called Pacific Trial Attorneys, but other firms have brought very similar lawsuits.

CIPA is a set of California penal statutes that are directed against unconsented wiretapping or recording of telephone communications. The CIPA complaints allege that some software vendors that facilitate customer service live chats are acting as third-party eavesdroppers or wiretappers who share sensitive customer information with entities such as Meta for purposes of targeted advertising. In order to fit their allegations of internet-based communications into the CIPA wiretapping and eavesdropping prohibitions protecting telephone communications, the lawsuits often allege that the plaintiffs accessed the defendant’s live chat through their smart phone’s web browser.

The Conkle firm attorneys believe the plaintiff law firms’ approach is a flawed legal theory that is an unwarranted attempt to extend the scope of the CIPA statute.  At present, no reported decisions have determined the merits of these types of claims, and it appears that most of the lawsuits are intended primarily to draw settlements from defendants wishing to avoid the expense and risk of defending themselves.

If your business has a web presence that involves a “chat” function, it may be prudent to take proactive measures to reduce the risk of having to defend a CIPA lawsuit.  Such measures include plain disclosures to live chat users about the involvement of a third-party software vendor, a method of documenting consent of the live chat user, and links to an appropriately-phrased privacy policy. Such prophylactic measures will not only help deter plaintiffs’ lawyers from targeting your business for CIPA violations but can also contribute to a transparent and trustworthy customer experience.

It is also important that you respond quickly and appropriately if you receive a warning letter or demand from a law firm claiming that your business is violating CIPA. A swift and appropriate response is an important part of your defense to such claims and may ward off a lawsuit that is otherwise almost sure to follow. Should you receive a demand letter alleging a CIPA violation based on the above-conduct, it is best to promptly contact experienced counsel for guidance and assistance. Conkle, Kremer & Engel attorneys are very familiar with this area of the law and can guide your business to improve website chat features to forestall such claims, respond to demand letters or, if necessary, defend CIPA litigation.

16
NOV
0

Advertising and Labeling, Banking and Finance, Beauty Industry, California Privacy Rights Act, Fashion, Food, Craft Beer and Nutrition, Industries Represented, Litigation, Arbitration and Mediation, Manufacturing, Privacy, Privacy Rights, Real Estate & Construction, Sales, Technology

, , , , , , , , , , , , , , , , , , , , , , ,

CCPA Metrics Disclosure Requirement Takes Effect July 1, 2021

Posted by:

CCPA Metrics Disclosure Requirement Takes Effect July 1, 2021

Effective July 1, 2021, annual public disclosure requirements will start to apply to every business that is required to comply with the California Consumer Privacy Act (“CCPA”), and which knows or should know that (alone or in combination) it  buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes the personal information of 10 million or more California residents in a calendar year. This requires these businesses to compile the following metrics for the previous calendar year (January 1, 2020 through December 31, 2020):

  1. The number of requests to know that the business received, complied with in whole or in part, and denied;
  2. The number of requests to delete that the business received, complied with in whole or in part, and denied;
  3. The number of requests to opt-out that the business received, complied with in whole or in part, and denied; and
  4. The median or mean number of days within which the business substantively responded to requests to know, requests to delete, and requests to opt-out.

This information must be disclosed in the business’s privacy policy or posted on its website and accessible from a link included in the privacy policy.  The metrics must be updated annually by July 1. In the disclosure, a business may choose to disclose the number of requests that were denied in whole or in part because the request was not verifiable, was not made by a consumer, called for information exempt from disclosure, or was denied on other grounds.

To review, the CCPA, which became effective on January 1, 2020, grants California consumers the right to control the personal information that businesses collect about them. Through the CCPA, California residents have the right to know what personal information is being collected, whether their personal information was sold or disclosed (and to whom), and may request that businesses delete their personal information.  Currently, only for-profit businesses that collect consumers’ personal information and meet one or more of these criteria must comply: (1) the business has an annual gross revenue in excess of $25 million; (2) the business collects, buys, receives, sells, or shares the personal information of 50,000 or more California-resident consumers, household, or devices; or (3) the business derives 50% or more of its annual revenue from selling consumers’ personal information. For more information about the rights afforded to California residents, and businesses’ obligations under the CCPA, see below for some of our previous CCPA blog posts.

Among other requirements, all businesses that are required to comply with the CCPA must maintain records of CCPA consumer requests and how the business responded to the requests for at least 24 months. These businesses are required to implement and maintain reasonable security procedures and practices in maintaining these records. Such records may be maintained in a ticket or log format, provided that the ticket or log includes the date of request, nature of request, manner in which the request was made, the date of the business’s response, the nature of the response, and the basis for the denial of the request if the request is denied in whole or in part.

In addition, the businesses must establish, document, and comply with a training policy to ensure that all individuals responsible for handling consumer requests made under the CCPA or the business’s compliance with the CCPA are informed of all the requirements in these regulations and the CCPA.

Attorneys at Conkle, Kremer & Engel are staying current with the CCPA and to guide their clients through compliance with this sweeping data privacy law.

30
JUN
0

Banking and Finance, Beauty Industry, California Privacy Rights Act, California Trade Regulations, Fashion, Food, Craft Beer and Nutrition, Industries Represented, Manufacturing, Privacy, Privacy Rights, Real Estate & Construction, Sales, Technology

, , , , , , , , , , , , , , ,

ADA Lawsuits Attacking Website Accessibility Mount

Posted by:

ADA Lawsuits Attacking Website Accessibility Mount

Over the past few months, we have seen an increase in pre-litigation letters and lawsuits charging Americans with Disabilities Act (“ADA”) violations against commercial websites. These notice and demand letters and lawsuits allege that businesses’ websites violate the federal ADA and similar state laws because they do not give full and equal access to individuals who have disabilities (including blindness, visual impairment and hearing impairment). ADA lawsuits have been filed in federal and state courts throughout the country. No state is immune from such suits, and no business is too small to receive such ADA demands and claims.

One of the factors undoubtedly is the rise of law firms, and consortiums of firms, that specialize in filing such suits. The law firms often work with repeat-plaintiffs with disabilities, much like law firms that specialize in Proposition 65 private enforcement claims in California who work with repeat plaintiffs who purchase products that are then made the subject of notices of violations and lawsuits. The subjects of ADA and Prop 65 laws differ greatly, but the common element is that liability can be fairly easy to establish under both ADA and Prop 65, and both statutes allow awards of attorneys’ fees to the law firms that can far exceed the damages awarded. Some of the law firms that commonly send ADA letters making demands and file lawsuits about website accessibility problems include Pacific Trial Attorneys (Newport Beach, CA), Nye, Stirling, Hale & Miller (Santa Barbara, CA), The Sweet Law Firm (Pittsburgh, PA), Block & Leviton, LLP (Boston, MA), and Carlson Lynch (Chicago, IL).

While there is no universally mandated standard, many large businesses and state and federal agencies follow WCAG 2.1, Level AA standards, which were created by the Web Accessibility Initiative, an internationally recognized organization. Generally, WCAG 2.1 Level AA compliance requires that websites have text components for all images and videos such that assisted technology software may read this content to users. Among other requirements, the standards also require that websites have proper contrast between background images and overlapping font so that visually impaired individuals can use assisting software to be able to read and navigate the website.

To minimize the risk of receiving an ADA violation letter or being sued, we recommend you take at least the following steps:

  1. Request that your digital team ensure and confirm that your website conforms with WCAG standards and, if so, what version/level as there were several earlier WCAG standards prior to the current WCAG version 2.1. To reduce the chances of such claims being made against your company, request your digital team to make your website WCAG 2.1 Level AA compliant and keep it that way until a more updated standard comes into general use.
  2. Add a footer entitled “Accessibility” or “Accessibility Statement” to your website. The footer should preferably appear on the homepage and each webpage, preferably near your “Privacy Policy” and “Terms of Service” footers.
  3. Add a webpage that is linked to the Accessibility Statement footer (e.g. https://www.conklelaw.com/accessibility-statement). This webpage should include an Accessibility Statement discussing your commitment to ensuring accessibility to all and providing contact information to report accessibility barriers and assistance with purchasing products or navigating the website. If you want help formulating your Accessibility Statement, seek qualified counsel to assist you.
  4. Instruct your digital team to periodically review the website as it is updated to ensure there are no access barriers, that all newly uploaded content (including temporary pop-up offers, sale announcements, discount codes, rebates, etc.) complies with WCAG standards, and that all customer service representatives are trained to handle website accessibility inquiries. This training should include advising a responsible person in your digital team of any reported accessibility barriers, and being specifically trained to help disabled customers place orders.

Even if you have not taken these steps before receiving a demand letter or lawsuit from one of the ADA plaintiffs’ lawyers, it’s possible to reduce liability by taking prompt steps. If you received such a website accessibility notice of violation or legal complaint, contact qualified counsel promptly to assist in minimizing the impact and avoid similar future claims. All of the ADA violation matters that Conkle, Kremer & Engel attorneys have defended have been resolved fairly quickly with modest settlements. Others accused of website ADA violations have not been so fortunate, with some reporting having paid tens of thousands of dollars. CK&E attorneys are well qualified to help with all types of ADA and accessibility compliance concerns, whether for websites or physical facilities.

16
AUG
0

ADA - Americans with Disabilities Act, Banking and Finance, Beauty Industry, California Trade Regulations, Fashion, Food, Craft Beer and Nutrition, Industries Represented, Litigation, Arbitration and Mediation, Manufacturing, Real Estate & Construction, Regulatory Compliance, Sales, Technology

, , , , , , , , , , , , , , , , , , , , , , , ,