Major Media Companies Face
Class Action Lawsuits for Alleged Violations of California’s Shine the Light
Act
|
|
|
A series of class action
lawsuits filed in late December 2011 against major media companies
including Reader’s Digest, Men’s Journal and Conde
Nast Publications, underscores the importance for companies nationwide to
comply with California’s Shine the Light Act. Each of these suits,
which seek significant damages, alleges that the media companies failed to
comply with the Act’s privacy disclosure requirements regarding business
transactions with California residents. The Shine the Light Act,
which went into effect in 2005, requires companies doing business with
California residents to provide, upon customer request, the categories of
personal information that the company disclosed to third parties (for
marketing purposes) during the preceding year and the names and addresses of
those third parties. Companies subject to the statute must
(1) designate a mailing address, email address, or, if they elect to
receive requests by telephone or facsimile, a toll-free number or facsimile
number through which such requests can be received; and (2) respond to
requests made to company employees with regular contact with customers, such
as customer service representatives or sales personnel. Companies
failing to comply with these requirements face statutory damages of $500 for
each violation, which amount can be increased to $3,000 per violation if the
violation was willful, intentional, or reckless. A partial exemption from
the requirement exists, however, for companies that do not disclose a customer’s
personal information unless the customer either affirmatively agrees to the
disclosure (opt-in) or exercises an option to prevent the disclosure of the
information (opt-out). These options must be accessible to the consumer
from a link on the company’s Internet home page. In addition, a
description of the customer’s rights and a mailing address, email address,
toll free number or facsimile number to which requests for information can be
sent must be provided on the first page of the company’s privacy policy. Recommendation Whether or not these
class action lawsuits are ultimately successful, they serve to illustrate the
potentially costly consequences of failing
to comply with the notice requirements of California’s Shine the Light
Act. Indeed, since California residents can access websites in any
geographic location, no business is immune from potential liability.
Any entity that collects personal information from California residents
should therefore have a clear and conspicuous link to its privacy policy on
its home page titled “Privacy Policy/Your California Privacy Rights,” and
include a prominent section describing the rights of California residents
under the Shine the Light Act in the first section of that privacy
policy. The privacy policy must also provide contact information to
which privacy-related inquiries can be directed. If you have any questions
about complying with California’s Shine the Light Act or any related issue,
please do not hesitate to contact Louis J. Levy (llevy@lermansenter.com,
202.416.6748) or S. Jenell Trigg (strigg@lermansenter.com, 202.416.1090). January 27,
2012 |
|
|
This memorandum is intended only as a general discussion of these issues and should not be regarded as legal advice. We would be pleased to provide additional details or advice about specific situations if desired. Copyright © 2012, Lerman Senter PLLC 2000 K Street NW,
Suite 600 | Washington, DC 20006-1809 To Unsubscribe: Unsubscribe | To Update Client Info: Update Client Info |
|
