Customers Citing Calif. Transparency Law Might Be a 'Trap,' Lawyers Warn
A wave of letters from California residents seeking information about what personal data was disclosed to third parties via a 2003 law could be a trap for businesses receiving the request, Troutman attorneys warned Monday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
“Over the last three months, businesses have been receiving requests from California residents seeking to exercise their rights under California’s Shine the Light law,” wrote privacy lawyer Angelo Stio and three colleagues. “These requests are sent by attorneys who purport to represent a California resident who is a ‘customer’ of, and has an ‘established business relationship’ with, the business receiving the request. The requests seek an accounting of the customer’s personal information disclosed to third parties for direct marketing purposes within the past year.”
“While innocuous on their face because they do not threaten litigation, the requests are a potential trap for those who lack mechanisms to ensure compliance,” the lawyers said. They recommended that organizations doing business in California should “implement appropriate policies and procedures to avoid claims of noncompliance and potential civil penalties that may be recovered.”
The attorneys added that the “civil penalties available under the law make it fertile ground for plaintiffs seeking to exercise their rights with the hope of establishing noncompliance and a path to recovery.”