Dallas Loved the Ladies

Dallas loved the ladies. Ladies loved Dallas. His parents named him after the city of his birth. Not very original. But most names are not original. When they are, they aren't well received. Better to blend in. Blending in is safe. But Dallas never blended in the same way a giant rooster can't go unnoticed. 

Dallas crossed the street one day and caused several wrecks in the process. This happened on more than one occasion.

He stood several inches taller than most men. His biceps pulled at his short sleeves. His chest muscles rounded under his shirt. Of course he had a flat stomach. But that wasn't it. 

Not a bad looking guy. But was no Elvis. However, he did have great hair. He wore the hair a little long. Not long, in the "Point Break," Patrick Swayze quaffed way. But it was still a mullet. It was long and greasy, like it had been dipped in bacon grease or chicken fried. He was like Tim McGraw with good hair. And, as is the case with Tim McGraw, women often said, “there's just something about him.” 

And his smile. It drew women in like a tractor-beam.

That something about him meant had many things about him. And these things, these attributes, made life easier for him. And harder. 

Harder in the sense that these attributes sometimes got him in trouble. 

Dallas rarely had to work because he always had a sugar-mama or a few sugar-mamas. Dallas really was a good guy, so his popularity wasn't confined to women. Men liked to hang out with him because he always had great stories, and subconsciously, men wanted to be him.

Not everyone felt so positively about Dallas though. One night Dallas went home with a woman named Shelia after knocking back a few Buds at the roadside bar, Honky Tonk Angel. He didn't see a ring on her finger. Shelia left it home that night.

How was a guy to know? Not that it ever stopped Dallas before.

"What’s he doing in my bed?"

The male voice roused Dallas from sleep. But he couldn't make out the words.

“Don't blame him, he didn't know."

"How did he not know you were married? Where's your ring?"

Her truck-driver-husband, Archie, got home early from a cross-country haul.

Shelia mixed up her arrival dates. Dallas stared at the cuckolded husband, who was momentarily paralyzed. Archie regained his composure and swung clumsily at Dallas. He missed. Dallas scooped up his clothes and shoes off the floor. He lit out like he had a fire under his ass. He never did get the husband's name. A few months later, Dallas was drinking a Bud at Honky Tonk Angel, when a process-server slapped him with a summons. Elmwood Jones. was suing him. 

 "Who is Elmwood Jones?” Then he read further. It was Shelia's husband. Archie wasn't his real name. Mr. Jones was suing him for alienation of affection. of affection, an antiquated cause of action for cuckolded husbands and jilted wives.

Dallas retained a lawyer paid for by one of his sugar-mamas. The case went to trial. 

Dallas took the stand. "I didn't know she was married." He spread his hands. "I'm sorry. I didn't mean nothing by it." 

Female jurors and male jurors nodded sympathetically. Women smiled at him. Some even licked their lips, a sign Dallas knew to look for when chasing women.

The jury came back with a $1 verdict against Dallas. After the trial, Jones's lawyer asked a few of the jurors why they didn't find more damages. There were ten women jurors and two male jurors, a dead give away to any good lawyer. But Archie couldn't afford a good lawyer. He got the town drunk, who somehow managed to not get disbarred. 

A sweat little old lady "he reminds me of my grandson.” 

Another juror said, “I watched Law & Order once, and they said something about mens rea being necessary. Dallas didn't have that. Besides, he is a good old boy, and I wouldn’t mind knocking back a few Buds with him."
 

Jones saw a pretty blonde named Crystal slip Dallas her phone number as the two walked out of the courthouse. "That bastard.” Archie would never get it.

Keep all the nasty emails

 

Keep all the nasty emails

 Keep nasty emails from jerk lawyers and jerk humans. Keep all of them.

It's not high tech, but it can be useful for later litigation. 

You can’t “kill all the lawyers,” but there is a thing called a fate worse than death. That is humiliation…through description.

I know a ton of nice lawyers and a few--more than I'd care to--abusive lawyers. The lawyers I can't stand don't live anywhere around here. If I'm lucky, I won't ever have to see them again, but they are out there...lurking in the shadows. This raises the question: how do you deal with bullies you work with?

Like all great lawyer answers/non-answers, it depends on the situation. If you work for a bully, then it is difficult to fight back. Fortunately, I am a partner, and I don't have to allow someone to be nasty to me. While I am respectful, I can fight back.

It wasn't always that way. I worked for a firm in another state, and I won't name the firm. But one of the people I worked with. Let's call him "Jerry." Well...Jerry didn't have what we call in the South "charm." If there was an opposite of charm, that was Jerry.

I won't mince words: Jerry was (and still is I'm sure) a raging a******. I had a job a while back that was largely remote. This required me to communicate mainly by email. Jerry said many, many sharp things via email all of which I still have in my possession. Of course I kept copies. Jerry should have known this. I'm a litigator--he wasn't really--so of course I keep things. I kept everything.

Jerry is the kind of guy who searches for ways to delete excess spaces in documents using AI.

But…he forgets about what he says in emails. I’m assuming many people have kept their email correspondence with Jerry.

You never know when it will be useful.

I realize telling someone to f-off may not be an option. I did that in a nice way to Jerry, and then I left. So, that's not likely a solution.

Emails are key evidence in employment law claims.

Keep all the evidence of it. You never know when it might be useful. As for Jerry, the statute of limitations still hasn't expired. It may support claims for a hostile work environment, potential ADA claims if you are disabled, and wrongful termination claims.

Unfortunately nasty emails are on the rise, and they are bad for your health.

Your best bet is to ignore them as much as possible if you can while you keep good records.

WTF is Cyberbullying?

 What is cyberbullying?

Cyberbullying is the use of the internet to harass, threaten or embarrass someone. Bullies typically do so by sending insulting or threatening texts and messages, spreading rumors about a person on their social media networks, such as Facebook, or controlling what they are able to do or say online.

Why should you care?




Because it can lead to suicide.

Want some examples from here and abroad?

The Cyber Express provides a few examples (a few too many):

· Megan Meier (1992–2006)

Three weeks before turning 14, American teen Megan Taylor Meier committed suicide by hanging herself. Her parents demanded an investigation, and it was determined that MySpace’s social networking site was the source of her cyberbullying. This case was an early warning sign of the ill-effects of social media.

· Phoebe Prince (1994–2010)

Following Phoebe Nora Mary Prince’s suicide on January 14, 2010, the Massachusetts state legislature passed more stringent anti-bullying legislation and charged six adolescents with crimes of violating civil rights.

· Amanda Todd (1996–2012)

Amanda Michelle Todd, a 15-year-old Canadian student who had been the target of cyberbullying, hanged herself to death due to continuous bullying and blackmailing by internet users.

· Rehtaeh Parsons (1995–2013)

Rehtaeh Parsons, 17, a former Cole Harbour District High School student, attempted suicide by hanging herself on April 4, 2013, at her house in Dartmouth, Nova Scotia, Canada. The reason, targeted online harassment.

· Tyler Clementi (1991–2010)

On September 22, 2010, Tyler Clementi, an American student at Rutgers University-New Brunswick, died by suicide by jumping from the George Washington Bridge over the Hudson River. Clementi was subject to cyberbullying by his doom room friends Ravi and Wei, who planted a webcam into his room.

· Jamey Rodemeyer (1997–2011)

Jamey Rodemeyer was a freshman at Williamsville North High School at the time of his passing and had previously attended Heim Middle School. He experienced terrible bullying as a result of being out about being gay.

· Sulli (1994–2019)

Police discovered Choi Jin-Ri, better known as Sulli of the K-pop girl group f(x), dead in her Seongnam home, prompting a closer examination of her career as a singer and a feminist who was frequently the target of vicious Internet trolls and online cyberbullying.

· Tyrone Unsworth (2003–2016)

In Brisbane, Australia, Tyrone Unsworth, an eighth-grader, committed suicide on November 22, 2016, as a result of years of homophobic abuse. On this particular day, his grandfather had intended for him to be at school, but he stayed at the farm instead. When his grandfather returned from work at around 1:00 p.m., he discovered Unsworth dead.

· Hana Kimura (1997-2020)

One of six cast members of the Terrace House reality series on Netflix, which previously broadcast on FujiTV and showed an eccentric group of strangers living together, died at 22.

Kimura’s pink hair, toned form, and energetic temperament helped her become known as a public figure in Japan and attracted a lot of criticism. Her death raised awareness of cyberbullying and the pressures women face to conform to social expectations.

· Kelly Fraser (1993-2019)

Kelly Fraser, a 26-year-old Canadian Inuk pop singer from Igloolik, Nunavut, was well-known for singing original songs and translating popular songs into Inuktitut. Fraser was discovered dead in her Winnipeg, Manitoba, home. Fraser’s family blamed “childhood traumas, racism, and continuous cyberbullying” for her death, which was later ruled a suicide.

Cyberbullying can include:

• Sending mean texts or IMs to someone.
• Pranking someone's cell phone. 
• Hacking into someone's gaming or social networking profile.
• Being rude or mean to someone in an online game.
• Spreading secrets or rumors about people online.
• Pretending to be someone else to spread hurtful messages online.
• Doxing.
• Catfishing. 
• Revenge Porn.
• Fraping.
• Impersonating.

Is Cyberbullying criminally actionable?

YES. Civilly and criminally.

Civil examples include: negligence, harassment, communicating threats, intentional infliction of emotional distress, and others.

Parents of kids harassing people and school districts can be liable as can employers of people acting with apparent or actual authority.

Michael Fights Bullies : We've all been bullied

Michael Fights Bullies : We've all been bullied

Ten Things You Should Know About the Law and Social Media: When Bad Judgment Goes Viral, Watch Out!

 1.     The things you say may have legal consequences: Be careful what you say about people on Facebook, Twitter, or other forms of social media. What you say may be libel. This extends to emails (especially in the work setting) where people say the dumbest, most abusive things possible, all of which can subject them to legal liability. Ask yourself: why is it lawyers always want emails in discovery? Although this does not relate to social media directly, we all remember the lawyers in the news recently for their racist and disgusting emails, which ripped their firm—a firm they started—apart. Ultimately, that story was spread by social media. If you say anything in an email, assume it never goes away. If someone says something horrible to you in an email, make sure you keep a record.

Do I keep such things, you may ask?

I won’t answer that question other than to say that I have a Master of Science in Library Science, and I’ve been a litigator for 18 plus years. And…I’ve published two short stories.

Surely those things cannot be related, right? What is it writes do? They describe. Of course, the fictional stories are made up. After all, it’s fiction.

2.     Get permission before using pictures, articles, or content written by someone else:  Using a person’s or corporation’s pictures, articles or other intellectual property without permission may be copyright infringement. This may subject you to a lawsuit for money damages. Copyright law can be quite thorny, especially with the new Copyright Claims Board, which is essentially a small claims court for copyright claims. This makes it easier to pursue such claims whereas before it was too expensive. Consider number 5, which relates to trademark issues as those may be raised as well.

Donate through Venmo

Donate through PayPal

3.     Do not say anything on social media sites you do not want repeated: Be careful about what you say and when you say it. There are numerous examples of employers seeing Facebook (or other social media posts) posts where people have said they never work at work; then the employer fires the employee. You can imagine other things people post online while clearly at work.

4.     Be careful about the pictures you post:  They might make you look bad (I don’t mean just appearance) or get you sued. Anyone remember what happened to Urban Meyer after those pictures of him at the bar surfaced?

5.     Do not use trademarks without permission: It is against the law to use a trademark without permission. Examples of trademarks include McDonald’s golden arches, Allstate’s good hands, and anything else that may be or is intellectual property.

6.     Watch out for spammers:  Be wary of spammers on Facebook, your phone, email, and other social media outlets. They may be trying to steal your identity. One recent scam is that Facebook scam on Facebook Marketplace where a potential buyer wants a Google Code to “verify you are who you say you are.” It’s a scam.

7.     Refrain from giving TMI (Too Much Information):  Some people chronicle their entire lives on Facebook, which, although entertaining (we love to watch a good train wreck),it can create all kinds of issues. For example, this exposes you to identity theft and blackmail. It can also be used to piece together what’s known as a “synthetic identity” for you, which can result in theft of your information and resources.

8.     Assume what you say never goes away: The internet is vast, and things said on the internet never go away. In other words, what you say may come back to haunt you. If you doubt me, look at the “WayBack Machine,” which takes snapshots of the Internet even if those snapshots no longer exist on websites. It is run by the Internet Archive, which is tasked with preserving the internet.

9.     Police catch criminals by reading their Facebook pages all the time: Criminals like to brag, and they often do so on Facebook. Police know this, and they catch criminals this way all the time. They use TikTok, Twitter, and other social media as well. This applies to other situations that are not of the criminal variety.

10.  Assume people Google you and look at social media about you: I look people up on Facebook, TikTok, Twitter, and other social media all the time. But the first thing I do is Google them, which can tell you a lot very quickly and cheaply. What people say on social media outlets says a lot about them.

Thanks for reading. Feel free to email me at michaelwuva78@gmail.com or michael@wellslaw.us. I use both.

Donate through Venmo

Donate through PayPal

For Whom Does the Ambulance Bell Toll?

Corporations can be terrible, but so can greedy lawyers.

Data breach class actions have spawned a whole new breed of class action lawyers—I can’t wait for John Grisham to jump on them.

I believe corporations and other entities should be held legally accountable. Sometimes the only way to do that is with a lawsuit. At times, single lawsuits wouldn't work, and similarly aggrieved people must band together. This is what happens in a class action lawsuit, which allows representative plaintiffs to act as plaintiffs for their class. There are often multiple classes in a federal class action lawsuit. This is true in some state class actions as well. The settlements are often tens of millions of dollars, sometimes hundreds of millions of dollars.

Leave a comment

What do the class members get for all of this?

The suspense must be killing you…

Not much. Shocking…I know.

Between $13-$90 per person according to a 2019 empirical analysis done by Reuters.

Screwed by a spreadsheet warrior who is OCD.

I’m as pro-plaintiff as it gets, but I don’t like the direction of class actions in the data breach realm.

And what is the size of the average class action settlement? $56.5 million. Furthermore, the median claims rate (according to the FTC) is 9%. Contrast that with the average personal injury settlement where the average settlement is $60,000 plus. Usually this would mean $20,000 for the medical bills, $20,000 for the client to walk away with, and $20,000 for the lawyer. Now, the standard fee is 40% if a lawsuit is filed, but, if the lawyer can resolve it without a bunch of time and costs, then it can be a good idea to split 1/3 1/3 1/3.

What do lawyers make in class action lawsuits? Well...the defense lawyers make hundreds of thousands of dollars defending these massive lawsuits, and the plaintiffs lawyers get between 35-40%  of the total recovery on average. The more claims that are filed the smaller the payout for the class members. Lawyers can elect to take a percentage, or they can multiply their hourly rate times the hours they worked, and there is a formula that's applied. In larger states it's not unusual for lawyers to bill exorbitant rates ($500-$1,000). It's great for the lawyers, but most of the money goes to ID protection and credit monitoring neither of which help much.

So... What do you do when you hear lawyers talking about "truth, justice" and all those inflated and meaningless words in the context of many class actions? I'd be skeptical.

For whom does the ambulance alarm toll? It tolls for thee if the lawyer makes it only about him or her.

If you are an associate, it means you are lining the pockets of the ONLY person whose name is on the door. You must ask yourself, why is only this person’s name on the door? Reasonable minds can disagree, but it makes you wonder…and I don’t curse in emails. It’s bad for business.

Give me a mass action any day because at least clients will “get paid” as opposed to the chicken feed they make in class actions.

Mass actions are individual claims filed by individuals and settled on a case-by-case basis against a common defendant. The claims likely have similar elements to them, but they vary based on the specifics of each plaintiff’s case.

Quite frankly, when I worked on class actions, I got tired of making money for one guy—especially when the claimants made comparatively very little money. At most a few thousand? That’s nothing compared to what the lawyers make, which is hundreds of thousands if not millions.

How is this JUSTICE? Give me a freaking break.

I’ll tell you what kind of justice it is: ersatz justice.

Thanks for reading. Feel free to email me at michaelwuva78@gmail.com or michael@wellslaw.us. I use both.

Banks Stink at Cybersecurity, but why?

 Banks typically stink at protecting YOUR data; they know it; and they know better. Why is this? The main reason: GREED. They are cheap when it comes to cybersecurity because it allows them to pay their executives more. Oh...they like to blame lawyers and regulators, but that's all talk. It rings hollow. What’s that Bob Dylan says about money not talking? And swearing instead?

The banks "doth protest too much." 

Donate through Venmo

Donate through PayPal

Their bellyaching is meant to blind you to what they do, which is almost nothing. Banks are supposed to be secure. They aren't and likely won't be anytime soon. 

What that saying about _____ flowing down hill? You are at the bottom of that hill.

 Here are some ways banks screw up (almost all the time): 

1. Weak Cybersecurity Measures: Insufficient cybersecurity measures, such as outdated software or lack of regular security audits, can make banks vulnerable to hacking and data breaches. Just look at Wells Fargo, which CNN reports "has been plagued by scandal." Consumer deposits just disappeared back in March. This should come as no surprise since Wells Fargo settled a lawsuit for $3 billion back in 2020 over fake accounts; that’s not the only lawsuit they’ve settled in the last few years. They are serial defendants. One of the funniest and most absurd things I ever heard came from a lawyer who used to work for a large bank (it wasn't Wells Fargo), and he claimed the bank he worked for then cared about the people whose mortgages the banks held. I swear I think the dude was wearing an ascot as he said this.

Fortunately I wasn't near the guy because I spit out my coffee in shock over this absurd statement. Big. Banks. Do. Not. Care. They don't care. They have never cared. And they never will care. 

But…you need to care…a lot. And I care about what happens to you, dear reader, as we are all in this muck together.

2. Inadequate Data Encryption: If sensitive personal data is not properly encrypted, it can be easily accessed by unauthorized individuals during data transmission or storage.

3. Improper Data Handling: Banks might mishandle data by sharing it with third parties without consent or keeping it longer than necessary, increasing the risk of unauthorized access. In other words, they sell your data to third-parties, some of whom are not exactly above board.

4. Weak Authentication: Banks sometimes use weak authentication methods, like simple passwords or outdated security questions, making it easier for attackers to gain unauthorized access to accounts.

5. Lack of Employee Training: Without proper training, bank employees might inadvertently mishandle data, fall victim to social engineering attacks, or fail to recognize suspicious activities. People are the biggest problem with 91% of cybersecurity incidents coming from human error. 

6. Insufficient Access Controls: Poor access controls can allow unauthorized personnel to access sensitive customer information, increasing the risk of data breaches.

7. Inadequate Incident Response Plans: Without a robust plan in place, banks might struggle to respond effectively to data breaches, leading to prolonged exposure of sensitive information.

8. Ignoring Regulatory Compliance: Failure to comply with data protection regulations like GDPR or CCPA can result in legal consequences and damage to the bank's reputation. Reputation, of course, implies they have one that is worth damaging.

9. Overlooking Physical Security: Focusing solely on digital security while neglecting physical security measures can expose sensitive data to theft or unauthorized access.

10. Vendor Management Issues: Banks that work with third-party vendors must ensure these partners also adhere to stringent data protection practices, as vendor breaches can impact the bank's customers.

To mitigate these mistakes, banks need to invest in robust cybersecurity measures, implement strong encryption protocols, train employees on data privacy, regularly update their systems, and establish effective incident response plans. Additionally, staying informed about evolving cybersecurity threats and compliance requirements are essential to maintaining the security and trust of their customers. Of course, this would require caring about their customers, which they may not always do. In fact, I suspect they rarely care. If they did, they would protect their customers.

Thanks for reading. Feel free to email me at michaelwuva78@gmail.com or michael@wellslaw.us. I use both. 

The CCPA Should Scare You

 Introduction:

On November 3, 2020, Californians voted in favor of Proposition 24, which introduced amendments to the California Consumer Privacy Act (CCPA). These amendments are collectively known as the California Privacy Rights Act (CPRA) and went into effect on January 1, 2023. The CPRA expands and modifies the CCPA while establishing the California Privacy Protection Agency (CPPA) as the new administrator of the law. This post aims to provide an overview of the CCPA 2023 as amended by the CPRA.

A. Summary:

The CPRA amendment, which builds upon the existing CCPA framework, brings several significant changes. It expands the definition of a "business" by raising the threshold of consumers or households to 100,000 and includes "sharing" in addition to "selling" consumer information for reaching that threshold. Significantly, the CCPA (as amended by CRPA) no longer makes a distinction between “sharing” and “selling” consumer information. It is the same, and sharing personal information without permission may result in liability under the CCPA regardless of where you are located. You could even be located in North Carolina.

Donate through Venmo

Donate through PayPal

If you do business with a California consumer, you could fall under the purview of the CCPA.

Watch out for the “private right of action.”

The private right of action under the CCPA is expanded to include breaches of email addresses and passwords or security question answers that would allow access to a consumer's account. In other words, if you are a California resident, your email address cannot be taken, sold, or shared to a third party without your permission. Email addresses are deemed personal information worthy of protection, which makes a lot of sense given the value of the email addresses to businesses hoping to use information to make a sale or to sell the information itself.

The CPRA introduces new provisions, such as the inclusion of "sensitive personal information," an extended look-back period for consumer information requests, expanded consumer rights, and non-discrimination protections.

 B. Pleading Questions:

For lawyers, the question arises: how do you plead a CCPA claim under the CPRA amendment? When filing a complaint under the CCPA 2023, it is still appropriate to plead the CCPA itself, as the CPRA amendment is integrated into the CCPA framework. While it may be prudent to include a footnote acknowledging the CPRA amendment, it is not necessary. However, it is essential to update the definition of a "business" in complaints to reflect the new threshold of 100,000 consumers or households, and to recognize that both "selling" and "sharing" of consumer information count towards that threshold.

C. Main Points for Private Right of Action:

The CCPA is likely to be the model for comprehensive cybersecurity measures under federal law if Congress ever takes this kind of action. Below is a list of things to keep in mind when pleading a claim under the CCPA as amended by the CPRA.

1.  Pleading the CCPA: Complaints should continue to plead the CCPA, but the definition of a "business" must be updated to include the new threshold of 100,000 consumers or households, and "sharing" should be considered alongside "selling" for reaching that threshold.

2. Expanded Private Right of Action: The CPRA expands the private right of action to include breaches of email addresses in combination with passwords or security question answers, eliminating the need to tie such breaches to a specific category of "personal information" to trigger the notice provision and protections of the CCPA.

3. Introduction of "Sensitive Personal Information": The CPRA adds "sensitive personal information" to the existing category of "personal information." This includes biometric information for unique identification, personal health information, and personal information related to a consumer's sex life or sexual orientation.

4. Extended Look-Back Period: The CPRA allows consumers to request information beyond the usual 12-month period, if it is not impossible or disproportionately burdensome for businesses to provide. This expands the scope of consumer information requests.

5. Expanded Consumer Rights: The CPRA grants consumers the right to correct inaccurate information, opt out of sharing their personal information, and limit the use of their information. It also introduces non-discrimination protections to safeguard employees, job applicants, and independent contractors who exercise their rights under the CCPA.

   Leave a comment

D. Main Points "Fleshed Out":

Below are a few more things to keep in mind: 

1. Use of CCPA after January 1, 2023: The CCPA is still used even after the CPRA amendment.

2. The CPRA modified and expanded the CCPA without creating a separate law. Therefore, when referring to the law, it remains the CCPA.

3. Impact on the Definition of a "Business": The definition of a "business" 

The CPRA amendment to the CCPA introduces several changes that impact how businesses are defined and regulated under the privacy law. These changes broaden the scope and obligations for businesses in handling consumer data. Let's delve into the key modifications brought about by the CPRA.

a. Redefinition of "Business":

Under the original CCPA, a business was defined as an entity that met one or more of the following criteria: (A) had an annual gross revenue over $25 million, (B) possessed personal information of 50,000 or more consumers, households, or devices, or (C) derived 50% or more of its annual revenue from selling consumers' personal information.

The CPRA amends the definition of a "business" by increasing the threshold for the number of consumers or households from 50,000 to 100,000. This means that a business must now meet the requirement of buying, selling, or sharing the personal information of 100,000 or more consumers or households to be subject to the CPRA.

Moreover, the CPRA expands the definition of "business" to explicitly include the sharing of consumer information, treating sharing in the same way as selling. This change expands the reach of the CCPA, ensuring that businesses engaged in sharing consumer data on a large scale are also subject to the law's provisions.

b. Strengthened Private Right of Action:

The CPRA amendment enhances the private right of action provision under the CCPA. Previously, to trigger the notice provision and protections of the CCPA, a breach had to involve a category of "personal information." However, under the CPRA, a breach of an email address in combination with a password or security question and answer that would permit access to the consumer's account is sufficient to trigger the CCPA's provisions. This expansion removes the requirement of a breach involving personal information, thereby broadening the circumstances in which consumers can enforce their rights under the law.

c. Addition of "Sensitive Personal Information":

The CPRA introduces a new category called "sensitive personal information" under the CCPA. This includes all the elements of the previous definition of personal information but adds specific types of data, such as the processing of biometric information for unique identification, personal information related to a consumer's health, and personal information related to a consumer's sex life or sexual orientation. The inclusion of sensitive personal information highlights the heightened privacy concerns associated with these types of data and imposes additional obligations on businesses in handling and protecting them.

d. Extended Look-Back Period:

The CPRA expands the "look-back period" for consumer data requests beyond the previous 12-month period under the CCPA. Consumers now have the right to request information that goes beyond the 12-month period, if providing such information is not impossible or disproportionately burdensome for the business. This change enables consumers to access a broader range of historical data held by businesses, enhancing transparency and empowering individuals to exercise their privacy rights.

Conclusion:

The CPRA's amendments to the CCPA significantly impact how businesses are defined and regulated under the privacy law. With changes to the threshold for businesses, the strengthened private right of action, the introduction of sensitive personal information, and the extended look-back period, the CPRA broadens the scope and obligations for businesses in protecting consumer privacy. These changes reflect the evolving landscape of privacy rights and emphasize the need for businesses to adapt their practices to comply with the new requirements imposed by the CPRA.

Feel free to contact me at michaelwuva78@gmail.com. You can leave a comment, too.

I also publish a legal technology blog NC Legal Technology, a New Frontier.