- About Us
- IT Services
- Consulting Services
- Cyber Security
- Cloud Services
- Our Clients
- Contact Us
Recently, several big class-action lawsuits have been filed in California over whether adequate notices are being given to consumers when their personal information is sold. With the major controversy surrounding Facebook and the use of its users’ personal information during the 2016 presidential campaign, the public has become more aware and informed about this topic.
A recent Newsweek article reports that data brokers typically try to stay below the radar so as not to draw attention to what they do for a living. This may be partly responsible for the fact that over half of all Canadians and Americans say that they do not know exactly what happens when they give their name, address, phone number and email address to a website or company.
Recent lawsuits use California’s Shine the Light Law (S.B.27) to object to how these marketing companies use all our data. The lawsuits allege:
“The company failed to properly identify a method for obtaining a disclosure as to how the company shares its customer’s personal information.”
With the publicity surrounding these lawsuits, other consumers are taking notice and filing their own suits, many of them class-action suits. Before deciding whether to file or not, it’s important to know exactly what S.B.27 is and how it works.
According to S.B. 27, certain companies must disclose how they share their customer’s information each time a customer asks for it. Each time a company receives a request from a customer wanting to know how the company has shared their information with marketers, they must provide the information. This only covers the previous twelve months. In addition, S.B. 27 only allows consumers to make these requests in cases where the customer was not given access to the company’s privacy policies containing opt-out notices.
Not all businesses must meet the terms of S.B. 27. Those affected will have these four things in common:
There are some businesses who are exempt from the bill’s requirements. These include:
Consumers have the right to be notified by the business using a designated contact method such as email, phone, and regular mail. In the notification, the company should outline how it shares the personal information of its customers with other businesses for the purposes of direct marketing.
Notifications can be completed in any one of several ways:
Consumers also have the right to request the following information each year from any California company they do business with:
Companies are required to go into some detail about exactly what customer information they are sharing. They must provide:
For those who wish to contact one or more companies to ask about how their personal information is being used, the Privacy Rights Clearinghouse has drafted a letter that can be used to request this information from any company.
There are legal remedies provided under the law when S.B. 27 is not properly followed. If a company fails to respond to a disclosure request, the customer is entitled to recover a civil penalty of up to $500 per violation. If the court decides that the company was willful, reckless or intentional in not adhering to S.B. 27, those filing lawsuits may be able to get $3,000 per incident. In some cases, the plaintiff’s attorney fees are also included in the award. A suit should be filed within 90 days of learning that an individual’s personal information was bought or sold without the person’s knowledge.