California’s Proposed New Law (AB 1710) Would Hold Retailers Liable for Data Breaches

Two California legislators have introduced legislation that would require the strictest measures in the nation from online retailers.  Assembly Bill 1710, introduced by Assemblyman Roger Dickinson (D-Sacramento) and Assemblyman Bob Wieckowski (D-Fremont) on April 16, 2014, proposes that retailers be held responsible for certain costs associated with data breach incidents. Coined the Consumer Data Breach Protection Act, AB […]

Every Kiss Begins with…. Sexual Harrassment

Sterling Jewelers, the parent company of Kay Jewelers, and Jared the Galleria of Jewelry has been sued for massive gender discrimination and sexual harassment spanning nearly 15 years.  According to the lawsuit, male employees consistently harassed and discriminated against female employees, who made complaints of verbal harassment, sexual assault, and rape. The class action lawsuit […]

U.S. Dep’t of Civil Rights Settles First Privacy Violation Case against State County Government Over HIPAA Violations

U.S. Dept of Civil Rights Settles First Privacy Violation Case against State County Government Over HIPAA ViolationsOn March 6, 2014, the Department of Health and Human Services’ Office for Civil Rights settled the first known HIPAA violation allegation against a state governmental agency, for $215,000.

The settlement involved the Skagit County Public Health Department in Washington State. Initially, OCR’s investigation focused on potential access of seven individuals’ ePHI on a public County server, which included ePHI related to infectious disease testing and treatment. The investigation later revealed ePHI of approximately 1,600 individuals to be at issue.

The claims at issue not only addressed the improper access, but also the County’s failure to issue proper breach notices and to maintain adequate security measures, going back to as early as 2005.

California law protects victims of breaches of privacy and provides them with an avenue for recovery against perpetrators. The California Confidential Medical Information Act provides plaintiffs with a private right of action against medical providers that disclose their medical information without authorization. Victims of privacy violations involving medical records need to act quickly to preserve their rights by consulting with a HIPAA violation lawyer.

SOOFI | Legal Counsel represents clients in numerous types of privacy violations, including HIPAA/medical information violations, violations by doctors, medical care providers, schools, and employers, violations of name, likeness, and image, right of publicity claims, online / internet privacy violations, and numerous others. SLC’s managing attorney Rabeh M. A. Soofi is recognized as one of the “Top Women Lawyers in Southern California” by SuperLawyers, and has extensive experience as a HIPAA violation / privacy lawyer serving clients throughout California. 

*        *         *

 For information on retaining SOOFI | Legal Counsel to represent you with respect to a privacy violation, contact or call (213) 403-0130 for a confidential consultation. SLC is a Los Angeles, California privacy law firm assisting numerous kinds of clients with a wide array of privacy matters. 

U.S. Dept of Civil Rights Settles First Privacy Violation Case against State County Government Over HIPAA Violations

New Survey Shows Majority of Americans Aggrieved with Retail Data Breaches

New Survey Shows Majority of Americans Aggrieved with Retail Data Breaches

A new survey conducted by Feedzai, a data science company using real-time statistics concludes that the majority of Americans are troubled by the recent date breaches by online retailers, such as Target and Nieman Marcus.

The study was conducted online by Harris Poll on behalf of Feedzai in January 2014 among 2,047 U.S. adults age 18 and older. According to the results:

Who’s to blame?
Among U.S. adults who are aware of any data breaches, 60% believe merchants are responsible for preventing future incidents, while 13% believe responsibility falls on banks.

  • Only 5% of these adults feel it is the consumer’s responsibility, and among males age 18-34, that increases to 10%.
  • 20% of these females age 18-34 believe the government bears the responsibility, while 13% of all those who are aware of any data breaches feel the government is most responsible.

Getting the flu > credit card stolen
It seems many consumers find getting their credit or debit card stolen more aggravating than a number unpleasant activities, and in fact 43% of U.S. adults feel that nothing is more aggravating than theft. The survey also found:

  • 20% of Americans think losing their cell phone is more aggravating than card/debit card data theft; in the Northeast that figure drops to 15%, and it jumps to 30% among females age 18-34
  • 20% feel getting the flu is more aggravating, which jumps to 25% for Americans age 35-44
  • 14% of Americans find being stuck in rush hour traffic more aggravating
  • 13% of Americans found going to the DMV more aggravating, while 12% say serving on jury duty and 11% thought preparing income tax returns was more aggravating than credit/debit card data theft

All eyes on data breaches – and merchants
Consumers took notice of the recent retailer breaches over the holiday season and fraud is top of mind.

  • While the recent data breaches happened in physical stores, over half (52%) of U.S. adults who are aware of any data breaches still believe shopping in a physical store is safer and more secure than shopping online when using debit or credit cards.
  • Over 1 in 5 people (22%) who are aware of any data breach changed their shopping behavior due to recent retail data breaches. The highest proportion of those making a change in shopping behaviors came from those aware of data breaches in the Midwest, with 26% reporting changes, while the lowest proportion of those reporting changes came from those in the West with 19% reporting changes in shopping behavior due to recent data breaches.
  • Nearly 3 in 10 (28%) U.S. adults who are aware of any data breach have stopped shopping at the affected retailers. Among those aged 35-44, the proportion increases to nearly 4 in 10 (36%).

What is old is new again. Cash is back
While memories of an older generation stuffing cold hard cash between their mattresses and in envelopes may seem like the thing of the past… it may not be the case.

  • While 40% of those aware of any data breaches say they started using cash for more of their purchases when shopping, the proportions rise for those aged 18-34 (43%) and those aged 35-44 (45%).
  • 32% of those who are aware of any data breaches aged 65 and older say they are using more cash.

A youthful outlook
Younger generations appear to expect the risk of using credit cards.

  • While over half of those aware of data breaches (51%) believe data breaches are an expected part of the experience when shopping with credit or debit cards, there are sharp distinctions between age groups.
  • Almost 3 in 5 (58%) of those who are aware of data breaches between the age of 18 and 34 believe data breaches are part of the shopping experience, while only 38% of those who are aware of data breaches age 55-64, believe that is true.

Read More:

New Survey Shows Majority of Americans Aggrieved with Retail Data Breaches

College Football Players on Scholarship Deemed “Employees” With Right to Unionize

College Football Players on Scholarship Deemed Employees With Right to Unionize

(Photo credit: Wikipedia)

In an unexpected decision surprising many, including football fans,  Chicago-area NLRB Regional Director Peter Sung Ohr has determined that Northwestern University football players who receive grant-in-aid are in fact employees of the University with the right to organize and form a union.

College sports programs across the country have for years adamantly asserted that student athletes are students, not employees, and that grant, scholarship, or other financial support is student aid, rather than compensation for athletic services. However, in evaluating the case, Ohr concluded that the Northwestern football program eclipsed the athlete’s other obligations, and that the University exercised enough control over football players to render them employees. Specifically, Ohr pointed to the following:

  • The fact that football players are not considered for admission unless and until they are recruited by the head coach;
  • The control exercised by coaches “over nearly every aspect of the players’ private lives” under threat of losing scholarships if they violate rules;
  • The large number of hours devoted to football related activities, which were approximately 40-50 hours per week during the season and 50-60 hours per week during training camp;
  • The fact that players under scholarship may not miss practice or games to attend class.

The Regional Director found that the players are under the University’s “strict and exacting control” throughout the entire year. He noted that football players are expected to adhere to detailed daily itineraries prepared by the coaches that specify “the location, duration, and manner” in which the players carry out their various football duties. Ohr further concluded that, unlike other students, football players are also subject to special rules, restrictions, and policies, including housing restrictions and mandatory study hall if they fail to maintain a certain GPA.

Northwestern has acknowledged the ruling and says it plans to appeal to the NLRB; their deadline to do so is April 9, 2014. Absent success in this challenge, Northwestern University grant-in-aid scholarship recipients in its football program will be entitled to conduct an NLRB election to determine whether they wish to elect a labor organization to represent them in their relationship with the University.

College Football Players on Scholarship Deemed Employees With Right to Unionize

No Fee Cuts for Consumers & Small Business: U.S. Court of Appeals Refuses to Uphold Consumer Debit Card Fee Cuts Mandated by Congress

The nation’s largest banks and federal reserve were dealt another victory last week when a federal appeals court refused to uphold a lower court decision involving cuts to consumer swipe debit card fees.

No Fee Cuts for Consumers & Small Business: U.S. Court of Appeals Refuses to Uphold Consumer Debit Card Fee Cuts Mandated by Congress

English: Photo of Debit Card swipe machine from Rest Stop in Framingham, MA by Brian Katt. (Photo credit: Wikipedia)

As part of the financial regulatory overhaul after the economic crisis, Congress included legislation that intended to put a cap on how much banks could charge retailers when consumers made purchases with debit cards. But they left it to the Federal Reserve to write the rules: The fees were ultimately reduced to about 21 cents a transaction, starting on Oct. 1, 2011, from an average of about 44 cents.

On Friday, March 21, 2014, the U.S. Appeals Court for the District of Columbia issued a ruling refusing to uphold a lower court decision that would have reduced swipe fees for consumers.  “The opinion was a multibillion-dollar gift to the hundred or so largest banks in the country,” said Professor Levitin to the New York Times.  According to Senator Richard J. Durbin, a Democrat from Illinois who wrote the debit card fee legislation, called the ruling a “giveaway to the nation’s most powerful banks and a blow to consumers and small businesses across America.”


No Fee Cuts for Consumers & Small Business: U.S. Court of Appeals Refuses to Uphold Consumer Debit Card Fee Cuts Mandated by Congress

Gay Conversion Therapy Headed for Supreme Court

Gay Conversion Therapy Headed for Supreme Court The lawfulness of gay conversion therapy could headed to the United States Supreme Court for a decision.

Last week, the U.S. Court of Appeals for the Ninth Circuit, which governs appeals for cases arising out of many western states, including California, affirmed a California law that banned “gay conversion therapy,” which prevents counselors and psychologists from trying to change the sexuality of a minor child.

 Liberty Counsel, which represents the conservative groups seeking to overturn the law,  has stated it will ask the Supreme Court to review the case.  Liberty Counsel has filed two similar cases on change therapy in New Jersey after New Jersey passed a similar law  banning state-licensed counselors from trying to help children under 18 reduce or eliminate same-sex attraction.

Similar bills have been proposed in Massachusetts, Maryland, New York, Virginia and Washington.

California Senate Approves Landmark Credit Card Privacy Law

California Senate Approves Landmark Credit Card Privacy LawThe California State Senate has approved a sweeping new online privacy bill, S.B. 383, which takes a huge step towards promoting privacy rights of online shoppers using credit cards for purchases.

The new law prohibits online merchants from storing personal information typically collected as part of the account-creation process.  The gathering of personal information during sales transactions by retail and bricks-and-mortar establishments has long been outlawed in California, but the same prohibitions have not been extended to online purchases, leading to a loophole that has posed threats of fraud and security breaches for online shoppers.   Continue reading

Uber Liability? The Insurance Coverage Dangers of Ride-Sharing Services

Uber Liability? The Insurance Coverage Dangers of Ride Sharing ServicesWhose insurance company protects victims of ride-sharing accidents? For the first time in a long time, novel questions of auto liability insurance coverage are being raised through the growth of ride-sharing apps like Uber, Lyft, Sidecar, or other similar mobile services that connect passengers with drivers of vehicles for hire and offer ridesharing services.

For those of us over the age of 25 or anyone (perhaps willfully) ignorant of the latest crowdsourced venture du jour, a brief introduction to ridesharing services is necessary. The original ridesharing service, Uber, started as a venture-funded start-up and transportation network company founded in San Francisco, California that produces a mobile app connecting passengers to drivers for hire. After Uber received nearly $50 million in funding through groups of angel investors and expanded in major cities across the U.S., several competitors sprung up, including  Lyft, Sidecar, and others.

In the past few months, a problem of insurance coverage has come up due to the occurrence of accidents involving ride-sharing drivers. On New Year’s Eve, January, 2014, a 6-year old girl was killed when an Uber-contracted driver collided with her. Uber completely denied liability, stating that they would not provide coverage because a passenger was not in the driver’s car at the time the accident  happened – meaning, it was not an “official” Uber ride. The accident could have happened on the driver’s way to make a pick-up, between pick-ups, or on a personal trip.  The details are yet unknown.

When accidents happen, the insurance company for the at-fault driver usually picks up and pays for the BI (bodily injury) and PD (property damage) claims. But for ride-sharing services, who is really responsible? The answer may come as a surprise.

In 2012, the California Public Utilities Commission gave Uber and similar transportation network companies a break by allowing them to forego requiring drivers to have commercial liability insurance. However, many personal auto policies do not cover claims for accidents when the driver is transporting passengers. Most policies have exclusions for operation of a vehicle if it is being used “as a public or livery conveyance” – meaning, transporting passengers for pay.  So if Uber disclaims coverage, does not require drivers to have commercial auto coverage, and the coverage falls into an exclusion in the driver’s own personal auto liability policies, who is actually providing the coverage for injured victims? Hearing crickets? Perhaps this article should better be entitled, “More Reasons to Max-Out UIM/UM coverage.”

Unfortunately, drivers who sign up to offer ride-sharing services are often not with the financial means to afford commercial general liability coverage, which can be exponentially higher than personal auto coverage.  Although ride-sharing services are supposed to maintain $1 million of liability insurance, per the requirements of the California Public Utilities Commission, this often does not cover damages to drivers’ cars.  This particular risk affects drivers participating in ride-sharing services, because there is basically no source of insurance funds to pay for repairs to their cars or property damage, if they are hit by an at-fault driver with low or no insurance.

For users of ride-sharing services, the risks of an accident could be amplified due to the apparent lack of solid recourse in the event of a catastrophe. After all, for many ride-sharing services, the terms of use require users to “waive” liability claims. For example, Uber, though founded in San Francisco, has cleverly cast itself as a “Netherlands private limited liability company,” and requires users with any claims against it to sue them in Amsterdam by default.  Good luck with that.  Under its terms of service (which you agree to by using their service, whether you like it or not), Uber also states that users limit Uber’s liability to $500 Euros only. Uber also completely disclaims all liability “in connection with and/or arising from the transportation services provided by the Transportation Provider or any acts, action, behaviour, conduct, and/or negligence on the part of the Transportation Provider.”  So much for corporate responsibility.

Moreover, the usual insurance company suspects that frequently provide auto liability coverage to Americans are also coming up short (anyone surprised?). In a filing with the California Public Utilities Commission in 2012, the Personal Insurance Federation of California, an industry group made up of State Farm, Farmers, Progressive, Allstate, Liberty Mutual, Mercury and Nationwide, said it asked its members to determine how they would treat liability claims in ride-service accidents. In a press release after the CPUC ruling, the Association of California Insurance Companies, a trade association and lobbying group, said, “Both drivers and riders must understand that an accident in a ride-sharing vehicle will not be covered under a personal auto insurance policy.”

All of the foregoing, of course, raises other questions. Are the drivers of ridesharing services  independent contractors or employees? Should drivers who are distracted by the sounds, noises, pings, and notifications on their mobile devices while trying to pick up a ride-sharing passenger be deemed negligent, or should the ride-sharing app bear some responsibility for designing a potentially dangerous product/device? Generally, when victims of an accident are injured by commercial drivers, they sue both the driver as well as the driver’s company.  Can victims of auto accidents involving Uber drivers tack responsibility onto Uber, if it turns out their driver has no valid insurance coverage?  

For the time being, there are no clear or easy answers. Drivers and passengers of ride-sharing apps should all exert caution. As with all matters in the insurance coverage world, with new changes in technology and social developments come new risks, and the great fanfare of offering new insurance policies to sell to unsuspecting citizens is surpassed only by the great labor and energy expended to carefully concoct exclusions with which to deny them.




Uber Liability? The Insurance Coverage Dangers of Ride Sharing Services

Goodbye “Natural” Gatorade, Says Pepsi

PepsiCo is saying goodbye to “natural” Gatorade. Apparently, the “core audience” of Gatorade was not interested in ingredients like sea salt.

PepsiCo has also faced legal challenges over its use of the word “natural.” Last year, it agreed to settle a lawsuit by removing “all natural” from its Naked juice drinks. A lawsuit had challenged the description, saying the drinks contained a synthetic fiber made by Archer Midland Daniels.

Separately, however, PepsiCo has also faced legal challenges over its use of the word “natural.” Last year, it agreed to settle a lawsuit by removing “all natural” from its Naked juice drinks. A lawsuit had challenged the description, saying the drinks contained a synthetic fiber made by Archer Midland Daniels.

A lawsuit filed in California in 2012 also questioned the use of the word “natural” to describe some of Frito-Lay’s chips. This past October, PepsiCo revamped its “Simply Natural” line to be called “Simply,” without “Natural.” A spokesman said the change was part of its updated marketing.

Goodbye Natural Gatorade, Says Pepsi


5670 Wilshire Blvd. - 18th Floor
Los Angeles, CA 90036
PHONE: 213.403.0130
FAX: 213.986.3485

468 N. Camden Drive, Suite 200
Beverly HIlls, CA 90210
PHONE: 213.403.0130
FAX: 213.986.3485


April 2014
« Mar