Consumer Privacy

Under federal and California law, you have a right to privacy over your personal information. This includes data such as your name, address, email address, social security number, financial information, health information, computer browsing history, and other sensitive information that others can use to identify you. In today’s digital world, companies like retailers, banks, tech platforms, and healthcare providers collect vast amounts of personal data, often without consumers fully understanding how it’s used or shared. In many cases, these companies are violating the law.

When your personal information is mishandled, sold without consent, or improperly disclosed, it can lead to identity theft, financial fraud, or invasive targeted advertising. Fortunately, federal and California laws provide strong protections to safeguard your privacy rights.

What Laws Protect Consumer Privacy?

Several important federal and California statutes protect consumers from privacy violations. Here’s what you need to know:

Video Privacy Protection Act (VPPA)

The VPPA, a federal law enacted in 1988, protects consumers from the unauthorized disclosure of their video viewing or streaming habits. It applies to companies like streaming services, video providers, and online platforms that collect data about the videos you watch. Under the VPPA:

Consent is Required: Companies must obtain your express written consent before sharing your viewing history with third parties.
Right to Sue: If a company violates the VPPA by disclosing your viewing data without permission, you can sue for statutory damages of at least $2,500 per violation, plus attorneys’ fees and other costs.

California Consumer Privacy Act (CCPA)

The CCPA, effective since 2020, is one of the most comprehensive consumer privacy laws in the United States. It gives California residents significant control over their personal information. Key rights under the CCPA include:

Right to Know: You can request details about what personal information a business collects, why it’s collected, and with whom it’s shared or sold.
Right to Delete: You can demand that a business delete your personal information, subject to certain exceptions.
Right to Opt-Out: You can prevent businesses from selling your personal information to third parties.
Right to Sue: If your personal information is exposed in a data breach due to a company’s failure to implement reasonable security measures, you can sue for actual damages or statutory damages of up to $750 per incident, whichever is greater.
Non-Discrimination: Businesses cannot discriminate against you (e.g., by charging higher prices) for exercising your CCPA rights.

California Medical Information Act (CMIA)

The CMIA is a California law that protects the privacy of your medical information held by healthcare providers, health plans, and their contractors. It ensures that sensitive health data, such as medical records, diagnoses, or treatment details, is not disclosed without your authorization. Key provisions of the CMIA include:

Authorization Requirement: Healthcare providers and related entities must obtain your written consent before sharing your medical information, except in specific circumstances like treatment or billing.
Right to Sue: If your medical information is improperly disclosed, you can sue for damages, including actual damages, statutory damages up to $1,000 per violation, and potentially punitive damages up to $3,000 for negligent or willful violations.
Notification of Breaches: If your medical information is compromised in a breach, the responsible entity must notify you promptly.

Other Relevant Laws

California Online Privacy Protection Act (CalOPPA): Requires businesses with websites or online services to post a privacy policy disclosing what personal information is collected and how it’s used or shared.
California’s Shine the Light Law: Allows consumers to request information about how their personal data is shared with third parties for marketing purposes.
Federal Laws: Statutes like the Health Insurance Portability and Accountability Act (HIPAA) and the Children’s Online Privacy Protection Act (COPPA) provide additional protections for health data and children’s privacy, respectively.

________________________________________________

What Should You Do if Your Privacy Rights Are Violated?
If you believe a company has violated your consumer privacy rights, take these steps immediately:

Document the Issue: Keep records of any communications, privacy policies, or evidence showing how your personal information was misused or disclosed.
Exercise Your Rights: Submit requests to the business to know, delete, or opt-out of the sale of your personal information, as allowed under the CCPA/CPRA or other laws.
File a Complaint: Report privacy violations to the California Attorney General or federal agencies like the Federal Trade Commission (FTC).
Hire a Privacy Attorney: Clapp & Lauinger LLP can help you enforce your privacy rights and seek compensation for any harm caused by privacy violations.

About Clapp & Lauinger LLP

For over 30 years, the attorneys at Clapp & Lauinger LLP have been defending the rights of California consumers. We have recovered more than $500 million for our clients through verdicts and settlements. (Results vary based on the specifics of each case, and we cannot guarantee any particular outcome.) We operate on a contingency basis, meaning you pay no attorneys’ fees unless we recover money for you. Contact us today for a free, no-risk consultation to discuss your consumer privacy concerns.