Photo of Craig Cardon

Craig Cardon sits on Sheppard Mullin's Executive Committee and serves as Practice Group Leader of the Privacy and Cybersecurity Practice.

In recent years, website operators have increasingly used chatbots to improve customer engagement and provide customer support. In the past several months, however, the plaintiffs’ bar has expressed concerns about the privacy implications of these chatbots, and has brought a wave of litigation challenging their use under the California Invasion of Privacy Act (CIPA). Continue Reading The Tides are Turning on a Wave of California Privacy Litigation

A New Jersey state trial court has initially weighed in on the issue of whether a retailer violates state law by requesting a customer’s zip code at the point of purchase.  In a case fashioned after the California Supreme Court’s decision in Pineda v. Williams-Sonoma, 51 Cal.4th 524 (Feb. 10, 2011), New Jersey Superior Court Judge Stephan Hansbury has denied a motion to dismiss brought by Harmon Stores, Inc. (Bed, Bath & Beyond), finding that the plaintiff Robert Imbert adequately pled a claim for violation of New Jersey’s Truth in Consumer Contract, Warranty and Notice Act, N.J.S.A. 56:11-17 (“TCCWNA”).   The Court’s ruling allows plaintiff to proceed beyond this initial stage, but no liability has been found.
Continue Reading UnZIPped in New Jersey?

The California Court of Appeal has recently published two new decisions involving data privacy class actions. Both involve claims under the Song-Beverly Credit Card Act. The most recent, Jessica Pineda v. Williams-Sonoma Stores, Inc., 2009 DJDAR 15191, affirmed the judgment against the plaintiff on the grounds that it is not a violation of Song-Beverly to request a zip code during a credit card transaction, even if the zip code is matched with a name to acquire that individual’s address, and that the same conduct is not a serious invasion of privacy where the home address information is publicly available and plaintiff has taken no special steps to protect it. Approximately one month earlier, the same panel held in Susan Powers v. Pottery Barn Inc., (2009) 177 Cal.App.4th 1039, that the federal CAN-SPAM Act does not preempt a Song-Beverly claim based on a request for an email address, and sent the case back to the trial court for further proceedings.
Continue Reading In Two Recent Class Actions, Retailers Get More Clarity On Key Privacy Issues In Song-Beverly Cases – Zip Code O.K., Reverse Lookup O.K., E-mail Address Not Preempted