Articles Posted in News

by

The California Invasion of Privacy Act (CIPA) is sparking a surge in lawsuits that could profoundly impact businesses with consumer-facing websites. Once focused on law enforcement’s use of “trap and trace” devices, CIPA is now being applied to website tracking technologies like cookies and pixels, exposing companies to significant legal risks. In the article below, JMBM Partner Stuart K. Tubis delves into the key considerations surrounding this trend, the latest court rulings, and practical steps businesses can take to defend against these claims.

California’s Trap and Trace Pen Register Litigation: Key Considerations & How to Respond to a Lawsuit
by Stuart Tubis

The California Invasion of Privacy Act (CIPA) is driving a wave of litigation that could significantly impact businesses with consumer-facing websites. Hundreds of lawsuits have been filed recently alleging that businesses operating in California violated CIPA due to very common software and business practices found on their websites. Initially intended to regulate law enforcement’s use of “trap and trace” devices, plaintiffs now argue that CIPA’s outdated language applies to website tracking tools, such as cookies, pixels, and beacons.

Background on Trap and Trace Provisions

California’s Penal Code Section 638.51 prohibits installing or using a trap and trace device without a court order. A trap and trace device identifies the origin of incoming signals, similar to caller ID but more advanced. Originally, this provision applied only to law enforcement tracking incoming telephone numbers. However, plaintiffs now claim that common online tools also violate the statute by capturing information like IP addresses, geographic data, and browsing habits—data they argue is akin to “dialing, routing, addressing, or signaling information” regulated under CIPA.

The recent lawsuits target businesses across sectors, asserting that website visitor tracking constitutes illegal data collection. Plaintiffs argue that the law’s broad definitions of “trap and trace” devices include online tracking technologies, even though these provisions were designed decades ago with telephones, not the internet, in mind. Many businesses argue this a misapplication of an old law that has no proper application to the internet. Continue reading

by

Bob Braun was recently quoted in an article distributed by the National Institute of Standards and Technology (NIST), evaluating the organization’s recent publication of a three-part guide to securing guest and credit card data at hotels. “This publication analyzes and addresses the challenges common to almost all hotels in creating secure data systems,” he said. “Hotels would be well-advised to incorporate its recommendations in their information protection protocols.”

The guide, Securing Property Management Systems, uses commercially available technology to implement a range of data security strategies, including zero trust architecture, role-based authentication, and tokenization of credit card data. Hotels are attractive targets for attackers seeking sensitive guest or financial data; one industry report ranked the hospitality industry as the third-most frequently compromised, suffering 13% of all incidents in 2019.

Read the full article here.

All three parts of the guide are available as a downloadable PDF here.

by

LOS ANGELES—Jeffer Mangels Butler & Mitchell LLP (JMBM) is pleased to announce that Michael A. Gold, co-chair of JMBM’s Cybersecurity & Privacy Group, has been recognized by the Daily Journal as one of California’s Top Cyber Lawyers.

As reported by the Daily Journal, his clients include companies that operate within large and complex data environments, particularly those with international operations and regulatory challenges.

In the Daily Journal’s profile, Gold said:

“Threats and exploits and hacks are existential problems for companies when they lead to lawsuits and regulatory investigations. Nobody takes this lightly, and part of my job is to help clients see a path forward.”

Read the full profile here.

Gold has been recognized as one of the “Most Influential Lawyers: Digital Media and E-Commerce Law” by the Los Angeles Business Journal, has been designated a “Top Rated Lawyer in Technology Law” by Martindale Hubbell, and was listed in the Daily Journal’s Top 20 Cyber – Artificial Intelligence Lawyers” in 2018. He is the co-publisher of the blog, Cybersecurity Lawyer Forum, a resource for lawyers, executives, boards of directors and IT professionals.

“Michael remains on the forefront of the dynamic cyber and technology issues that continue to impact businesses worldwide,” said Bruce Jeffer, JMBM’s managing partner. “He is a tremendous asset to our clients and to our firm.”