SHINING THE LIGHT ON CALIFORNIA S SHINE THE LIGHT LAW

Similar documents
CREDIT REPAIR ORGANIZATIONS ACT 15 U.S.C et. seq.

CHAPTER 172. C.56:11-28 Short title. 1. This act shall be known and may be cited as the "New Jersey Fair Credit Reporting Act."

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

CREDIT REPAIR SERVICES (California Civil Code et seq.; 15 U.S.C.A et seq.)

Secretary of the Senate. Chief Clerk of the Assembly. Private Secretary of the Governor

16 SB 158/AP. Senate Bill 158 By: Senators Burke of the 11th, Kirk of the 13th, Watson of the 1st, Hill of the 6th and McKoon of the 29th

Credit Repair Organizations Act

NEW YORK CITY FALSE CLAIMS ACT Administrative Code through *

CHAPTER 2--CREDIT REPAIR ORGANIZATIONS SEC REGULATION OF CREDIT REPAIR ORGANIZATIONS.

LFN The New Jersey First Act Residency Requirements for Public Employees. October 21, 2011

Title IV of the Consumer Credit Protection Act (Public Law , 82 Stat. 164) is amended to read as follows:

(1) The term automatic telephone dialing system means equipment which has the capacity

REQUEST FOR PROPOSALS FOR FINANCIAL ADVISORY SERVICES

Case 3:06-cv MJR-DGW Document 526 Filed 07/20/15 Page 1 of 8 Page ID #13631 IN THE UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF ILLINOIS

RULES OF TENNESSEE REGULATORY AUTHORITY CHAPTER TELEPHONE SOLICITATION REGULATIONS - DO NOT CALL REGISTER

TITLE I REDUCTION OF ABUSIVE LITIGATION

California Senate Bill 474 Impact on Owners & Contractors

M E M O R A N D U M. The Policy provides for blackout periods during which you are prohibited from buying or selling Company securities.

GOVERNOR S OFFICE OF BUSINESS AND ECONOMIC DEVELOPMENT

UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Criminal No.:

Reverse Mortgage Specialist

CHAPTER 121 STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS

Legislative Language

Case 3:14-cv AC Document 10 Filed 03/26/14 Page 1 of 14 Page ID#: 43

IX. FLORIDA CONSUMER COLLECTION PRACTICES ACT

SMALL CLAIMS RULES. (d) Record of Proceedings. A record shall be made of all small claims court proceedings.

CALIFORNIA FALSE CLAIMS ACT GOVERNMENT CODE SECTION

AN ACT IN THE COUNCIL OF THE DISTRICT OF COLUMBIA

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF CALIFORNIA

IN THE UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF WEST VIRGINIA PARKERSBURG DIVISION. v. CIVIL ACTION NO. 6:

47 USC 228. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see

Department, Board, Or Commission Author Bill Number

YOUR DUTIES UNDER THE FAIR CREDIT REPORTING ACT

JPMorgan Chase & Co. 1 Chase Manhattan Plaza, Floor 25 New York, NY Telephone: (212) Facsimile: (212) Jay.soloway@chase.

IN THE SUPERIOR COURT OF DEKALB COUNTY STATE OF GEORGIA

UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA

EOPTION ELECTRONIC ACCESS AND TRADING AGREEMENT

APPENDIX A that is not acceptable. Arbitration settled by arbitration arbitration shall be held in New Jersey substantive law of New Jersey

51ST LEGISLATURE - STATE OF NEW MEXICO - FIRST SESSION, 2013

CERTIFICATE OF FORMATION EXAMPLE

Important Information about Procedures for Opening a New Account

Be it enacted by the People of the State of Illinois,

TITLE III CROWDFUNDING

COLORADO INDEPENDENT ETHICS COMMISSION S TRIAL BRIEF

IN THE UNITED STATES DISTRICT COURT FOR NORTHERN DISTRICT OF TEXAS DALLAS DIVISION

Please read and execute the attached Los Angeles World Airports (LAWA) Non-Disclosure Agreement (NDA).

A GUIDE TO FILING FOR BANKRUPTCY PROTECTION UNDER CHAPTER 7 OF THE BANKRUPTCY CODE

GENERAL ASSEMBLY OF NORTH CAROLINA 1987 SESSION CHAPTER 310 SENATE BILL 310

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2015 H 1 HOUSE BILL 741. Short Title: Shift Workers' Bill of Rights. (Public)

Municipal Lobbying Ordinance

History: Add. 1971, Act 19, Imd. Eff. May 5, 1971; Am. 1976, Act 89, Imd. Eff. Apr. 17, 1976.

Chase Lincoln Realty & Property Management Company 7045 Summer Place Charlotte, NC Phone: , Fax:

1 Entity Account Owner Information (You must provide all requested information or the Account cannot be opened.)

BUSINESS ASSOCIATE AGREEMENT

Regular Session, ACT No To amend and reenact R.S. 9:3573.1, (A), (1), (8), (9) and (10), ,

ASSEMBLY BILL No. 597

Plaintiff Carol Parker ( Plaintiff ), residing at 32 Coleman Way, Jackson, NJ 08527, by her undersigned counsel, alleges the following upon personal

BUSINESS LAW SECTION

HP0868, LD 1187, item 1, 123rd Maine State Legislature An Act To Recoup Health Care Funds through the Maine False Claims Act

IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF ILLINOIS, EASTERN DIVISION

Errors and Omissions Insurance. 1.0 Introduction and Definition

FINAL JUDGMENT BY CONSENT

SEC Finalizes Investment Adviser Pay-to-Play Rules

Construction Defect Action Reform Act

AGREEMENT FOR FINANCIAL AND ACCOUNTING CONSULTATION SERVICES

Senate Bill No. 962 CHAPTER 517

PROFESSIONAL/CONSULTING SERVICES AGREEMENT

Case3:11-cv RS Document34 Filed07/28/11 Page1 of 8

SOLICITATION AGREEMENT

Liability of Volunteer Directors of Nonprofit Corporations (10/02)


STATE OF CALIFORNIA DEPARTMENT OF BUSINESS OVERSIGHT

No. Plaintiff Kelvin Bledsoe ( Plaintiff ), by his undersigned counsel, brings claims

Broward County False Claims Ordinance. (a) This article shall be known and may be cited as the Broward County False Claims Ordinance.

Defensive Strategies in False Marking Suits After Stauffer and Pequignot

SB 588. Employment: nonpayment of wages: Labor Commissioner: judgment enforcement.

Chief Clerk of the Assembly. Secretary of the Senate. Private Secretary of the Governor

LOUISIANA REVISED STATUTES TITLE 9. CIVIL CODE BOOK III OF THE DIFFERENT MODES OF ACQUIRING THE OWNERSHIP OF THINGS CODE TITLE VII SALE

Page 1417 TITLE 12 BANKS AND BANKING 2802

FOR PROPERTY LOSS AND DAMAGE 1

Case 2:14-cv CW-BCW Document 62 Filed 10/20/14 Page 1 of 6

CALIFORNIA LEMON LAW SUMMARY

ADDENDUM TO THE BLACKBERRY SOLUTION LICENSE AGREEMENT FOR BLACKBERRY BUSINESS CLOUD SERVICES FOR MICROSOFT OFFICE 365 ( the ADDENDUM )

Case 3:14-cv H-JMA Document 1 Filed 03/24/14 Page 1 of 11. UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF CALIFORNIA Case No.

Business Credit Consulting Agreement

MIAMI-DADE COUNTY SINGLE EXECUTION AFFIDAVIT AND DECLARATION FORM Rev. November, 2014

CONTENT LICENSE & PHOTOGRAPER REPRENTATION AGREEMENT

Transcription:

SHINING THE LIGHT ON CALIFORNIA S SHINE THE LIGHT LAW BY MICHAEL R. GEROE AND J. KEITH BIANCAMANO This article is a primer for legal counsel advising businesses in California that sell, market or communicate with customers over the Internet. In light of recent plaintiff activity, companies with customers in California could soon face class action suits seeking significant sums in statutory damages, attorney s fees and costs under California s Shine the Light law, 1 a part of California s Consumer Records Act. 2 The Shine the Light law, enacted Jan. 1, 2005, was designed to protect California consumers private information by requiring businesses to disclose certain types of customer information they have shared with third-party companies and the identities of those third-party companies. 3 Although the Shine the Light law has existed for several years, many businesses have failed to comply with the requirements set forth in the statute, sharing consumers personal information to third parties without making the requisite disclosure. 4 This behavior has been understandable, and even economically practical, as very few consumers have instituted a civil action to recover damages under the Shine the Light statute. This may be due, in part, to the fact that many consumers are unaware that companies regularly sell customer personal information to thirdparty businesses. 5

ACC Docket 65 September 2012

So, why should this littleknown and sparsely litigated provision be important to most businesses now? In recent months, there has been a dramatic spike in the number of civil actions brought pursuant to the Shine the Light law, with multiple class action claims filed weekly. 6 Further, statutory penalties could be large. Although the issue has not been heavily litigated, each plaintiff has the right to institute a civil action seeking $500 for each year (since the statute s enactment) that a company did not provide the plaintiff with the requisite statutory disclosure and, where such failure was willful, the penalty rises to $3,000 for each violation. 7 In addition, prevailing plaintiffs in any action commenced under the Shine the Light law are entitled to recover their reasonable attorney s fees and costs. 8 In a class action context, it is often these fees and costs that constitute the bulk of an award. Thus, companies that have failed to comply with the statute MICHAEL R. GEROE is senior vice president, general counsel and secretary of Adknowledge, Inc., a technology company that helps businesses advertise online. He can be contacted at mgeroe@adknowledge.com. J. KEITH BIANCAMANO is a partner in Gibson, Dunn & Crutcher s Corporate Department. Biancamano has extensive experience advising public and private companies in all industries, with particular expertise in the technology, internet and energy sectors. He can be contacted at kbiancamano@gibsondunn.com. The authors thank Marc Collier, an associate at Gibson, Dunn & Crutcher, for his time and assistance in preparing this article. This article does not represent a statement of the views or opinions of Adknowledge, Inc. or any of the clients of Gibson, Dunn & Crutcher, on the subject matter contained herein. could face class action suits demanding damages totaling millions of dollars. Fortunately, the statute is relatively easy to comply with, and companies may avoid liability under California s law if they follow the steps set forth below. Illuminating the details of the Shine the Light law Applicability: Which companies are subject to the Shine the Light law? The Shine the Light law applies to most for-profit and nonprofit businesses that know or have reason to know that personal information obtained from their customers will: (1) be disclosed to a third party, including those businesses affiliates; and (2) be used for direct marketing purposes by that third party. For a better sense of the statute s scope, some of its key terms are described below. Personal information: The requirements of the statute are only triggered if a company reveals its customers personal information, defined as any information that, when it was disclosed, identified, described or was able to be associated with an individual. Such information includes, but is not limited to, the customer s name, address, email address, date of birth, race, religion, medical condition, credit card number, debit card number and bank account. 9 Customer: This term refers to an individual (i.e., a natural person) who is a resident of California and provides personal information to a business at the creation of, or throughout the duration of, an established business relationship. 10 Established business relationship: This term is quite expansive and encompasses any relationship formed by a voluntary, two-way communication between a business and a customer, with or without an exchange of consideration, for the purpose of purchasing, renting or leasing real or personal property. 11 Third party: This term refers to: 1. a business that is a separate legal entity from the business that has an established business relationship with a customer; 2. a business not affiliated by a common ownership or corporate control with the business required to comply with the statute; or 3. a business that has access to a database of customers personal information that is shared among businesses, if that business is authorized to use the database for direct marketing purposes. 12 However, where personal information has been shared with an affiliated business that shares the same name brand as the company required to comply with the statute, only disclosures pertaining to a select few categories of information trigger the requirements of the statute. These information categories relate to information about the customer s children, including the age, gender, height, religion, weight, telephone number and email address of the customer s children. 13 Direct marketing purposes: The statute defines this term as the use of personal information to solicit or induce a purchase, rental, lease or exchange of products directly to individuals by means of the mail, telephone or email for their personal, family or household purposes. 14 If your company has made disclosures that would cause it to fall within the statute, it must comply with the Shine the Light law s requirements, unless it meets one of the exemptions discussed below. Exemptions: Which businesses (or activities) are exempt from the Shine the Light law? Although the reach of the Shine the Light law is expansive, certain acts and entities are exempt from its provisions. First, as discussed above, only disclosures related to certain types of personal information trigger the statute s requirements. Disclosures of personal information that do not trigger the statute include: 1. information disclosed for electronic storage purposes; 2. information used for maintaining or servicing business accounts; ACC Docket 66 September 2012

3. public information related to the right, title or interest in real property, where such information was not provided directly by the customer to the company during an established business relationship; 4. information disclosed to third parties for the joint offering of a product or service, if certain conditions apply; 5. information disclosed to a consumer reporting agency regarding a customer s payment history, provided the information will be used in, or used to generate, a consumer report (where the use of the information is limited by the federal Fair Credit Reporting Act, 15 U.S.C. Sec. 1681 et seq.); and 6. information disclosed to a financial institution solely for the purpose of obtaining payment for a transaction, even if the company knows that the third-party financial institution has used the personal information for its direct marketing purposes. 15 Second, businesses with fewer than 20 full-time or part-time employees, including employees located outside of California, are exempt from the Shine the Light law. 16 Third, financial institutions subject to the California Financial Information Privacy Act (Sec. 4050 et seq. of the California Financial Code) are not subject to the Shine the Light law, provided those financial institutions comply with certain sections of the California Financial Code. 17 Fourth, businesses may adopt an opt-in/opt-out policy where customers are given a choice as to whether they wish to permit company disclosure of their personal information. Adopting such a policy exempts the business from the specific disclosure requirements of the statute. What are the specific requirements of the Shine the Light law? The Shine the Light law requires a business to disclose, upon a customer s request (which a customer may make only once per calendar year), the following information: (1) the types of personal information the company shared with third parties for the third parties direct marketing purposes during the immediately preceding calendar year; and (2) the identities of the companies with which the company shared the information. 18 To effect the required disclosure, a company must designate a specific postal address, email address, or toll-free phone or fax number that customers may use to request the required information regarding disclosure of customers personal information to third parties in the preceding calendar year. 19 Further, each business must use one of the following methods to assist customers in finding the company s designated address for receiving customer requests: 1. Educate or train the company s agents and managers who have non-incidental customer contact to advise customers of the company s designated address for receiving customer requests; 20 2. Create a link on the home page of the company s website titled Your Privacy Rights or add the words Your Privacy Rights or Your California Privacy Rights to the home page s link to the company s privacy policy. Companies utilizing any of these options must meet the following requirements: (a) the first web page shown after clicking on the link must describe customers rights under the Shine the Light law, and (b) the page must set forth the company s designated address for receiving customer requests; 21 or 3. Make the designated method of receiving customer requests, or the means to find the company s designated address for receiving customer requests, available at every California place of business where the company or its agents have regular contact with customers. 22 Companies are not required or expected to use any particular method to assist customers in finding the designated address for receiving customer requests. Further, companies may, at their discretion, utilize all three methods. However, companies without a physical presence in California may only comply with the statute through (1) and (2) noted above. 23 This would apply, for example, to Internet-based companies lacking California brick-andmortar locations. 24 Companies that receive a customer request through their designated address must provide the information required by the statute within 30 days of receiving that request. Generally, if a company receives a customer request at an address other than the company s designated address, the company must respond to that request in a reasonable period, not exceeding 150 days from the date the company received the request. 25 However, if a company utilized option (2) above and added the words Your California Privacy Rights to the home page s link to the company s privacy policy, the company does not have to respond to requests received at addresses other than the company s designated address. How should companies comply with the law? Companies seeking to avoid liability under California s Shine the Light law should take one, or all, of the following steps: 1. Establish a designated mailing address, email address or toll-free number where interested customers may obtain the statutorily required ACC Docket 68 September 2012

ACC Extras on Consumer Data Protection ACC Docket Legal Considerations in Migrating to the Cloud (Dec. 2011). www.acc.com/docket/consider-cloud_dec11 A Balancing Act: Protecting Customer Interests and Privacy Online (Sept. 2010). www.acc.com/docket/priv-online_sep10 Protecting Your Customers: Solutions to New Privacy and Security Regulations (June 2010). www.acc.com/docket/p&s-reg_jun10 Quick Reference Data Privacy Survey (Sept. 2010). www.acc.com/quickref/data-survey_sep10 Leading Practices Profile Leading Practices in Privacy and Data Protection: What Companies Are Doing (Aug. 2010). www.acc.com/priv&dataprotect_aug10 ACC has more material on this subject on our website. Visit www.acc.com, where you can browse our resources by practice area or search by keyword. What are the consequences of failing to comply with the Shine the Light law? Covered companies that fail to provide their customers with the requisite disclosures mandated by the statute face civil penalties of $500 (or $3,000 if the violation of the statute is willful) in each instance a customer request was made and the company did not adequately respond, provided that there is a limit of one violation per customer per year. 28 Except as to willful violations of the statute, companies that did not provide all the information required by the statute, provided inaccurate information or did not meet the time requirements may, as a defense to a civil action, assert that they provided all the information (or accurate information, where applicable) to all customers who were provided incomplete (or inaccurate information, where applicable) within 90 days of the date the companies knew they failed to properly provide the information. 29 It is clear that any major liability arising from the statute would be the result of a class action suit. The scope of customers class action rights under the statute has not been thoroughly addressed by California courts. Injured customers may be able to bring class action suits, as no provisions of the Shine the Light law prohibit such action. An initial court ruling implies that class actions may be brought under the statute, provided the plaintiffs can prove standinformation (i.e., categories of personal information disclosed to third parties and identities of those third-party entities). Further, companies should direct customers to the designated address by: providing a link to the address on the company s home page; providing the information as to how to find the company s designated address at each of the company s brick-and-mortar California locations, if any, where its agents regularly have customer contact; or instructing all company agents who have direct contact with customers on how to direct customers to the company s designated address. 2. Adopt and disclose, in the company s privacy policy, (a) a policy of not disclosing personal information of customers to third parties unless the customer first affirmatively agrees to that disclosure, or (b) a policy of not disclosing the personal information of customers to third parties if the customer has exercised an option that prevents that information from being disclosed to third parties. Additionally, companies must direct their customers to such policy and allow the customers to exercise their right to opt in/out without cost. 26 3. If providing information to third parties for purposes other than direct marketing, companies should closely monitor the use of said personal information. As discussed above, the Shine the Light law permits the sharing of customer personal information with third parties for nonmarketing purposes. Companies that originally entered into agreements with third parties to share customer personal information in a permissible manner may unintentionally become subject to this law if those third parties use that information for direct marketing purposes. To prevent this, companies should closely monitor third-party use of any customer personal information they provide to third parties. They should consider including indemnity provisions in relevant agreements that would require the recipient of any such information to indemnify the company if the company is subject to liability under the statute, due to the manner in which the third party uses the disclosed information. Certain financial institutions subject to the Gramm- Leach Bliley Act may comply with the Shine the Light law by providing customers with disclosures of such financial institutions policies and practices, provided the disclosures comply with the Shine the Light law. 27 Discussion of this Act is beyond the scope of this article. ACC Docket 70 September 2012

ing by showing they have been injured by a violation of the statute. 30 However, the Shine the Light law only provides customers, California residents with an established business relationship with the company, the right to institute a civil action. Limiting the civil action right to California residents may: (1) preclude plaintiffs from obtaining class certification by requiring that each plaintiff prove California residency, likely an inherently individualized question requiring each plaintiff to show intent to remain domiciled in California for an indefinite period; 31 and (2) if the class is certified, reduce the potential size of any class. As only one court decision has been made, it is difficult to predict whether California courts will permit class actions under the statute and, more importantly, the ultimate potential liability companies could face. There are several filed class action claims pending, however, which may decide this issue. As information and data technology plays a greater role in business, the legal ramifications of its use will only grow and become that much more consequential to the everyday operations of companies. It is vital that businesses stay current with and fully aware of the rapid developments in this area of the law. Have a comment on this article? Visit ACC s blog at www.inhouseaccess.com/articles/acc-docket. NOTES 1 Cal. Civ. Code 1798.83. 2 Cal. Civ. Code 1798.80 et. seq. 3 Senator Liz Figueroa, California Senate, Judiciary Committee, SB 27 Senate Bill Analysis, California State Senate, 5 (Sept. 16, 2003), available at http://info.sen.ca.gov/pub/03-04/bill/sen/ sb_0001-0050/sb_27_cfa_20030916_115403_sen_comm.html. 4 Lauren Thomas & Chris Jay Hoofnagle, Exploring Information Sharing Through California s Shine the Light Law (Aug. 13, 2009) (unpublished thesis, Louisiana State University) (on file with author), available at http://ssrn.com/abstract=1448365; Chris Jay Hoofnagle & Jennifer King, Consumer Information Sharing: Where the Sun Still Don t Shine, (Dec. 17, 2007) (unpublished manuscript) (on file with author), available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1137990. 5 Joseph Turow, Lauren Feldman & Kimberly Meltzer, Annenberg Pub. Policy Ctr. of the Univ. of Pa., Open to Exploitation: America s Shoppers Online and Offline (2005), available at http://repository.upenn.edu/asc_papers/35/. 6 According to Courthouse News, nine class action complaints brought pursuant to the Shine the Light law were filed between Dec. 22, 2011, and Jan. 27, 2012. 7 Cal. Civ. Code 1798.84(c). There have been very few cases litigated under the Shine the Light law, and it is unclear how courts will interpret the meaning of violation set forth in Cal. Civ. Code 1798.84. To date, plaintiffs have interpreted violation consistent with the description in the text above. See Class Action Complaint at 3, Baxter v. Rodale, Inc., No. CV 12-0585 (C.D. Cal. filed Jan. 23, 2012). However, an early ruling indicates that courts may interpret a violation of the statute to have occurred only when a customer has actually requested the company disclose its personal information and the company fails to do so in the statutorily allotted timeframe. See Boorstein v. Men s Journal LLC, No. 12-cv-00771-DSF-E, 2012 WL 2152815 (C.D. Cal. June 14, 2012). This latter interpretation would likely reduce the number of violations found under the statute and greatly reduce a company s potential liability. 8 Cal. Civ. Code 1798.84(g). 9 Cal. Civ. Code 1798.83(e)(7). 10 Cal. Civ. Code 1798.83(e)(1). 11 Cal. Civ. Code 1798.83(e)(5). 12 Cal. Civ. Code 1798.83(e)(8). 13 Cal. Civ. Code 1798.83(f). 14 Cal. Civ. Code 1798.83(e)(2). 15 See Cal. Civ. Code 1798.83(d). This provision is silent as to whether businesses are exempt from the Shine the Light law if they know or have reason to know that a financial institution will use customers personal information in the future. 16 Cal. Civ. Code 1798.83(c)(1). 17 Cal. Civ. Code 1798.83(h). 18 Cal. Civ. Code 1798.83(a)(1)-(2). 19 Cal. Civ. Code 1798.83(b)(1). 20 Cal. Civ. Code 1798.83(b)(1)(A) 21 Cal. Civ. Code 1798.83(b)(1)(B). 22 Cal. Civ. Code 1798.83(b)(1)(C). 23 Certain financial institutions subject to the Gramm-Leach Bliley Act may comply with the Shine the Light law by providing customers with disclosures mandated by 6803 of Title 15 of the United States Code, provided those disclosures comply with the Shine the Light law. 24 Internet companies are the most vulnerable, as it is easy for a litigious plaintiff s attorney to check a company s website for the presence (or lack thereof) of a link to the statutorily required address for customer requests. 25 Cal. Civ. Code 1798.83(b)(1)(B). 26 Cal. Civ. Code 1798.83(c)(2). 27 6803 of Title 15 of the United States Code. 28 It should be noted that this statute has not been heavily litigated and courts may ultimately hold that violation, as set forth in the statute, shall be construed in a manner differing from that described above. 29 Cal. Civ. Code 1798.84(d). 30 See Boorstein v. Men s Journal LLC, No. 12-cv-00771-DSF-E, 2012 WL 2152815 (C.D. Cal. June 14, 2012). 31 See Robert J. Herrington, Protecting Your Company from the Latest Threat Class Actions Under the California Shine the Light Law, Nat l L. Rev., Jan. 16, 2012, www.natlawreview. com/article/protecting-your-company-latest-threat-class-ac. ACC Docket 72 September 2012