LinkedIn Corp. must face three related lawsuits alleging it collected the sensitive information of visitors to several health-related websites without their consent in violation of California privacy laws. The individual plaintiffs in two of the proposed class actions adequately pleaded claims of invasion of privacy under the California Constitution and violations of section 632 of the California Invasion of Privacy Act, Judge Edward J. Davila of the US District Court for the Northern District of California said Oct. 10.
What's Changed Under SB 446 Previously, California law required businesses to notify affected individuals of data breaches "without unreasonable delay." Under SB 446, businesses must notify affected individuals within 30 calendar days of discovering or being notified of a data breach. However, the law includes some flexibility to accommodate the practical realities of incident response. Specifically, businesses may delay notification when necessary for legitimate law enforcement purposes or to determine the full scope of the breach and restore the integrity of data systems.
