“C” is Not Just for “Cookie” Anymore: CIPA, class actions, and steps to help reduce your company’s CIPA litigation risk

Felicity Slater | Hintze Law PLLC

Felicity Slater (CIPP/US) is an Associate at Hintze Law, an AI, privacy, and security law firm. Felicity has experience with global data protection issues, including data breach notification laws, privacy impact assessments, GDPR, and privacy statements. She was most recently a Policy Fellow at the Future of Privacy Forum, where she performed research and analysis of consumer privacy laws, bills, and regulatory activity on the FPF’s U.S. Legislation team.

Sam Castic | Hintze Law PLLC

Sam Castic is based in Seattle where he is a partner with Hintze Law, an AI, privacy, and security law firm. Sam regularly helps clients to establish, scale, and right-size privacy programs. Sam has more than fifteen years of experience as a privacy leader and lawyer. He previously worked as chief privacy officer for global fintech Blackhawk Network, and as head of privacy for Nordstrom.

Danielle Ocampo | Freeman Mathis & Gary LLP

Danielle A. Ocampo is an Attorney with the Data Security, Privacy & Technology practice group at Freeman Mathis & Gary LLP. Danielle’s practice consists of data privacy and data breach litigation as well as incident response. Danielle is a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals (IAPP) and a member of the California Lawyers Association Privacy Section’s Publications Committee. She recently became an Executive Committee member of the Bar Association of San Francisco Cybersecurity and Privacy Law Section.

Throughout law school at Loyola Marymount University, Danielle interned in-house at Indeed.com and Intuitive Surgical, Inc. focusing on Data Privacy and Cybersecurity matters. Danielle’s first experience in-house was at Edwards Lifesciences as a Los Angeles Intellectual Property Law Association Diversity Fellow. Prior to law school, Danielle was a Business and Administrative Professional at Bayer’s agricultural tech arm The Climate Corporation. Before venturing into the Technology sector, Danielle was a Business Development Coordinator at the multinational law firm Paul Hastings LLP in the Bay Area where she advanced the business initiatives of the Employment Law practice and co-chaired the Asian affinity network for the Palo Alto office. Danielle joined Paul Hastings in 2017 as a Business Development Intern focused on client industry growth at the firm’s Los Angeles office. During this time, Danielle was also a full-time graduate student at the University of Southern California School of Public Policy where she earned her Master of Public Administration degree. Danielle graduated from the University of California Davis cum laude in 2016 with a B.A. double majoring in Political Science and International Relations with a minor in Managerial Economics.

Danielle is currently a member of the Filipino American Bar Association of Northern California. Additionally, since 2020, Danielle has committed herself to serving as Program Director for the National Federation of Filipino-American Associations’ (NaFFAA) Empowering Pilipino Youth through Collaboration (EPYC), a national youth leadership development program and NaFFAA’s strongest initiative. Danielle is passionate about building the pipeline of Filipino-American talent to increase visibility of Filipino-Americans in professional and community spaces, especially within the legal profession.

Session I – CIPA Compliance Strategies | 11:00am – 12:00pm

• Identifying common pitfalls and areas of risk for companies
• How cookies, pixels, and tracking technologies create CIPA risk
• Conducting a tracking technology practice review
• Configuring data tracking technologies transmit
• Implementing ongoing monitoring & governance
• The role of cookie banners
• Privacy notice updates
• Key vendor contracting considerations
• Making the most of consents and notifications
• UX considerations

Break | 12:00pm – 12:10pm

Session II – CIPA Litigation | 12:10pm – 1:10pm

• The California Invasion of Privacy Act (CIPA)
• Key Provisions of CIPA: what constitutes an invasion of privacy?
• Litigation risks of CIPA and related laws
  • Cases that can emerge unlawful use of person, data tracking, data breach class actions, pen registry/trap & trace, wiretapping, VPPA
  • Potential actual and statutory damages
• Dealing with CIPA demand letters and claims
  • Individual demand
  • Arbitration
  • Mass arbitration
  • Class action
  • Defenses
• Recent developments and case studies related to CIPA
  • Latest cases for data tracking