& Compliance
Investigation
& Management
Mullen Coughlin LLC is a law firm uniquely dedicated exclusively to representing organizations facing data privacy events, information security incidents, and the need to address these risks before a crisis hits. Founded by John Mullen, Jennifer Coughlin, Jim Prendergast, and Chris DiIenno, our team of accessible and motivated attorneys have handled thousands of events and possess experience and talent in data breach response, regulatory investigation defense, pre-breach planning and compliance, and privacy and security litigation defense unmatched in the industry.
Yesterday afternoon, July 1, 2026, the California Assembly Committee on Privacy and Consumer Protection passed an amended version of Senate Bill 690, paving the way for significant CIPA reform upon passage of the bill into law later this year. The newly amended bill passed in committee is currently limited to addressing liability under California Penal Code Section 638.51, known as the pen register / trap and trace provision.
As amended, SB690 would restrict CIPA’s private right of action under California Penal Code Section 637.2 so that only the Attorney General could bring actions against persons or entities under Section 638.51 when based on “an internet website, online application, or mobile application.” On its effective date, SB690 will also apply retroactively to any pending claim brought under Section 638.51 filed within the prior two years.
As currently drafted, SB690 is set to become effective as of January 1, 2027, and would cover all pending claims under Section 638.51 filed on or after January 1, 2025.
A broad coalition appeared at the committee hearing to voice their support for SB690. Committee member comments at the hearing indicated that further amendments aimed at curbing other CIPA litigation being pursued by private persons may be considered and added to the bill before the August 31, 2026 deadline for the entire Assembly and Senate to pass SB690 through a floor vote. Further amendments may address claims brought under CIPA Section 631(a), known as the wiretapping provision. Following passage by floor vote, unless signed into law earlier or vetoed by Governor Gavin Newsom, SB690 will become law on September 30, 2026.
Key Takeaways:
– The amendment eliminates a private right of action under the pen register / trap and trace provision (Section 638.51).
– The amendment would retroactively apply to claims filed within the two years prior to the effective date. As currently drafted, the amendment would become effective January 1, 2027, and would retroactively apply to any claims filed on or after January 1, 2025.
– Legislative momentum and a recognition of need for further change appears strong, with broad support and indications that additional amendments—potentially addressing the wiretapping provision under Section 631(a)—may be introduced before final passage.
Businesses should continue to monitor developments closely and assess their risk exposure, particularly with respect to website tracking and communication technologies. For additional information, please contact Kevin Dolan () and Jim Monagle ().
Mullen Coughlin LLC continues its strategic growth by bolstering its international Incident Response (IR) practice with experienced attorney Ambre Cross as Partner in its London office.
“I am delighted to join Mullen Coughlin as a Partner. The Firm’s achievements in the UK cyber market to date, in terms of growth and reputation, are nothing short of remarkable. It is an incredibly exciting time for Mullen Coughlin, and I look forward to contributing to the Firm’s continued strategic growth in the UK,” said Ambre.
As Breach Counsel, Ambre is often called upon to advise on diverse and complex notification and regulatory obligations stemming from a wide range of data privacy and security incidents across the UK, EU, and other international jurisdictions. In addition to her IR practice, Ambre defends organizations in technical and diverse class action, single-plaintiff, and B2B litigation against claims relating to data privacy, protection, and security, as well as represents them in regulatory investigations. She routinely interacts, on behalf of her clients, with numerous UK-based regulatory agencies including the Information Commissioner’s Office (ICO), Financial Conduct Authority (FCA), the Solicitors Regulation Authority (SRA), and the Charity Commission.
Ambre is recognized by Legal 500 UK for her “knowledge and expertise” in highly-specialized areas of law, including cyber law, and she is often invited to speak at national and international conferences on cyber risk.
“I am thrilled to welcome Amber to the team,” said MC UK Managing Partner Cameron Carr. “I know the caliber of lawyer and colleague she is – she combines excellent judgment with a pragmatic, client-focused approach, and I am delighted that she has chosen to join us.”
“Ambre embodies the qualities that have fueled Mullen Coughlin’s growth from the very beginning – sound judgment based in unrivaled experience and an unwavering commitment to client service,” Mullen Coughlin Managing Member Jennifer A. Coughlin adds. “As the cyber landscape continues to evolve, the addition of talent like Ambre’s to our peerless team of skilled attorneys is essential to the Firm’s success. We welcome Ambre to the Firm.”
As part of the IRMI’s free webinar series, Mullen Coughlin Partner Carolyn Purwin Ryan joins Kirsten Mickelson from Gallagher Bassett on the webinar, “Cyber Liability Claims Trends,” on July 21.
Designed for insurance, IT, and other risk management professionals, this presentation provides attendees with valuable insights into today’s cyber risk landscape and the related financial, legal, and operational consequences of data privacy and security incidents. Carolyn provides the latest trends in cyber liability claims such as emerging threats and common vulnerabilities, and best practices to mitigate cyber risk, enhance cybersecurity resilience, and understand cyber insurance.
Learn more and register to attend here.