Litigants traditionally look to the rules of civil procedure in order to get discovery in a litigation. Plaintiff’s attorneys have, however, begun to try to circumvent restrictions within the discovery rules that are designed to limit the number, type, and timing of information requests, by sending out “access requests” on behalf of their clients under the California Consumer Privacy Act (CCPA).
Nothing within the legislative history of the CCPA suggests that it was intended to replace or supplant the discovery process set forth in the Federal Rules of Civil Procedure and in the California Code of Civil Procedure. Furthermore, one interpretation might be that forcing a civil litigant to disclose personal information outside of judicially proscribed and monitored discovery processes could improperly “restrict a business’ ability to . . . [e]xercise or defend legal claims” and, thus, would exceed the scope of the CCPA.[1]
The Office of the California Attorney General was asked to confirm that access requests could not be used in lieu of discovery in litigation. The Attorney General chose to respond that there is no explicit “exception allowing businesses to refuse to respond to a verifiable request by a consumer for that consumer’s personal information while litigation is pending or allowing the business to deny a consumer request on the basis that the business suspects the request was made in lieu of discovery.”[2] Ultimately California courts will have to determine whether access requests can be utilized as a means of bypassing traditional discovery procedures.
[1] Cal. Civ. Code 1798.145(a)(5).
[2] FSOR Appendix A at 306 (Response 911).