US Law (local/state/federal)
johnsoncountypost.com
The Lenexa City Council has approved a special permit for a proposed in-home daycare business over the objections of a homeowners association whose bylaws stipulate against it. On Tuesday, the city council voted 5-2 to approve a special use permit for The Learning Playhouse, 8115 Acuff Ln., an in-home daycare that plans to at least temporarily serve up to 12 children. Councilmembers Bill Nicks and Mark Charlton voted in dissent. Councllmember Joe Karlin was absent. The homeowner’s request to open a daycare in her house prompted a vocal protest from the Oak Hill Homes Association, the bylaws for which don’t allow for a business to be run out of a home. Why did the council need to weigh in? The Learning Playhouse is owned by Megan Todd, the applicant and owner of the home out of which the daycare will operate. Todd says her hours will be 7:30 a.m. to 4 p.m., Monday through Friday. Pick-ups and drop-offs would be staggered to avoid congestion in the neighborhood, according to city documents. A home is allowed to operate a daycare center for up to six children without needing a special use permit or city council approval, Stephanie Sullivan, planning manager for Lenexa’s Community Development department, said. It would just need a business permit and state license. Todd has a degree and experience in early childhood education. She told the city council her home has been approved by the Kansas Department of Health and Environment to host a daycare and that she has also gotten requisite approvals from city and state fire marshals. But because Todd planned to serve up to 12 children, she also needed to obtain a special use permit from the city. The owner says the home location will be temporary Speaking before the city council this week, Todd said her daycare business is only expected to be there until she finds a more permanent place to operate. “Granting this permit would allow us to save money and attain our goal of moving into a commercial setting and operate as a small child care center rather than an in-home (center),” she said. “Although dependent on factors of location and affordability, we would like to be operating in a commercially zoned location by next school year.” Todd acknowledged her proposed daycare goes against the HOA’s bylaws, but she said that would be her issue to address with her neighborhood, not the city council’s. “Any repercussions from the HOA or neighbors would be my responsibility to rectify and not the city’s,” Todd said. “This special use permit granted in a temporary capacity will allow me to earn a respectable living for my family while providing a reliable and necessary service to a few of our Lenexa families.” HOA pushes back on daycare plan Highlighting the HOA’s rules against running a business out of someone’s home, Steve Chernoff, President of the Oak Hill Homes Association, made his case to the council to deny the permit. He said he had contacted more than 50 HOAs in Lenexa representing some 10,000 homeowners, all of which gave him “unanimous support” in Oak Hill’s opposition to the plan. He added that other HOA leaders were watching to see what the city would do with this proposal. “They are a little upset that Lenexa would proceed with foresight and disregard reasonable and legally valid deed restrictions,” he said.” They don’t understand how the city of Lenexa, which has benefited greatly by the existence of these HOAs, would disregard their restrictions.” Even if the city council granted the special use permit, Chernoff said that does not mean the HOA would not continue to protest the business being run out of the home. “The applicant is under the impression that approval tonight gives her the final okay to have the business and it trumps the HOA deed restrictions,” he said. “Why would the city of Lenexa allow this to proceed, knowing that the deed restriction in this case is enforceable and require the Oak Hill HOA to spend considerable amount of money in legal proceedings?” City Council said it doesn’t enforce HOA rules While the city recognizes the HOA has rules and restrictions, city council and staff are not in charge of enforcing them, Sean McLaughlin, Lenexa’s city attorney, said. “These are private restrictions,” he said. “We do not interpret, follow and enforce those.” He added, speaking to the city council: “Your role tonight is simply looking at the zoning and looking at what is allowed with this [special use permit].” In the city’s zoning code for single-family residential neighborhoods, Sullivan said, other allowable uses without a special us permit include places of worship, daycare centers with six children or fewer, group homes, public parks and golf courses. A special use permit is required for things such as a cemetery, a daycare center with more than six children, large wireless cellular systems, schools, utilities, public safety and commercial uses of residential property. “I do want to point out, too, in this case, the primary use is still residential,” Sullivan said. “In this case, the homeowner … that’s still living in that house, that’s their primary use of the house. It’s just [the business] would be supplementary.” Two councilmembers voted to deny permit As the council voiced their thoughts on the project, two cast a critical eye to the project. The addition of a daycare center in a residential area would change the character of the neighborhood, Nicks said. Charlton expressed mixed feelings but ultimately voted to deny the special use permit because of the traffic it could bring to the area and the potential dangers it could pose, with the house being on a curve in the road, as well as the driveway having a noticeable incline. “I understand the safety factor that the neighborhood brought up,” he said. “I noticed that right away, when I drove by the incline of the driveway. I don’t think if I was dropping off my kids, that I’d probably would be driving up the driveway.” The city council approves the permit Ultimately, the city council approved the permit, with some councilmembers pointing at that the plan was brought before the council merely because of the number of children. “Had the applicant stayed at six (children) and under, this would not be before us,” Councilmember Chelsea Williamson said. “The city recommending approval of this application with a three-year limit on it, I think allows city staff to monitor it.” There is a need for child care in the area and this business helps address it, Councilmember Courtney Eiterich said. “I know that daycare is really hard to find and is much needed, and given that the owners have stipulated that this is temporary — or hopefully temporary — that this could be mitigated a little differently,” she said. “I do not believe that it is our responsibility to navigate the HOA recommendations, and so I will be supporting this.” What’s next Officials with the Oak Hills Home Association say they are exploring their options, including potentially levying fines against Todd, placing a lien on the house if the fines aren’t paid and restricting her access to the neighborhood pool. “No one really wants to get involved with things like this, where people are knowingly violating deed restrictions that they agreed to,” Chernoff told the Johnson County Post. “We have a seven member board, and no one is real happy about having to deal with this.” Todd could not be reached for additional comment for this story.
wdwnt.com
This is crazy. Disney is claiming that a wrongful death lawsuit cannot go forward (paraphrasing): “sorry, your husband signed up to a Disney+ trial a couple of years ago, hence they accepted T&Cs that clearly stated that any dispute about our products should go through arbitration rather than through courts”. Even if a consumer carefully reads the terms and conditions, how could they reasonably expect the ToS for a video game would affect the terms they are under at a Disney restaurant? That’s fucking nuts. Future parents: “sorry kids, you cannot play that video game because there is an arbitration clause and one day you might want to visit Disney’s amusement parks.” I’ve boycotted Disney for over a decade because of how conservative the corp is and how right-wing extremist they are with politics. IIRC Disney financed the campaign of a politician looking to eliminate background checks on firearms. Indeed, the company who entertains kids is happy to fight against basic gun control. So when Disney pulls a dick move like this arbitration clause it just reinforces the idea that boycotting Disney is the right move. (edit) wow the ups and downs of the votes are interesting. ATM 9 up & 9 down. Can’t help but wonder who are these anti-human people who are happy to lick the corporate boots of Disney.. capitalist fanatics disappointed that people would object to arbitration clauses perversely applied so broadly? I have to wonder if loyal Disney employees are following this thread.
Is there any kind of legal standard of liability when a victim of a data breach suffers from someone exploiting their data? If you are only breached once, obviously it’s easy to point the finger to whoever leaked your data. But I’ve been hit 3 times now. So all those shitty corps who sloppily handled my data can point the finger to each other. Would a court say the most recent sloppy custodian is responsible if my data is used against me? Or would it be the most reckless custodian? Or would it be equal blame? Or does everyone get off the hook when a victim cannot prove which leak leads to an exploit? It’s a hypothetical question. Not saying my data was exploited after the breaches, but I wonder about the overall trend. What I’m getting at is there may be little incentive to actually invest in good data security because when a breach happens amid so many other breaches there is perhaps a diffusion responsibility.
A company I have no business relationship with sent me a breach notice stating that criminals got my data. This company is a supplier to many banks, brokerages, insurance companies, etc. Obviously I want to know which of my banks or insurance companies I am doing business with trusted them with my data. I called and asked. They refused to tell me. But they have made it deliberately complicated. The phone number they gave to breach victims is for a 3rd party call center who knows nothing. So the call center says “we don’t have that info”. Question: do financial/analytics orgs (or whatever the fuck they are) have a legal obligation to provide data breach victims with the SOURCE of the info? Do they have to tell me which of my banks (or whatever) hired them to be a custodian of my data? What rights to data breach victims have? (more background: https://links.hackliberty.org/post/2667522) (update) Thanks for all the useful feedback folks! I guess the question that remains is whether there are any federal laws that require the disclosure I am after. I looked up the law for my state [here](https://web.archive.org/web/20240927000141/https://www.ncsl.org/technology-and-communication/security-breach-notification-laws) and found no law entitling breach victims to be informed of the source of their personal data. It would help to know the law because the AG, CFPB, and FTC will be limited to the law themselves.
The FCRA requires credit bureaus to disclose to consumers the identity of the sources of information in your credit file. Yet if you look at your credit report from any of the 3 major giants (TRU, EFX, EXPN), they list out all addresses, phone numbers, and email addresses with no indication of who fed them that info. If you request that info, they ignore or refuse. The penalty for FCRA violations in that section is $1k. So you might think: “how cool is that? I can simply sue all three credit bureaus for $1k each”. It should work like that, but doesn’t. IIRC, it was a lawyer for a credit bureau who told me in so many words: case law shows that you must incur damages in this particular case. So if you can prove damages, then you can claim $1k (even if the actual damages are $1). But how do you even prove $1 in damages? I have some ideas but generally this is such an uphill battle that credit bureaus can simply bluntly ignore the law. Which is what they do. It’s a good demonstration of how US corporations will plainly break laws that are unenforceable.
According to 15 U.S.C. 7704 §5(a)(5): > INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL ADDRESS IN COMMERCIAL ELECTRONIC MAIL.— > > (A) It is unlawful for any person to initiate the transmission of any commercial electronic mail message to a protected computer unless the message provides— > > (i) clear and conspicuous identification that the message is an advertisement or solicitation; > (ii) clear and conspicuous notice of the opportunity under paragraph (3) to decline to receive further commercial electronic mail messages from the sender; and > (iii) a valid physical postal address of the sender. When my text-based mail client receives an HTML-only email message, it tries to render the HTML as text. It’s sometimes a jumbled up unreadable heap of garbage because the HTML is malformed and relies on a forgiving/tolerant rendering engine. Even when the HTML is well formed, hyperlinks are not exposed in the text rendered. E.g. a msg will say “to unsubscribe and stop receiving emails, update preferences here.” Where is “here”? That is just raw text to me. Sure, an advanced user can do a number of things to dig up that link. But I doubt that would pass the legal standard of “clear and conspicuous”. Anyone have confidence either way whether HTML-only spam is legally actionable on this basis? (update) I should mention the most annoying offenders-- corporate senders (e.g. banks) that attach a plaintext MIME part, but then the motherfuckers use it to just say (in so many words) “You need to update your software”. This makes it extra difficult to see the content of the message because the text mail client of course shows the text MIME part by default.
Some banks have started demanding proof of address when they realize that the address they have on file is “commercial”, e.g. like a UPS Store PMB type of address. How would this play out in court? The law¹ states: > “(i) Customer information required—(A) In general. The CIP must contain procedures for opening an account that specify the identifying information that will be obtained from each customer. Except as permitted by paragraphs (b)(2)(i)(B) and (C) of this section, the bank must obtain, at a minimum,the following information from the customer prior to opening an account: > 1. Name; > 1. Date of birth, for an individual; > 1. Address, which shall be: > (i) For an individual, a residential or **business street address**; > (ii) For an individual who does not have a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another contact individual; or … > 1. Identification number, which shall be: … (emphasis mine) Banks seem to be over-reacting to law that is more lenient than what banks are interpreting. Not only are business addresses allowed, but a bank customer can even supply someone else’s address. The law also seems to distinguish between old customers and new. Yet out of the blue banks are harrassing customers who have had an account for years. They have a gov-issued ID doc and SSN, yet suddenly the banks get anal and persnickety about the address to the extreme of freezing people’s accounts as databases grow (DBs that track the zoning an address is in). Has this been challenged in court? It’s clear from the linked thread that customers either dance for the banks or get their accounts frozen. It could be hard to challenge in court since banks can demand whatever info they want even if not required by law. But if they suddenly close an account that has been established, that could cause damages to the customer. One interpretation is that legislators intended the business address to be that of the customer’s workplace. But the law does not seem to specify that. ¹ 31 C.F.R. § 103.121
Some tax forms ask information that seems to have no effect on the bottom line. No matter how you answer the question, your tax bill is the same either way. In Europe, this sort of thing would violate the data minimization principle of the GDPR. So the question is, what happens to people who either leave the intrusive fields blank, or they give bogus info? I’ve heard that tax penalties are generally `a constant` × `the amount of underpayment`. If underpayment is zero then so is the penalty, correct?
My credit union has been spamming me for years. As the volume of their bulk junk mail increases, I’m looking for a way out. Their email is HTML-only. So my text mail client only renders the raw text “To unsubscribe and stop receiving emails click here”. And “here” is obviously just text because it’s a text terminal. Is that legal? Suppose it is. So I dissect the HTML and fish out the link from a heap of garbage. The link does not go to the credit union’s website (if it did, that would be a non-starter anyway because I canceled my web account when they started blocking Tor). The link goes to a 3rd party site which also blocks Tor. So apparently as a precondition to opting out of spam I must share my personal IP address with a 3rd party agent of spam. Perhaps I can play whack-a-mole with a series of VPNs but I’m not interested. I just want to know if the opt-out procedure can legally be exclusive in this way. Can a legal challenge be mounted that forces them to provide an opt-out mechanism that’s inclusive? The legal text is this: > (ii) clear and conspicuous notice of the opportunity under paragraph (3) to decline to receive further commercial electronic mail messages from the sender; I don’t know the legal meaning of “clear and conspicuous”, so I’m not sure if nesting it in HTML satisfies that requirement. But it’s strange that they must merely give notice of the ***opportunity*** to opt-out, apparently without actually giving the opportunity to opt-out (just notice thereof IIUC).