Earlier this month the California Privacy Protection Agency (CPPA) held its inaugural public meeting. The CPPA was created under Proposition 24, the California Privacy Rights Act (CPRA), which was approved by California voters on November 3, 2020.
Continue Reading California Privacy Protection Agency Holds First Meeting, Preparing for Upcoming Rulemaking
State Legislatures
Colorado Legislature Passes Comprehensive Consumer Privacy Bill
By Lindsey Tonsager, Jayne Ponder & Libbie Canter on
Colorado is poised to join the growing number of states enacting a comprehensive privacy law. On Monday, June 7, both houses of the legislature passed the Colorado Privacy Act. The bill will now be sent to the Governor for approval.
Continue Reading Colorado Legislature Passes Comprehensive Consumer Privacy Bill
Florida Legislature Considering Comprehensive Privacy Law
By Libbie Canter, Jayne Ponder & Olivia Vega on
Florida may be next state to join the growing number of states with a consumer privacy law, as both chambers of Florida’s legislature are currently considering comprehensive state privacy legislation. Both HB 969 and SB 1734 resemble the California Consumer Privacy Act (“CCPA”), though they contain some notable differences. Florida Governor Ron DeSantis expressed support of these measures, stating that these proposals “finally check these companies’ unfettered ability to profit off our data and ensure the protection of Floridians’ personal and private information.”
Continue Reading Florida Legislature Considering Comprehensive Privacy Law
Virginia Enacts Comprehensive Privacy Law
By Libbie Canter on
On March 2, Virginia Governor Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA), becoming the second U.S. state to enact a comprehensive privacy law (Nevada has enacted an online privacy law, albeit with a narrower scope). As we have previously explained, the VCDPA follows the framework established by the Washington Privacy Act. We recently compared Virginia’s law against other key state privacy frameworks.
Continue Reading Virginia Enacts Comprehensive Privacy Law
Virginia Legislature Passes Comprehensive Privacy Law: The Virginia Consumer Data Protection Act
By Libbie Canter on
Posted in Data Privacy, State Legislatures
The Virginia Consumer Data Protection Act (HB 2307 / SB 1392), introduced in the House of Delegates on January 20, passed both houses of Virginia’s state legislature on February 5 with large bipartisan majorities. This comprehensive privacy bill, which would take effect on January 1, 2023, follows a similar framework as the current version of the Washington Privacy Act (“WPA”), though it differs from the WPA in important respects. We have included a high level summary of some of the bill’s provisions below.
The passage of nearly identical legislation by both chambers of the Virginia legislature positions the Virginia Consumer Data Protection Act to become the nation’s next comprehensive state privacy law. Lawmakers must reconcile the two bills before the end of the session on February 27, and, assuming a reconciled bill passes in both houses, it will be sent to Gov. Ralph Northam to sign into law or veto. If Gov. Northam takes no action, the reconciled bill would become law within seven days or, if there are fewer than seven days remaining in the General Assembly session, or if the General Assembly has adjourned, within thirty days.
Continue Reading Virginia Legislature Passes Comprehensive Privacy Law: The Virginia Consumer Data Protection Act
Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization
By Inside Privacy & Lindsey Tonsager on
Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization
On January 14, 2020, Washington’s State Senate Committee on Environment, Energy & Technology received public testimony about Senate Bill 5062, the “Washington Privacy Act.” Representatives from trade associations, the Attorney General’s Office, and civil rights groups offered recommendations to eliminate perceived loopholes and clarify bill provisions.
This post highlights recurring issues from the public hearing.
Continue Reading Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization
Four Key Cyber Takeaways from The CPRA
By Lindsey Tonsager on
Last year, Californians passed proposition 24, also known as the California Privacy Rights Act (“CPRA”). That law makes several changes to the California Consumer Privacy Act (“CCPA”), including some that relate to an organization’s cybersecurity practices.
Continue Reading Four Key Cyber Takeaways from The CPRA
California Attorney General Releases Fourth Set of Proposed Modifications to California Consumer Privacy Act Regulations
Yesterday, the California Attorney General (“AG”) proposed a fourth set of modifications to the California Consumer Privacy Act regulations. These modifications build on the third set of proposed regulations released by the AG in October, which we discussed here. Interested parties have until December 28 to submit comments in response.
Continue Reading California Attorney General Releases Fourth Set of Proposed Modifications to California Consumer Privacy Act Regulations
Californians Approve Ballot Initiative Modifying the California Consumer Privacy Act
Voters in California approved Proposition 24, which updates the California Consumer Privacy Act (“CCPA”) just a few months after the landmark regulations implementing the privacy law went into effect. As we have previously explained, the California Privacy Rights Act (“CPRA”) will change the existing CCPA requirements in a number of ways, including limiting the sharing of personal information for cross-context behavioral advertising and the use of “sensitive” personal information, as well as creating a new correction right. It also establishes a new agency to enforce California privacy law. The key provisions of the bill will not go into effect until January 1, 2023, providing much-needed time to clarify the details and for businesses to adjust their CCPA compliance approaches to account for the additional requirements.
Continue Reading Californians Approve Ballot Initiative Modifying the California Consumer Privacy Act
California Attorney General Releases New Proposed Modifications to California Consumer Privacy Act Regulations
On Monday, the California Attorney General (“AG”) proposed a third set of modifications to the recently enacted California Consumer Privacy Act (“CCPA”) regulations. Interested parties have until October 28 to file comments in response.
These proposed modifications are the latest effort in an extensive rulemaking process that has lasted more than a year. Most recently, on August 14, the California Office of Administrative Law (“OAL”) formally approved the AG’s initial set of CCPA regulations, which went into effect immediately. In approving the regulations, the OAL deleted five provisions that had been included in the version the AG submitted in June, but indicated that the AG could revise and resubmit those subsections for approval in the future. The latest modifications are largely focused on reviving several of these last-minute removals.
Continue Reading California Attorney General Releases New Proposed Modifications to California Consumer Privacy Act Regulations