On April 3, at the International Association of Privacy Professionals’ global privacy conference, California Privacy Protection Agency (“CPPA”) Executive Director Ashkan Soltani gave remarks on his agency’s priorities with respect to rulemaking and administrative enforcement of the California Consumer Privacy Act (“CCPA”). Below we provide a few key takeaways:Continue Reading CPPA Executive Director Remarks on Policy and Enforcement Priorities
California Consumer Privacy Act
CPPA Releases Draft Rules on Cybersecurity Audits and Risk Assessments
Ahead of its September 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft regulations on cybersecurity audits and risk assessments. Public comments will be requested once the formal rulemaking process is kicked off. Accordingly, the draft regulations are subject to change. Below are the key takeaways:
Cybersecurity Audits
- New cybersecurity audit
California Privacy Protection Agency Staff Posts Draft Rules Implementing the CPRA
In advance of the June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) staff has posted draft rules implementing the California Privacy Rights Act (CPRA). The draft regulations keep much of the pre-existing California Consumer Privacy Act (CCPA) regulations intact, but modify certain provisions and propose new regulations. A copy of the proposed…
Inside Privacy Audiocast: Episode 4 – A Look into the ACLU of California’s Position on the CPRA
On our fourth episode of our Inside Privacy Audiocast, we are aiming our looking glass at the California Privacy Rights Act, and are joined by guest speaker Jacob Snow, Technology and Civil Liberties Attorney with the American Civil Liberties Union of Northern California.
In September 2019, Alastair Mactaggart, Board Chair and Founder of Californians for…
California AG Releases Draft CCPA Regulations: Round 3
In the latest development in the CCPA saga, the California Attorney General has further modified the draft regulations implementing the California Consumer Privacy Act (“CCPA”). His office’s website posted clean and redlined versions of the new regulations (the “March draft regulations”). Below, please find a summary of some of the most notable changes:
Continue Reading California AG Releases Draft CCPA Regulations: Round 3
California AG Releases New Draft CCPA Regulations
The California Attorney General has released both clean and redlined versions of proposed modifications to the draft implementing regulations for the California Consumer Privacy Act (“CCPA”). Below is a high-level overview of some key changes:
- Service Providers. The modified draft restricts a service provider from processing the personal information it receives from a business except
…
State Privacy Trends to Watch in 2020
While all eyes are on California following the implementation of the California Consumer Privacy Act (“CCPA”) earlier this month and the start of enforcement later this year, other states are off to the privacy races already. On Monday, Washington State became the latest entrant with the introduction of a revised Washington Privacy Act.
From the proposals introduced so far this year in Washington, Virginia, New Hampshire, Illinois, and Nebraska, it is clear that states will continue to follow last year’s trend of varied approaches to state privacy legislation. While there are variations in state proposals, many of the bills seem to fall into three molds.
CCPA Copycats
The first category of proposals closely track the CCPA. Some of these bills, like last year’s Mississippi Consumer Privacy Act, are essentially identical to the CCPA or have minor changes. These bills may lack changes made by the September amendments to the CCPA. For example, the CCPA originally regulated as personal information all information “capable” of being associated with a consumer or household, whereas California’s definition is now tied to information “reasonably capable” of being associated with a consumer or household. The September amendments also eliminated limitations on the scope of publicly available information and added exceptions for employment or business-to-business related data. These differences were notable in the New Hampshire legislation recently introduced, which was otherwise in line with the CCPA.
Continue Reading State Privacy Trends to Watch in 2020
State Legislatures Are Off to the Privacy Races, With New Hampshire in the Lead
While some state legislators are still putting away their holiday decorations, New Hampshire legislators introduced new data privacy legislation, New Hampshire House Bill 1680. The legislation is similar to the California Consumer Privacy Act (which we’ve written extensively about before, including here and here). It grants consumers access, portability, transparency, non-discrimination, deletion, and opt-out-of-sale rights (or opt-into-sale rights for minor consumers) with respect to their personal information.
Notably, NH HB 1680 does not reflect several of the amendments which partially mitigated the constitutional and operational concerns raised by the CCPA. For example, it regulates as personal information all information “capable” of being associated with a consumer or household, whereas California’s definition is now tied to information “reasonably capable” of being associated with a consumer or household. The NH legislation retains limitations on the scope of publicly available information that is excluded from the definition of personal information. By way of other examples, NH HB 1680 does not provide exceptions for employment or business-to-business related data.
Continue Reading State Legislatures Are Off to the Privacy Races, With New Hampshire in the Lead
Four Federal Privacy Trends to Watch in 2020
Heading into the new year, California Consumer Privacy Act (“CCPA”) readiness remains top of mind for many businesses, especially as continued developments, such as the California Attorney General’s forthcoming implementing regulations, may implicate compliance efforts. State legislation will likely move forward in 2020. At the same time, however, companies should not lose sight of legislative proposals at the federal level, which have the potential to reshape the privacy landscape in the United States and even preempt state laws such as the CCPA. The question of whether a federal privacy bill can pass in 2020 remains an open one. But regardless of whether a bill will actually pass, the legislative proposals that are emerging this year likely will shape the contours of federal legislation that could move toward becoming law.
Although the issues of preemption and a private right of action dominated the federal privacy conversation last year, four legislative trends emerged in 2019 that also may become key components of a federal privacy framework:
Continue Reading Four Federal Privacy Trends to Watch in 2020
State Privacy Laws Have the Potential to Haunt Industry
With less than two months until it goes into effect, many practitioners are focused on bringing their programs into compliance with the California Consumer Protection Act (“CCPA”) by January 1, 2020. But the rapid pace of privacy legal developments could continue next year. This past year, five states established studies or task forces to study privacy laws and report back to the legislature before their next session begins. Bills in Washington and Illinois passed one legislative chamber before failing, and their proponents have promised a renewed effort in 2020.
This is the first of a series of blog posts on what states other than California were considering to help you anticipate and prepare for 2020. In total, at least eighteen states considered comprehensive privacy bills this year. This initial blog post — on the heels of Halloween last week — focuses on some of those that are the scariest: bills in New York, Massachusetts, and Maryland.
Continue Reading State Privacy Laws Have the Potential to Haunt Industry