As the year comes to a close, a reminder that the California Consumer Privacy Act requires companies to update their privacy policies annually. Consequently, as you get ready to spread the holiday cheer, make sure your privacy policy gets some attention as well.… Continue Reading
Voters in California approved Proposition 24, which updates the California Consumer Privacy Act (“CCPA”) just a few months after the landmark regulations implementing the privacy law went into effect. As we have previously explained, the California Privacy Rights Act (“CPRA”) will change the existing CCPA requirements in a number of ways, including limiting the sharing … Continue Reading
On Monday, the California Attorney General (“AG”) proposed a third set of modifications to the recently enacted California Consumer Privacy Act (“CCPA”) regulations. Interested parties have until October 28 to file comments in response. These proposed modifications are the latest effort in an extensive rulemaking process that has lasted more than a year. Most recently, … Continue Reading
On September 1, the California legislature passed AB 713, a bill that creates a new healthcare-related exemption under the California Consumer Privacy Act of 2018 (“CCPA”). All provisions of the bill will take effect immediately to prevent the CCPA from “negatively impact[ing] certain health-related information and research,” except for the required contractual provisions described below. … Continue Reading
The California Attorney General (“AG”) has submitted his proposed final CCPA regulations to the California Office of Administrative Law (“OAL”). The proposed final rules substantively are the same as the draft rules released for public notice on March 11, which we summarized previously here. However, the AG’s responses to comments and Final Statements of Reasons … Continue Reading
The California Attorney General has released both clean and redlined versions of proposed modifications to the draft implementing regulations for the California Consumer Privacy Act (“CCPA”). Below is a high-level overview of some key changes: Service Providers. The modified draft restricts a service provider from processing the personal information it receives from a business except … Continue Reading
While all eyes are on California following the implementation of the California Consumer Privacy Act (“CCPA”) earlier this month and the start of enforcement later this year, other states are off to the privacy races already. On Monday, Washington State became the latest entrant with the introduction of a revised Washington Privacy Act. From the … Continue Reading
Heading into the new year, California Consumer Privacy Act (“CCPA”) readiness remains top of mind for many businesses, especially as continued developments, such as the California Attorney General’s forthcoming implementing regulations, may implicate compliance efforts. State legislation will likely move forward in 2020. At the same time, however, companies should not lose sight of legislative … Continue Reading
As the effective date of the California Consumer Privacy Act looms closer, companies are grappling with the significance of the law and its definitions. One defined term in particular, “sale,” has sparked heated debate between industry and consumer advocates, and even within the legal profession. While much has been said about this term, more needs … Continue Reading
Last week, after months of negotiation and speculation, the California legislature passed bills amending the California Consumer Privacy Act (“CCPA”). This marked the last round of CCPA amendments before the legislature adjourned for the year—and before the CCPA takes effect on January 1, 2020. California Governor Gavin Newsom has until October 13 to sign the … Continue Reading
At the Black Hat conference in Las Vegas last week, a security researcher presented his research on using access rights available under the GDPR for identity theft purposes (slides available here; whitepaper available here). Specifically, the researcher “attempted to steal as much information as possible” about his fiancé by submitting GDPR access requests in her … Continue Reading
On May 29, 2019, the Governor of Nevada signed into law Senate Bill 220 (“SB 220”), an act relating to Internet privacy and amending Nevada’s existing law requiring websites and online services to post a privacy notice. In short, Nevada’s law will require operators of Internet websites and online services to follow a consumer’s direction … Continue Reading