Tag Archives: CCPA

California Attorney General Releases New Proposed Modifications to California Consumer Privacy Act Regulations

On Monday, the California Attorney General (“AG”) proposed a third set of modifications to the recently enacted California Consumer Privacy Act (“CCPA”) regulations.  Interested parties have until October 28 to file comments in response. These proposed modifications are the latest effort in an extensive rulemaking process that has lasted more than a year.  Most recently, … Continue Reading

California Legislature Adopts CCPA Exemption for Information Deidentified in Accordance with the HIPAA Privacy Rule

On September 1, the California legislature passed AB 713, a bill that creates a new healthcare-related exemption under the California Consumer Privacy Act of 2018 (“CCPA”).  All provisions of the bill will take effect immediately to prevent the CCPA from “negatively impact[ing] certain health-related information and research,” except for the required contractual provisions described below. … Continue Reading

CCPA Update: Final Rulemaking Package Submitted to OAL

The California Attorney General (“AG”) has submitted his proposed final CCPA regulations to the California Office of Administrative Law (“OAL”). The proposed final rules substantively are the same as the draft rules released for public notice on March 11, which we summarized previously here.   However, the AG’s responses to comments and Final Statements of Reasons … Continue Reading

California AG Releases New Draft CCPA Regulations

The California Attorney General has released both clean and redlined versions of proposed modifications to the draft implementing regulations for the California Consumer Privacy Act (“CCPA”). Below is a high-level overview of some key changes: Service Providers. The modified draft restricts a service provider from processing the personal information it receives from a business except … Continue Reading

State Privacy Trends to Watch in 2020

While all eyes are on California following the implementation of the California Consumer Privacy Act (“CCPA”) earlier this month and the start of enforcement later this year, other states are off to the privacy races already.  On Monday, Washington State became the latest entrant with the introduction of a revised Washington Privacy Act. From the … Continue Reading

Four Federal Privacy Trends to Watch in 2020

Heading into the new year, California Consumer Privacy Act (“CCPA”) readiness remains top of mind for many businesses, especially as continued developments, such as the California Attorney General’s forthcoming implementing regulations, may implicate compliance efforts.  State legislation will likely move forward in 2020.  At the same time, however, companies should not lose sight of legislative … Continue Reading

IAPP: ‘Sale’ Under CCPA May Not Be as Scary as You Think

As the effective date of the California Consumer Privacy Act looms closer, companies are grappling with the significance of the law and its definitions. One defined term in particular, “sale,” has sparked heated debate between industry and consumer advocates, and even within the legal profession. While much has been said about this term, more needs … Continue Reading

California Legislature Passes CCPA Amendments and Privacy Bills

Last week, after months of negotiation and speculation, the California legislature passed bills amending the California Consumer Privacy Act (“CCPA”).  This marked the last round of CCPA amendments before the legislature adjourned for the year—and before the CCPA takes effect on January 1, 2020.  California Governor Gavin Newsom has until October 13 to sign the … Continue Reading

New Research Exposes Perils of Bogus Access Requests Under GDPR, With Implications for CCPA

At the Black Hat conference in Las Vegas last week, a security researcher presented his research on using access rights available under the GDPR for identity theft purposes (slides available here; whitepaper available here).  Specifically, the researcher “attempted to steal as much information as possible” about his fiancé by submitting GDPR access requests in her … Continue Reading

Nevada’s New Consumer Privacy Law Departs Significantly From The California CCPA

On May 29, 2019, the Governor of Nevada signed into law Senate Bill 220 (“SB 220”), an act relating to Internet privacy and amending Nevada’s existing law requiring websites and online services to post a privacy notice.  In short, Nevada’s law will require operators of Internet websites and online services to follow a consumer’s direction … Continue Reading
LexBlog