Topic: CCPA

State of the Union: CCPA and Beyond in 2020

By Jeewon Kim Serrato (US) and Susan Ross (US) on January 13, 2020 Posted in CCPA

Data Protection Report - digital privacy, CCPA and cybersecurity

On New Year’s Day, you may have received emails from numerous companies saying their privacy policies have changed, or noticed a link at the bottom of many companies’ homepages stating “Do Not Sell My Info.” These are two of the more visible requirements of the California Consumer Protection Act (CCPA) and companies are still in … Continue reading

The Privacy Officers’ New Year’s Resolutions

By Marcus Evans (UK) and Janine Regan (UK) on January 6, 2020 Posted in CCPA, Compliance and risk management

Data Protection Report - Norton Rose Fulbright

1. Brace yourself (for export turbulence) 2020 could well be a year of data export turmoil – so brace yourself. The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) (Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems) whilst the General Court of the … Continue reading

Here We Go Again: Another Ballot Initiative for CCPA in 2020

By David Kessler (US) and Susan Ross (US) on December 2, 2019 Posted in CCPA

As companies get ready for the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, compliance is complicated because there are still several moving variables: Draft regulations have been proposed but may not be final until after January 1, 2020. The recent amendments to CCPA include two important exceptions (business-to-business (B2B) and the … Continue reading

California Governor signs all 5 CCPA amendments

By Jeewon Kim Serrato (US) and Susan Ross (US) on October 14, 2019 Posted in CCPA

Norton Rose Fulbright - Data Protection Report blog

On Friday, October 11, 2019, the California Governor signed all five of the California Consumer Privacy Act amendments that were awaiting his signature (AB 25, 874, 1146, 1355, and 1564) as well as an amendment to California’s data breach law (AB 1130). We had previously written about the impact on CCPA if all five amendments … Continue reading

Mic Drop: California AG releases long-awaited CCPA Rulemaking

By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US), Anna Rudawski (US) and Max Kellogg (US) on October 11, 2019 Posted in CCPA, Compliance and risk management

On October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA). The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA. In the press … Continue reading

And then there were five: CCPA amendments pass legislature

By Jeewon Kim Serrato (US) and Susan Ross (US) on September 17, 2019 Posted in CCPA, Compliance and risk management, Enforcement

Executive Summary The wait is over: Only five CCPA amendments made it through the California legislature. The amendments are limited in scope, which means the CCPA will go into effect, largely intact, on January 1, 2020. The California legislative session for 2019 ended on September 13 and the following five amendments to the California Consumer … Continue reading

CCPA: “Wait and see” is not the right approach

By Chris Cwalina (US), David Kessler (US), Steve Roosa (US), Jeewon Kim Serrato (US) and Susan Ross (US) on August 29, 2019 Posted in CCPA, Compliance and risk management

We are seeing companies use many different approaches to the California Consumer Privacy Act (“CCPA”) compliance, but the “wait and see” approach in particular is not advisable. Companies who want to “wait and see” point to the pending amendments to CCPA that are currently working through the California Senate (as we have previously described—see links … Continue reading

One-Month Countdown to Pass CCPA Amendments Begins

By Jeewon Kim Serrato (US) and Susan Ross (US) on August 12, 2019 Posted in CCPA, Compliance and risk management, Enforcement

On August 12, the California legislature returns after its summer recess. Starting with the Senate Appropriations Committee Hearing today, the legislature will now have approximately a month to continue the markups and send California Consumer Privacy Act (CCPA) amendments to the Governor’s desk for signature before the September 13 deadline. As previously reported, any amendment … Continue reading

Back At The Negotiating Table: CCPA Amendments Debate Continues

By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US) and Anna Rudawski (US) on July 16, 2019 Posted in CCPA

In a 12-hour marathon hearing, the California Senate Judiciary Committee on July 9, 2019, debated, struck down, scaled back and put back on the negotiating table key amendments to the California Consumer Privacy Act (“CCPA”). Read below to find out what happened to the much-anticipated “employee exception” bill, “customer loyalty program” bill, and the bill … Continue reading

“What’s cooking” in Sacramento: CCPA’s “employee exception” bill is amended; “publicly available information” exception is broadened, and consumer access rights are clarified

By Jeewon Kim Serrato (US) and Susan Ross (US) on July 3, 2019 Posted in CCPA, Compliance and risk management

This is the Data Protection Report’s eleventh blog post in a series of CCPA blog posts. Stay tuned for additional posts on the CCPA. As America prepares for the Fourth of July holiday weekend, the California legislature continues to work on amending the California Consumer Privacy Act (“CCPA”), as it races to get modifications passed … Continue reading

Nevada, New York and other states follow California’s CCPA

By Jeewon Kim Serrato (US) and Susan Ross (US) on June 6, 2019 Posted in CCPA, Compliance and risk management

The US privacy law landscape continues to shift and evolve as state and federal privacy legislative proposals continue to be debated and become enacted. While CCPA-like bills in Washington and Texas failed to pass, Nevada passed its online privacy amendment and proposals in New York and Washington, DC appear to be gaining momentum.… Continue reading

CCPA: “Attorney General Amendment” Likely Dead

By David Kessler (US), Spencer Persson (US), Steve Roosa (US), Jeewon Kim Serrato (US) and Susan Ross (US) on May 17, 2019 Posted in CCPA, Compliance and risk management

This is the Data Protection Report’s ninth blog post in a series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA. On May 16, 2019, the California Senate Appropriations Committee held a hearing that included S.B. 561, the “Attorney General amendment” to the … Continue reading

GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019

By Jeewon Kim Serrato (US) and Daniel Rosenzweig (US) on February 27, 2019 Posted in CCPA, Compliance and risk management, Enforcement

This is the Data Protection Report’s eighth blog post in series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA. With significant enforcement activity and new laws being enacted or proposed since the start of the year, regulators in the EU and … Continue reading

Comments at CCPA public forum in Los Angeles highlight tensions between businesses and consumer rights groups

By Jeewon Kim Serrato (US) and Arleen Fernandez (US) on January 31, 2019 Posted in CCPA, Compliance and risk management

On January 25, 2019, the California Attorney General’s Office held a public forum in Los Angeles to solicit feedback on the California Consumer Privacy Act of 2018 (“CCPA”) as it prepares to draft regulations which must be adopted on or before July 1, 2020.… Continue reading

California Attorney General’s Office begins CCPA rulemaking process with first public hearing while Congress debates new federal privacy law

By Jeewon Kim Serrato (US) and Arleen Fernandez (US) on January 14, 2019 Posted in CCPA, Compliance and risk management

This is the Data Protection Report’s sixth post in a series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional CCPA posts. The California Consumer Privacy Act of 2018 (“CCPA”), California’s new privacy law which takes effect on January 1, 2020, requires the Attorney General to … Continue reading

CCPA extends “right to deletion” to California residents

By David Kessler (US) and Anna Rudawski (US) on September 27, 2018 Posted in CCPA, Compliance and risk management

This is the Data Protection Report’s fifth post in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional blogs and information about our upcoming webinar on the … Continue reading

California Consumer Privacy Act: Disclosure requirements

By Chris Cwalina (US), Jeewon Kim Serrato (US), Steve Roosa (US) and Tristan Coughlin* (US) on September 11, 2018 Posted in CCPA

This is the Data Protection Report’s fourth blog posts in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA. The California Consumer Privacy … Continue reading

California Consumer Privacy Act: GDPR-like definition of personal information

By Chris Cwalina (US), Jeewon Kim Serrato (US), Steve Roosa (US) and Tristan Coughlin* (US) on August 27, 2018 Posted in CCPA

This is the Data Protection Report’s third blog post in a series of CCPA blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on the CCPA’s broad definition of Personal Information. Stay tuned for additional blogs and information … Continue reading

California Consumer Privacy Act blog series: Covered entities

By Jeewon Kim Serrato (US), Steve Roosa (US) and Alexis Wilpon (US) on August 16, 2018 Posted in CCPA, Compliance and risk management, Regulatory response

This is the Data Protection Report’s second post in a series of blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional posts and information about our upcoming webinar on the CCPA. … Continue reading

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

By Spencer Persson (US), Jeewon Kim Serrato (US), Steve Roosa (US), Arleen Fernandez (US) and Anna Rudawski (US) on June 29, 2018 Posted in CCPA

This is a Data Protection Report post in a series of blog posts that will break down the major elements of the CCPA. Stay tuned for additional CCPA posts. On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to give … Continue reading