Posted in CCPA
On December 10, 2020, the California Attorney General proposed a fourth set of modifications to the California Consumer Privacy Act (CCPA) regulations, in response to comments received regarding the October proposed modifications. (We had written about the October proposals here.)… Continue Reading
Posted in CCPA
The US elections on November 3, 2020 included three states with privacy-related ballot initiatives: California, Massachusetts, and Michigan. Voters supported all three initiatives.… Continue Reading
Posted in CCPA, Compliance and risk management
The California Attorney General has just issued some proposed revisions to the California Consumer Privacy Act (CCPA) regulations and our readers may be surprised by one of the proposed changes. You may recall that California’s Office of Administrative Law (OAL) had rejected some the proposed CCPA regulations during the summer, but accepted most of them. The accepted regulations became final on August 14, 2020.
The proposed regulatory changes from October 12 are available at www.oag.ca.gov/privacy/ccpa/current The proposed changes would affect four sections of the CCPA regulations, but the one most likely to affect our readers is this one:
Posted in CCPA
Although the bill to amend the California Consumer Privacy Act (CCPA) to extend the so-called “B-to-B” and “employee” exceptions for one more year has garnered many headlines, the California legislature passed a second CCPA amendment (AB 713) that will be of interest to anyone involved in medical research as the new bill would ease some CCPA restrictions on research. The changes pertaining to healthcare data are expected to pass and are clearly responsive to additional needs to share information and conduct research on potential treatments and vaccines for the ongoing COVID pandemic. The bill has been sent to … Continue Reading
Posted in CCPA
On February 7, 2020, and again on March 11, 2020, the Office of the Attorney General (OAG) issued revisions to the proposed California Consumer Privacy Act (CCPA) regulations, and there are some surprises in both the additions and in the deletions. For the CCPA regulations to become effective on July 1, the final regulation text must be filed with the Secretary of State by May 29.
Click here for the text of modified regulations. Our white paper with a summary of the changes is available for download here.… Continue Reading
Posted in CCPA
On New Year’s Day, you may have received emails from numerous companies saying their privacy policies have changed, or noticed a link at the bottom of many companies’ homepages stating “Do Not Sell My Info.” These are two of the more visible requirements of the California Consumer Protection Act (CCPA) and companies are still in the process of rolling out other requirements. For those of you that are in the EU or doing business with companies that offer products or services to EU residents, this might have felt like the movie “Groundhog Day.”
To understand the various approaches to CCPA … Continue Reading
Posted in CCPA, Compliance and risk management
2020 could well be a year of data export turmoil – so brace yourself.
The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) (Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission).
The Advocate General (AG) delivered his non-binding opinion on the SCCs just before Christmas (see our blog post). Although the AG’s view was that the SCCs are valid, … Continue Reading
Posted in CCPAAs companies get ready for the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, compliance is complicated because there are still several moving variables:
Posted in CCPAOn Friday, October 11, 2019, the California Governor signed all five of the California Consumer Privacy Act amendments that were awaiting his signature (AB 25, 874, 1146, 1355, and 1564) as well as an amendment to California’s data breach law (AB 1130). We had previously written about the impact on CCPA if all five amendments went into effect here.… Continue Reading
Posted in CCPA, Compliance and risk managementOn October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA).
The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA. In the press release announcing the proposed regulations, Attorney General Becerra described CCPA as “[providing] consumers with groundbreaking new rights on the use of their personal information” and added, “It’s time we had control over the use of our personal data.”… Continue Reading
Posted in CCPA, Compliance and risk management, Enforcement
The wait is over: Only five CCPA amendments made it through the California legislature. The amendments are limited in scope, which means the CCPA will go into effect, largely intact, on January 1, 2020.
The California legislative session for 2019 ended on September 13 and the following five amendments to the California Consumer Privacy Act (CCPA) were passed: AB 25, 874, 1146, 1355, and 1564. They now move to the Governor’s desk, where he has 30 days to sign or veto them.… Continue Reading
Posted in CCPA, Compliance and risk management
We are seeing companies use many different approaches to the California Consumer Privacy Act (“CCPA”) compliance, but the “wait and see” approach in particular is not advisable.
Companies who want to “wait and see” point to the pending amendments to CCPA that are currently working through the California Senate (as we have previously described—see links below). Others point to the California Attorney General regulations that will be released in draft form in the next few months, which should provide some guidance to implementing CCPA.
Those statements are indeed accurate, as far as they go. However, they neglect the fact that … Continue Reading
Posted in CCPA, Compliance and risk management, EnforcementOn August 12, the California legislature returns after its summer recess. Starting with the Senate Appropriations Committee Hearing today, the legislature will now have approximately a month to continue the markups and send California Consumer Privacy Act (CCPA) amendments to the Governor’s desk for signature before the September 13 deadline. As previously reported, any amendment that passes from the Senate will likely need to go back to the Assembly since many of them have been marked up significantly by the Senate. Below is a summary of the seven amendments that are moving forward and what they mean for businesses who … Continue Reading
Posted in CCPA
In a 12-hour marathon hearing, the California Senate Judiciary Committee on July 9, 2019, debated, struck down, scaled back and put back on the negotiating table key amendments to the California Consumer Privacy Act (“CCPA”).
Read below to find out what happened to the much-anticipated “employee exception” bill, “customer loyalty program” bill, and the bill to remove the toll-free number requirement.… Continue Reading
Posted in CCPA, Compliance and risk managementThis is the Data Protection Report’s eleventh blog post in a series of CCPA blog posts. Stay tuned for additional posts on the CCPA.
As America prepares for the Fourth of July holiday weekend, the California legislature continues to work on amending the California Consumer Privacy Act (“CCPA”), as it races to get modifications passed through the state legislature before it adjourns for the 2019 calendar year. On June 28, one of those bills, AB 25, the “employee exception” bill was significantly amended by the Senate Judiciary Committee and appears to move forward, despite a recent political setback last month … Continue Reading
Posted in CCPA, Compliance and risk managementThe US privacy law landscape continues to shift and evolve as state and federal privacy legislative proposals continue to be debated and become enacted.
While CCPA-like bills in Washington and Texas failed to pass, Nevada passed its online privacy amendment and proposals in New York and Washington, DC appear to be gaining momentum.… Continue Reading
Posted in CCPA, Compliance and risk management
This is the Data Protection Report’s ninth blog post in a series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA.
On May 16, 2019, the California Senate Appropriations Committee held a hearing that included S.B. 561, the “Attorney General amendment” to the California Consumer Privacy Act (“CCPA”). The bill is being held in committee and under submission, which means the bill has been blocked and is likely dead.… Continue Reading
Posted in CCPA, Compliance and risk management, Enforcement
This is the Data Protection Report’s eighth blog post in series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA.
With significant enforcement activity and new laws being enacted or proposed since the start of the year, regulators in the EU and the US, several US states, and the US Congress are showing they mean business in terms of data privacy.
To help companies best protect consumer data and remediate enforcement risks, we provide below an overview of the following:
Posted in CCPA, Compliance and risk managementThis is the Data Protection Report’s seventh blog post in series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA.
On January 25, 2019, the California Attorney General’s Office held a public forum in Los Angeles to solicit feedback on the California Consumer Privacy Act of 2018 (“CCPA”) as it prepares to draft regulations which must be adopted on or before July 1, 2020. CCPA provides new rights to California consumers with respect to the collection and use of their personal information. The CCPA authorizes the Attorney … Continue Reading
Posted in CCPA, Compliance and risk managementThis is the Data Protection Report’s sixth post in a series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional CCPA posts.
The California Consumer Privacy Act of 2018 (“CCPA”), California’s new privacy law which takes effect on January 1, 2020, requires the Attorney General to adopt implementing regulations that further the objectives of the CCPA. Much concern has been raised about the law as currently written, including by Attorney General Xavier Becerra himself. With regulations set to be issued on or before July 1, 2020, the Attorney General’s Office will … Continue Reading
Posted in CCPA, Compliance and risk management
This is the Data Protection Report’s fifth post in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA.
Following Europe’s lead and some recent high profile scandals involving the use of personal information, California passed the California Consumer Privacy Act which goes into effect on January 1, 2020. (You can find our coverage of it here.) The law, the first of … Continue Reading
Posted in CCPAThis is the Data Protection Report’s fourth blog posts in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA.
The California Consumer Privacy Act (the “CCPA” or “Act”) includes significant and new disclosure requirements for businesses that collect and or sell or disclose California residents’ personal information. Below we have outlined: (1) disclosures businesses must make in their privacy policy; (2) disclosures businesses must make upon receipt of … Continue Reading
Posted in CCPA
This is the Data Protection Report’s third blog post in a series of CCPA blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on the CCPA’s broad definition of Personal Information. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA.
The California Consumer Privacy Act (“CCPA” or the “Act”) sets a new precedent with its sweeping definition of Personal Information (“PI”). The CCPA defines “[p]ersonal information” as any information that “identifies, relates to, describes, is capable of being … Continue Reading
This is the Data Protection Report’s second post in a series of blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional posts and information about our upcoming webinar on the CCPA.
California’s new privacy law, the California Consumer Privacy Act (CCPA) grants California residents extensive new privacy rights. One of the more significant aspects of the law however, is the number of business entities to which it applies. Companies around the world must comply with the … Continue Reading
