This insight was initially published in 2022 and updated in August 2024. The Federal Trade Commission (FTC) has continued to ramp up its investigation and enforcement efforts to address unfair or deceptive acts or practices...more
Over 5,000 privacy professionals from around the world gathered in Washington, D.C. this month for the International Association of Privacy Professionals’ Global Privacy Summit 2024. The conference focused on debating the...more
On July 10, 2023, the European Commission formally approved the EU-U.S. Data Privacy Framework (“DPF"). You can view our brief video discussion about the DPF or read our initial update.
Companies that maintained their...more
The Federal Trade Commission (FTC) has continued to ramp up its investigation and enforcement efforts in 2022 to address unfair or deceptive acts or practices in the privacy, cybersecurity and consumer protection space. With...more
To help your company get its United States (U.S.) state privacy compliance program on the right track in 2022, Orrick's Cyber' Privacy & Data Innovation Group has analyzed the differences between key topics for the California...more
3/15/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws
The California Privacy Rights Act (CPRA) became law on December 16, 2020, and amended the California Consumer Privacy Act (CCPA). When the CPRA becomes fully operative on January 1, 2023, these important changes, among...more
Significant developments in artificial intelligence, cybersecurity and consumer privacy occurred across the globe in 2021 with the anticipation of more activity in 2022. Our roundup for the year captures some of the major...more
Across the United States (U.S.), 2021 was a busy year for legislative and regulatory-related consumer privacy developments. Our roundup captures some of the major updates that occurred in states throughout the year. We will...more
The Federal Trade Commission ("FTC") recently announced its intent to "vigorously" enforce its 2009 Health Breach Notification Rule (the "Rule") via a policy statement that sheds light on the Rule's scope. The policy...more
9/24/2021
/ Application Programming Interface (APIs) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Mobile Health Apps ,
Personally Identifiable Information ,
Popular
The French data protection authority, La Commission nationale de l’informatique et des libertés ("CNIL"), one of Europe's ("EU") most active data protection regulators, has continued to focus on the lawfulness of the use of...more
Colorado is the third U.S. state to enact comprehensive consumer data privacy legislation with the passage of the Colorado Privacy Act (CPA) on July 7, 2021. The CPA will go into effect July 1, 2023, joining the California...more
Following in the footsteps of the California Consumer Privacy Act (CCPA), the Commonwealth of Virginia has become the second U.S. state to enact comprehensive consumer data protection legislation. ...more
3/4/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
New Legislation ,
Personal Data ,
Regulatory Reform ,
State and Local Government
How can your business prepare for The California Privacy Rights Act (CPRA) ramp-up in 2021? The CPRA is scheduled to become effective in January 2023. Preparations will occur over the next two years, including establishing...more
On December 10, 2020, California Attorney General Xavier Becerra (California AG) released a fourth set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations that went into effect on August 14,...more
On August 14, 2020, the California Office of Administrative Law (“OAL”) approved the final implementing regulations pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). This final and approved version of the CCPA...more
On February 7 and again on February 10, 2020, the California Attorney General Xavier Becerra released an updated draft of proposed regulations pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). The updated...more
2/14/2020
/ Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Regulatory Agenda ,
Regulatory Requirements ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
Happy New Year! At long last, the California Consumer Privacy Act of 2018 (“CCPA”) went into effect yesterday, January 1, 2020. For those who have not yet heard, the CCPA establishes a comprehensive legal framework to govern...more
1/3/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Deletion ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Right to Delete ,
State and Local Government
With the January 1, 2020 effective date of the California Consumer Privacy Act (the “CCPA”) rapidly approaching, all eyes have been on the California legislature’s consideration of a robust suite of amendments that would...more
10/21/2019
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
New Amendments ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes
On October 10, 2019, the California Attorney General added to the complexity of the California Consumer Privacy Act of 2018 (“CCPA”) by releasing long-awaited proposed regulations that provide guidance on various elements of...more
10/16/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Public Comment ,
Right to Delete ,
Rulemaking Process ,
State and Local Government
With the January 1, 2020 effective date of the California Consumer Privacy Act (the “CCPA”) rapidly approaching, all eyes have been on the California legislature’s consideration of a robust suite of amendments that would...more
9/18/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Exemptions ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
In 2018, the California legislature made headlines with its game-changing data protection law: the California Consumer Privacy Act of 2018. ...more
3/19/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Legislation ,
State and Local Government
Game-changing Calif. Consumer Privacy Act of 2018 puts statutory breach damages on the table -
The recently-enacted California Consumer Privacy Act of 2018 is a game-changer in a number of respects. The Act imports...more
8/24/2018
/ Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Orrick of counsel Emily Tabatabai, a founding member of our Cybersecurity & Data Privacy team, recently spoke with Law360 regarding cybersecurity and privacy predictions for 2018. Emily discussed the inherent privacy and...more
1/3/2018
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Internet of Things ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
States were busy updating their data breach notification statutes in 2016. With 2016 in the rear view, let’s take a look back at the legislative changes that will impact corporate incident response processes and what those...more
Last week, the FTC published a blog post titled The NIST Cybersecurity Framework and the FTC, in which the agency issued a nuanced answer to an oft-asked question: “If I comply with the NIST Cybersecurity Framework, am I...more