AI capabilities are growing by the day, and with them, so are increasing government efforts to put in place guardrails, principles, and rules to govern the AI space. In May alone, Utah’s Artificial Intelligence Policy Act...more
On July 29, 2024, the FTC’s revised Health Breach Notification Rule (HBNR) takes effect. The Rule requires vendors of personal health records (PHRs) and related entities not covered by HIPAA to notify individuals, the FTC,...more
The year ahead promises to be busy on the state privacy front. As we’ve covered on this blog, states are continuing to fill the gap at the federal level by implementing comprehensive state laws that guarantee consumer privacy...more
The Federal Trade Commission (FTC) announced a Notice of Proposed Rulemaking (NPRM) to amend the Children’s Online Privacy Protection Act Rule (COPPA Rule). The COPPA Rule applies to operators of websites and online services...more
The California Privacy Protection Agency (CPPA) and California Office of Attorney General (OAG) are publicly pressing ahead with enforcement now that they have the authority to enforce the California Consumer Privacy Act...more
Google updated its privacy terms earlier this month, shifting away from offering many of its advertising services on a “service provider” basis. With the change, Google states that its Customer Match, Audience Partner API,...more
Indiana’s Consumer Data Protection Act advanced in the state legislature last week and now heads to Governor Eric J. Holcomb’s desk. The bill mirrors comprehensive privacy legislation enacted in Virginia, Utah, and Iowa,...more
On Wednesday, June 8, the California Privacy Protection Agency (CPPA) Board voted 4-0 (with one member absent) to initiate the CPRA rulemaking process based on the draft regulations released on May 27th prior to the Memorial...more
On Friday June 3, a bipartisan group of leaders from key House and Senate committees released a new “discussion draft” bill to establish nationwide standards for consumer privacy. The proposal (the American Data Privacy and...more
On Friday May 27, 2022, the California Privacy Protection Agency (CPPA) Board announced its next public meeting will be on June 8, 2022. The announcement simply stated the date of the meeting, that there are “some discussion...more
On Tuesday, Connecticut became the fifth state to pass comprehensive privacy legislation when Governor Ned Lamont signed “An Act Concerning Personal Data Privacy and Online Monitoring” into law. Connecticut joins California,...more
In the first formal written opinion interpreting CCPA compliance obligations, California Attorney General Rob Bonta concludes that the CCPA grants consumers the right to know and access internally generated inferences that...more
In guidance released last week, the New York State Office of the Attorney General urged businesses to incorporate safeguards to detect and prevent credential-stuffing attacks in their data security programs. The guidance...more
Last week, California’s Governor Gavin Newsom signed into law AB 694, which makes a few technical changes to the California Privacy Rights Act (CPRA). The relevant changes to the CPRA are summarized below....more
During last month’s California Privacy Protection Agency Board (CPPA) meeting, the only substantive agenda item, addressed in closed session, was a discussion of two key appointments: the first Executive Director and a Chief...more
As of September 27, 2021, the European Commission requires controllers and processors to rely on the recently updated Standard Contractual Clauses (SCCs) for any new contracts governing personal data transfers from the EEA....more
9/30/2021
/ Data Controller ,
Data Protection ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On September 22, the California Privacy Protection Agency (CPPA) issued an invitation for public comments as part of its first “preliminary” rulemaking activities. Established by the California Privacy Rights Act (CPRA)...more
The California Office of the Attorney General has published a list of recent CCPA enforcement examples on its website. Each example summarizes the AG’s allegation of noncompliance and the steps that the companies took to...more
Last year’s voter guide to California Proposition 24, the California Privacy Rights Act (CPRA), included a stark argument against enacting the privacy ballot initiative because it did not go far enough to protect employee...more
6/21/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employer Liability Issues ,
Hiring & Firing ,
Job Applicants ,
Personal Information ,
Popular
Just a few months after California officials announced the nominations of the inaugural Board members of the California Privacy Protection Agency (“CalPPA”), the CalPPA released the agenda for its first board meeting on June...more
The California Privacy Rights Act (CPRA), effective January 1, 2023, adds “contractors” to the list of entities that a business may entrust with customer data. So what is a “contractor?” And how are “contractors” different...more
Prior to the September 30 deadline to sign or veto legislation, California Governor Gavin Newsom recently took action on three bills related to data privacy. Bringing some potential certainty to the dynamic CCPA landscape,...more
On June 2, California Attorney General Xavier Becerra announced that he had submitted final CCPA regulations to the Office of Administrative Law (OAL) for review. The final regulations are substantively identical to the...more
6/3/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Proposed Regulation ,
State Attorneys General
The California Consumer Privacy Act (CCPA) provides consumers with a right to non-discrimination when they exercise other privacy rights guaranteed by the law, such as the right to access, delete, or opt out of the sale of...more
The CCPA grants the California Attorney General (AG) the authority to enforce the CCPA starting on July 1, 2020. Last month, the AG confirmed no intention to delay that enforcement date due to the COVID-19 pandemic, despite...more