Within Article 3 (pages 10-18), the regulations detail important requirements that every business must follow when providing and fulfilling consumer rights under the CCPA. These areas include...more
10/18/2019
/ Best Practices ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Opt-Outs ,
Personally Identifiable Information ,
Proposed Regulation ,
Recordkeeping Requirements ,
Regulatory Agenda ,
Right to Delete ,
State Attorneys General
Interested parties and privacy professionals have all been anxiously awaiting how legislative activity would shake out before the California Consumer Privacy Act (“CCPA”) is implemented January 1, 2020. Now that the dust has...more
9/23/2019
/ Amended Legislation ,
B2B Organizations ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Governor Newsom ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
On the heels of the passing one of the nation’s leading pieces of privacy legislation, the California Consumer Privacy Protection Act (“CCPA”), Governor Newsom, used his first “State of the State” address, to highlight his...more
California continues to lead the nation in cybersecurity and privacy legislation on the heels of the recent California Consumer Privacy Act of 2018 (“CCPA”). Governor Brown recently signed into law two nearly identical bills,...more
10/4/2018
/ Acquisitions ,
California Consumer Privacy Act (CCPA) ,
Connected Items ,
Consumer Privacy Rights ,
Cybersecurity ,
Governor Brown ,
Manufacturers ,
Mergers ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
June 28, 2018 will be a watershed day in the history of U.S. data privacy legislation. California has become the first state to move away from the U.S. approach of legislating data privacy in slow bits. Yesterday, both houses...more
6/29/2018
/ Consumer Protection Laws ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Private Right of Action ,
Right to Be Forgotten ,
State and Local Government
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements,...more
6/7/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Hickenlooper ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
“Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks to the European Union’s General Data Protection Regulation (“GDPR”) (50 days and counting…) and its codification of...more
4/5/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
We’ve discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog’s inception. “Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks...more
2/21/2018
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy
More than ever before, biometric data, a term often used broadly to refer to metrics related to human characteristics, is being collected at a faster pace. Devices of all kinds are now able to able to track and store data...more
12/20/2017
/ Athletes ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Educational Institutions ,
FERPA ,
Fingerprints ,
NBA ,
NFL ,
Personally Identifiable Information ,
SOPIPA ,
Sports ,
Student Athletes
As we near the end of a year that has seen more than its share of massive data breaches, two bills have been introduced (one re-introduced) in the U.S. Senate....more
12/11/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Equifax ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Personally Identifiable Information ,
Popular ,
Proposed Legislation ,
Reporting Requirements ,
Uber
The Federal Trade Commission (FTC) clarified in recent guidance how the Children’s Online Privacy Protection Act (COPPA) applies to internet-connected device companies and other businesses that collect and use children’s...more
On September 7, 2017, Equifax, one of the three large credit reporting bureaus, announced a cybersecurity incident impacting approximately 143 million U.S. consumers. According to Equifax, the breach occurred mid-May through...more
9/13/2017
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Credit Cards ,
Credit Reporting Agencies ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Equifax ,
FBI ,
Federal Trade Commission (FTC) ,
Personally Identifiable Information ,
Popular
Recently, Uber agreed to a proposed Federal Trade Commission (FTC) consent order (“Consent Order”) to settle charges in an FTC complaint (“Complaint”) regarding behavior stemming back to at least 2014. Acting Chairman Maureen...more
8/25/2017
/ Consent Order ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misrepresentation ,
Personally Identifiable Information ,
Popular ,
Uber
Recently, the Electronic Privacy Information Center (“EPIC”) asked the FTC to begin an investigation into a Google program called “Store Sales Management.” The purpose of Store Sales Management is to allow for the matching...more
The Internet of Things (“IoT”) can be thought of as a group of different devices that can communicate with each other, perhaps over a network such as the internet. We have written extensively about many of the privacy...more