California Attorney General Becerra announced Friday afternoon that the Office of Administrative Law (OAL) had approved the final CCPA regulations his office submitted to the OAL in June, and that the review process is...more
As we’ve been writing about in this space for some time, today marks the opening of the CCPA enforcement era. Despite protestations from the business community, and requests for delay due to the lack of regulations until...more
7/1/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Personal Information ,
Privacy Laws ,
State Attorneys General
Just as businesses are gearing up for the start of enforcement of the California Consumer Privacy Act (“CCPA”), California cleared the way for the California Privacy Rights Act (“CPRA”). The CPRA is an initiative imposing...more
Companies planning to conduct pandemic-related temperature checks for California employees and visitors to their premises should consider their compliance obligations under the California Consumer Privacy Act (“the CCPA”). If...more
Privacy risks of using big data in the fight against COVID-19 are significant, and have caught the attention of Republicans and Democrats alike.
Earlier this month we reported on a bill introduced on May 7 by Republican...more
Last month, we reported that the United States Senate, Committee on Commerce, Science, and Transportation, conducted a hearing on “Enlisting Big Data in the Fight Against Coronavirus.” Specifically, the Committee focused on...more
As of March 12, 2020, the proposed Washington Privacy Act has foundered on enforcement rocks. The Senate did not agree with the House’s amendment that would have included a broad private right of action. The Senate’s version...more
3/13/2020
/ Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Authority ,
Infectious Diseases ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes
The House Bill. The House is taking a different approach to drafting a federal privacy bill. On December 18, Democratic and Republican staff for the House Energy & Commerce Committee released a bipartisan staff draft for...more
1/30/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Cybersecurity Framework ,
Data Collection ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Privacy Laws ,
Reasonable Expectation of Privacy ,
Rulemaking Process ,
State Data Breach Notification Statutes
As 2020 gets underway, Congress will continue to deliberate on federal privacy legislation in the second session of the 116th Congress. The California Consumer Privacy Protection Act (CCPA) went into effect on January 1, and...more
1/30/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Privacy Laws ,
Rulemaking Process ,
State Data Breach Notification Statutes
The short answer is “no”. The CCPA has a specific definition for “service provider” at Section 1798.140(v) – and it also requires a vendor to be bound by a written contract that prohibits it from...more
Unless you have been living off the grid for the past year, you likely know that we are now down to 13 days and counting to the effective date of the California Consumer Privacy Act (CCPA). We have received hundreds of...more
12/23/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
DPPA ,
Fair Credit Reporting Act (FCRA) ,
GLBA Privacy ,
Personal Information ,
Private Right of Action ,
State Attorneys General
The California Consumer Privacy Act becomes effective on January 1, 2020 with an amendment that impacts California employers. Covered businesses should, of course, already be in the process of preparing CCPA privacy notices...more
10/30/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Employee Privacy Rights ,
Employer Liability Issues ,
Governor Newsom ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Policy ,
Right to Delete
The Court of Justice of the European Union (CJEU) – the European Union’s equivalent to the US Supreme Court – has issued a very important ruling with respect to cookie compliance that may require re-evaluation of your cookie...more
10/3/2019
/ Cookies ,
Data Collection ,
Data Processors ,
Data Protection Authority ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
Personal Data ,
Popular ,
Prior Express Consent ,
Social Media ,
Website Owner Liability ,
Websites
Interested parties and privacy professionals have all been anxiously awaiting how legislative activity would shake out before the California Consumer Privacy Act (“CCPA”) is implemented January 1, 2020. Now that the dust has...more
9/23/2019
/ Amended Legislation ,
B2B Organizations ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Governor Newsom ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
They grow up so fast! A sentiment – and challenge – shared by parents and technologists alike. Just when you think you’ve finally figured it out, you blink, and they’re unrecognizable. The old rules can no longer be trusted...more
8/27/2019
/ COPPA ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Guidance Update ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Popular ,
Public Comment ,
Website Owner Liability ,
Websites
The California Legislature has returned from its summer recess and got right to work on the pending amendments to the California Consumer Privacy Act (CCPA). The Legislature has 30 days from today to send any amendments to...more
Get ready: October 1, 2019 is the new date for many U.S. businesses to begin providing consumers the right to opt-out of the sale of their personal information. While January 1, 2020 was the date upon which many businesses...more
The Federal Trade Commission (“FTC”) has handed down its largest civil penalty ever for violations of the Children’s Online Privacy Protection Act (“COPPA”). Musical.ly, now known as TikTok after a 2018 merger, agreed to a...more
3/7/2019
/ Consent Decrees ,
COPPA ,
Cybersecurity ,
Data Collection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Settlement Agreements ,
Website Owner Liability ,
Websites
Leaving its fingerprints all over the privacy debate, the Illinois Supreme Court handed down a ruling that will significantly impact litigation under the state’s unique Biometric Information Privacy Act (“BIPA” or “Act”),...more
1/30/2019
/ Actual Injuries ,
Amusement Parks ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Fingerprints ,
IL Supreme Court ,
Injury-in-Fact ,
Private Right of Action ,
Written Consent
Labor Day is passed, and the Privacy & Security Matters blog is back after a bit of a hiatus. The California State Legislature was busy up to the last day of the session working on privacy legislation.
Amendments to...more
June 28, 2018 will be a watershed day in the history of U.S. data privacy legislation. California has become the first state to move away from the U.S. approach of legislating data privacy in slow bits. Yesterday, both houses...more
6/29/2018
/ Consumer Protection Laws ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Private Right of Action ,
Right to Be Forgotten ,
State and Local Government
Answering the centuries’ old question, it appears it is the Federal Trade Commission (“FTC”) that watches the watchmen. The FTC sent warning letters to a pair of foreign app developers cautioning them that their practices of...more
5/9/2018
/ COPPA ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Guidance Update ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Smart Devices ,
Website Owner Liability ,
Websites
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
2/13/2018
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
International Data Transfers ,
Life Sciences ,
Medical Records ,
Personal Data ,
Personally Identifiable Information ,
Third-Party Service Provider ,
US-EU Safe Harbor Framework
Has your company recently beefed up its employee identification and access security and added biometric identifiers, such as fingerprints, facial recognition, or retina scans? Have you implemented new timekeeping technology...more
11/6/2017
/ Attorney's Fees ,
Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Consent Agreements ,
Data Collection ,
Employer Liability Issues ,
Statutory Damages ,
Timekeeping ,
Wage and Hour ,
Written Consent
Recently, Uber agreed to a proposed Federal Trade Commission (FTC) consent order (“Consent Order”) to settle charges in an FTC complaint (“Complaint”) regarding behavior stemming back to at least 2014. Acting Chairman Maureen...more
8/25/2017
/ Consent Order ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misrepresentation ,
Personally Identifiable Information ,
Popular ,
Uber