After a relatively slow start to 2025, the California Privacy Protection Agency (CPPA) is firing on all cylinders now.
In recent weeks, the CPPA (i) revised the proposed Delete Request and Opt-out Platform (DROP) regulations...more
5/13/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Comment Period ,
Corporate Counsel ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Enforcement ,
Final Rules ,
Proposed Rules ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment
Key Takeaways -
- The California Privacy Protection Agency (CPPA) is substantially revising its draft privacy regulations.
- Definitions for automated decision-making technology (ADMT) and "significant decisions" are...more
4/14/2025
/ Algorithms ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Data Privacy ,
Personal Information ,
Proposed Rules ,
Regulatory Reform ,
Risk Assessment ,
Rulemaking Process ,
Technology Sector
As we close out the first quarter of 2025, one thing is unmistakable: California’s regulatory efforts continue to center on data brokers.
So far this year, the California Privacy Protection Agency (CPPA) proposed...more
After much anticipation, on November 8, the California Privacy Protection Agency (CPPA) Board voted to advance proposed regulations for insurance, cybersecurity audits, risk assessments, and automated decision-making...more
11/27/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Brokers ,
Data Protection ,
Privacy Laws ,
Risk Assessment ,
Risk Management ,
Rulemaking Process ,
Technology Sector
Amid intense focus on AI and a flurry of consumer privacy law updates, legislative activity has continued to change data breach notification requirements in a variety of ways. Similar to 2023, a handful of changes to...more
9/30/2024
/ Artificial Intelligence ,
Breach Notification Rule ,
Consumer Privacy Rights ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
FCC ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Popular ,
Regulation S-P ,
Regulatory Requirements ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
State and Local Government ,
State Data Breach Notification Statutes
On Friday, February 9, as the country collectively packed up and prepared to head home for Super Bowl weekend, the Third Appellate District of the California Appellate Court issued an Order granting the California Privacy...more
A flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to...more
10/10/2023
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
FCC ,
Federal Breach Notification Standard ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Proposed Legislation ,
Regulatory Reform ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes
The Board of the California Privacy Protection Agency (the CPPA) held its first meeting since July on Friday, September 8, 2023, and discussed the first public draft of cybersecurity audit regulations and risk assessment...more
9/27/2023
/ Audits ,
Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment
This Update is the third installment of the ongoing series covering Washington state’s new My Health My Data Act (the Act). Part 1 provided a high-level outline of the entities regulated under the Act and the corresponding...more
6/8/2023
/ Biometric Information ,
Genetic Materials ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
Mental Health ,
PHI ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Small Business
As detailed in Part 1 of this ongoing series, Washington Governor Jay Inslee signed the state’s My Health My Data Act (the Act) into law on April 27, 2023. The Act is a first-of-its-kind law that creates new privacy...more
The Colorado attorney general’s office sent shockwaves throughout the privacy world on September 30, 2022, when it published its proposed Colorado Privacy Act (CPA) draft rules (Draft Rules). The Draft Rules are complex and...more
10/17/2022
/ Biometric Information ,
California ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Consent ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Controller ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Proposed Rules ,
Technology Sector
Cyberattacks continue to plague businesses, making the fallout of data breach notification and response as critical as ever. This year, like 2021, has been relatively quiet as it relates to state updates to breach...more
10/7/2022
/ Amended Rules ,
Biden Administration ,
Breach Notification Rule ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
E-Commerce ,
Internet Retailers ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
State and Local Government