Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then,...more
7/25/2024
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Unauthorized Access
On Tuesday, Texas Attorney General (AG) Ken Paxton announced the creation of a team dedicated solely to the prosecution and enforcement of Texas’ privacy laws. The team will focus on handling cases under at least seven...more
It is indeed a tangled regulatory web woven to potentially trap an organization in the wake of a data incident. Navigating this web can involve significant resources, time, and stress. As we discussed in part two of this...more
12/13/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Oversight ,
State Attorneys General
On October 10, Governor Newsom signed the Delete Act ( SB 362) into law, which amends California's current data broker law to impose extensive additional disclosure and registration requirements on data brokers, and to...more
10/20/2023
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Reporting Agencies ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Deletion ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
New Legislation ,
Notice of Proposed Rulemaking (NOPR) ,
Personal Data ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Public Comment ,
Regulatory Reform
Government regulators are seemingly as numerous as the stars nowadays, especially in the universe of data incidents. When organizations experience a data incident, they will need to quickly assess what happened, why it...more
10/16/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
PHI ,
Regulatory Agencies ,
State Attorneys General
In the burgeoning realm of data incidents, it is a truism that such incidents are not created equal. Indeed, a data incident is not necessarily a data breach.
Originally published in Reuters -August 24, 2023...more
8/25/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
NIST ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Regulatory Oversight
On Oct. 17 and again on Nov. 3, the California Privacy Protection Agency, or CPPA, modified the text of the proposed regulations implementing the California Privacy Rights Act, or CPRA.
Originally published in Law360 on...more
The California Privacy Rights Act (CPRA) established the California Privacy Protection Agency (CPPA), and requires the CPPA to adopt, amend, and rescind regulations on 22 topics — including, among other things, definitions,...more
The California Privacy Rights Action (CPRA) will significantly impact how entities process personal information requiring covered businesses to review and update their existing vendor agreements. The CPRA also includes...more
On April 18, the Ninth Circuit issued its opinion in hiQ Labs, Inc. v. LinkedIn Corporation in which the court clarified its position on an important topic: whether the common practice of data “web scraping” can create...more
On February 18, California lawmakers proposed two bills that further extend the existing employee and business-to-business (B2B) data exemptions included in the California Consumer Privacy Act and the California Privacy...more
Identifying data processing obligations is tricky, especially as overlapping privacy laws are enacted. Compliance will always hinge on understanding what laws jurisdictionally apply and a firm grasp of the data collected and...more
One key area where Virginia’s Consumer Data Protection Act (CDPA) differs from the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA) is the law’s notice and disclosure...more
As we noted in Part One of this Series, which provides an introduction and overview of the Virginia Consumer Data Protection Act, most privacy laws – including those adopted in the United States – are built on the Fair...more
We have long predicted that just as other states followed California in passing breach notification laws, states would follow in California’s footsteps in regulating information privacy practices with the California Consumer...more
On October 12, less than a month before California will vote on a referendum that would significantly overhaul the California Consumer Privacy Act (CCPA), the California attorney general released a third set of Proposed...more
10/15/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Proposed Regulation ,
Public Comment
CCPA 2.0: A Refresher -
Just as the dust from the CCPA began to settle, on June 24, 2020, the California Secretary of State released a memorandum stating that the California Privacy Rights Act (the “CPRA”), also known as...more
On August 14, 2020, the final regulations for the California Consumer Privacy Act (CCPA) (available here) were approved by the California Office of Administrative Law (OAL) and are effective immediately. The CCPA has...more
Enforcement of the California Consumer Privacy Act (CCPA) began July 1, 2020. Our privacy team at Troutman Pepper includes several attorneys who worked in an attorney general’s office. This privacy regulatory team has...more
8/11/2020
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Information ,
Prior Express Consent ,
Social Media ,
State Attorneys General ,
Web Content Accessibility Guidelines (WCAG) ,
Website Owner Liability
Enforcement of the California Consumer Privacy Act (CCPA) began July 1, 2020. Our privacy team at Troutman Pepper includes several attorneys who worked in an attorney general’s office. This privacy regulatory team has...more
7/29/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Use Policies ,
Enforcement Authority ,
Notice Requirements ,
Opt-Outs ,
Privacy Policy ,
Vendors
Enforcement of the California Consumer Privacy Act (CCPA) began July 1, 2020. Our privacy team at Troutman Pepper includes several attorneys who worked in an attorney general’s office. This privacy regulatory team has...more
Enforcement of the California Consumer Privacy Act (CCPA) began July 1, 2020. Our privacy team at Troutman Pepper includes several attorneys who worked in an attorney general’s office. This privacy regulatory team has...more
Enforcement of the California Consumer Privacy Act (CCPA) began July 1, 2020. Our privacy team at Troutman Pepper includes several attorneys who worked in an attorney general’s office. This privacy regulatory team has...more
7/17/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Sellers ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government