Since the passage of the California Consumer Privacy Act (CCPA) in 2018, other U.S. states have followed suit by enacting comprehensive consumer data privacy laws in rapid succession. While these state consumer privacy laws...more
Danielle Ocampo, a member of the CLA’s Law Section, interviewed Steve Millendorf (Partner, San Diego) to gain a deeper understanding of how California is approaching and implementing the EU AI Act.
How do the principles...more
On January 29 the California legislature introduced the California Children’s Data Privacy Act (AB 1949) in what appears to be the first bill proposed to amend the California Consumer Privacy Act (CCPA) since passage of...more
As the California Privacy Rights Act (CPRA) comes into effect on January 1, 2023, the temporary and partial exceptions for employment and business-to-business information will expire, making California the first and only...more
On August 24, 2022, California Attorney General Rob Bonta announced a settlement with Sephora, Inc. that included a fine of $1.2 million for alleged violations of the California Consumer Privacy Act (CCPA). The settlement is...more
8/26/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Customer-Loyalty Programs ,
Data Collection ,
Data Sellers ,
Do Not Sell ,
Enforcement Actions ,
Opt-Outs ,
Personal Information ,
State Attorneys General
The California Privacy Protection Agency (CPPA) quietly issued the first draft of the California Consumer Privacy Act (CPRA) regulations and an Initial Statement of Reasons by attaching them to the June 8 board meeting...more
On May 4, 2022, the Connecticut legislature passed S.B. 6 entitled the “Connecticut Data Privacy Act” (CDPA) with the bill now moving to Governor Ned Lamont’s desk for signature. Although Governor Lamont is generally expected...more
5/6/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Connecticut ,
Data Privacy ,
Data Security ,
DPPA ,
Enforcement ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Personal Data ,
Right-To-Access ,
Securities Exchange Act of 1934 ,
Sensitive Personal Information ,
State Data Privacy Laws
Utah is likely the next in line to pass a comprehensive consumer privacy law, joining the ranks of California, Colorado, and Virginia. Senate Bill 227, the Utah Consumer Privacy Act (UCPA), was passed by the Utah legislature...more
On October 6, 2021, Apple announced that the requirement that applications that allow users to create an account must also enable users to initiate deletion of their accounts from within the application will go into effect on...more
10/18/2021
/ Apple ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Consent ,
Data Deletion ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Notification Requirements ,
Privacy Laws ,
Privacy Notice Rule
The advent of new technology brings along with it the murkiness of how the American legal system will treat such technology. Before the rise of blockchain for instance, businesses were uncertain how courts would treat...more
10/8/2021
/ Blockchain ,
California Consumer Privacy Act (CCPA) ,
Confidentiality Policies ,
E-SIGN ,
Force Majeure Clause ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
Service Level Agreements ,
Smart Contracts ,
Supply Chain ,
Termination ,
UETA
On August 15, 2021, a number of media outlets indicated that T-Mobile was investigating a data breach that may have included the names, date of births, phone numbers, T-Mobile account pins, Social Security numbers, and...more
On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (“CPA”) into law, making Colorado the third state to enact comprehensive privacy legislation, following in the footsteps of California and...more
7/23/2021
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Colorado ,
COPPA ,
Data Privacy ,
DPPA ,
Enforcement ,
Families First Coronavirus Response Act (FFCRA) ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Governor Polis ,
Gramm-Leach-Blilely Act ,
HIPAA Access Request ,
New Legislation ,
Penalties ,
Privacy Laws ,
State Data Privacy Laws ,
Virginia
While the world anxiously awaited the results of the November 2020 U.S. federal elections, California silently passed California Proposition 24, the California Privacy Rights Act (CPRA). Labeled on the ballot simply as...more
11/13/2020
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Mapping ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Policies and Procedures ,
Safe Harbors ,
Sensitive Personal Information
The California Attorney General Xavier Bacerra submitted the final proposed regulations (the “Regulations”) under the California Consumer Privacy Act of 2018 (“CCPA”) to the California Office of Administrative Law (“OAL”) on...more
New privacy challenges await California businesses as they begin to develop plans to reopen after more than two months of lockdown due to the COVID-19 pandemic. Most businesses are required to fill out a county-specific safe...more
As industry continues to adapt to the evolving realities of shelter-in-place orders, companies face challenges in supporting an unprecedented remote workforce while balancing compliance with a variety of regulatory agencies....more
4/9/2020
/ Business Interruption ,
California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Regulatory Standards ,
Remote Working ,
Small Business ,
State of Emergency
Beginning with the California Online Privacy Protection Act (CalOPPA) in 2004, California has led the U.S. in adopting laws to protect the privacy of its residents. California continued this trend by enacting the California...more
On August 6, 2019, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) released ISO/IEC 27701 (ISO 27701), a privacy extension to ISO/IEC 27001 and ISO/IEC 27002...more
9/9/2019
/ California Consumer Privacy Act (CCPA) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Organization for Standardization ,
Personally Identifiable Information ,
Privacy Laws ,
Security and Privacy Controls
Connected devices, or what is referred to as the “consumer internet of things” is big business right now. Consumers want to “talk” to their devices throughout their home wherever they are, and some organizations’ business...more
6/7/2019
/ B2B Transactions ,
B2C ,
California Consumer Privacy Act (CCPA) ,
Connected Items ,
COPPA ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
Manufacturers ,
Mobile Devices ,
Personal Data ,
Risk Management ,
Security and Privacy Controls ,
Smart Devices ,
Vendors
...On April 4, 2019, California Assembly Member Wicks proposed sweeping changes to bill AB 1760, effectively repealing the California Consumer Privacy Act of 2018 (CCPA) and replacing it with the Privacy for All Act of 2019...more
4/11/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Disclosure Requirements ,
Opt-In ,
Personal Data ,
Private Right of Action ,
Proposed Amendments ,
Regulatory Oversight ,
Right to Be Forgotten ,
Third-Party Service Provider