On April 2, the California Privacy Protection Agency (CPPA or “the Agency”) issued the Agency’s first-ever enforcement advisory. The advisory (“Applying Data Minimization to Consumer Requests”) reaffirms data minimization as...more
In the run-up to this Friday’s December Board meeting, the California Privacy Protection Agency (CPPA or the “Agency”) has continued its recent flurry of regulatory activity. Late last week, the CPPA published an additional...more
Getting into compliance with the California Consumer Privacy Act (CCPA) can seem like an overwhelming task. After all, the law is comprised not only of a dense statute and detailed regulations, but the amendment effective...more
On March 27, 2023, the California Privacy Protection Agency (CPPA) will close its second phase of rulemaking on automated decision-making (ADM) systems under the California Privacy Rights Act (CPRA)— but not before giving...more
The ability to verify compliance with applicable law, notice and opt-out requirements for subcontractors, and flowing through data minimization principles are key requirements under new US state data protection laws. As...more
Data is what makes the modern business world go around. But as the amount of data that organizations collect and process grows, so, too, do concerns about data security and how organizations respond to DSARs. These...more
Data protection laws, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), are a major cause for concern for organizations. These data privacy laws have...more
Editor’s Note: On September 29, 2022, HaystackID shared an educational webcast on the topic of US privacy law. As privacy continues to move to the forefront of not only information consideration but of business concern for...more
The old saying went that “if you don’t want it on the front page of the newspaper, don’t put it in an email.” Well, if you don’t want to produce it as part of an employee’s Data Subject Access Request (DSAR), it shouldn’t be...more
Data protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are a major cause for concern for organizations. While the biggest fines garner headlines, such as...more
In the last few years, data privacy laws and regulations have been big news. Much of the coverage—including one of our recent blog posts—concerned website compliance. Companies scrambled to post notices and forms on their...more
On March 15, 2021, California Attorney General, Xavier Becerra, announced additional California Consumer Privacy Act (CCPA) regulations. These new changes went into effect on March 15, 2021....more
As consumer privacy continues to be a global concern, it is increasingly important to know where company data resides in order to maintain compliance. It is no longer just the European Union’s General Data Protection...more
If you are responsible for handling data subject requests made pursuant to the EU General Data Protection Regulation or verified consumer requests made pursuant to the California Consumer Privacy Act, chances are you have...more
Back in November, I wrote on this blog about Big Data being one of the challenges that is forcing technology to move more to the data sooner in the discovery process. One of the most notable fun facts that illustrate just how...more
When it comes to data privacy law, change is the only constant. The global pandemic unleashed a new set of risks related to data privacy that companies will have to confront in 2021. But despite the COVID chaos, data privacy...more
As more organizations find themselves under scrutiny for the way they collect and use consumer data, maintaining CCPA compliance has never been more important. CCPA has been introduced to give control back to consumers,...more
No. Both the CCPA and the GDPR provide individuals with a right to request access to their personal information and a right to request the deletion of their personal information. As a result, businesses that field rights...more
While businesses are not required to create a written policy or procedure for processing access requests, some businesses – particularly those that receive high volumes of such requests – choose to create such a policy. If...more
Maybe. The CCPA requires a business to respond to an access request by disclosing all information that it has “collected” about a consumer in the previous 12 months. Unlike the CCPA’s treatment of a business’s obligation...more
As one of the oldest and most recognized data privacy and security practices, we have had the honor of helping dozens of companies set up and evolve their data privacy programs over the past decade. That experience has given...more
On February 7, 2020, California Attorney General Xavier Becerra (the California AG) proposed revisions to the regulations implementing the California Consumer Privacy Act (CCPA) that his office had first proposed on October...more
The words “hodgepodge” and “patchwork” are overused in the world of risk and compliance, but they’re certainly appropriate for describing the myriad data privacy regulations popping up around the world. In 2018, the world...more
With the enactment of the European General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act ("CCPA”), the restaurant and food service industry has been forced to cope with a shifting privacy...more