Life with GDPR - ICO Gets Serious About Subject Access Requests
SARS and Liability Issues under GDPR
No. When a business receives a request from a consumer to access the personal information that the business has “collected,” it must decide whether to grant the request or to deny it based upon one of the exceptions to...more
The CCPA requires a business to respond to an access request by disclosing all information that it has “collected” about a consumer in the previous 12 months. Unlike the CCPA’s treatment of a business’s obligation to delete...more
The California Attorney General recently published a report assessing CCPA compliance costs. The report attempts to quantify the monetary value of consumers’ personal data, and estimates the total value of personal data...more
In the run-up to January 1, 2020, the California legislature and Attorney General are rushing to provide clarity to the California Consumer Privacy Act of 2018 (CCPA) - and businesses are rushing to interpret and implement...more
No. The CCPA contains four references to the obligation of a business to, in response to an access request, provide the “specific pieces of personal information” that it has collected about a California resident. Each of...more
No. Section 1798.150 of the CCPA permits consumers to “institute a civil action” only where consumer “nonencrypted or nonredacted personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of...more