As noted in a prior post, New York’s Attorney General (“NYAG”) has made enforcement of the New York SHIELD Act an enforcement priority. The SHIELD Act requires organizations handling personal information related to New York residents to maintain reasonable safeguards to protect that information. Maintaining its focus on this area, the NYAG recently released
Damon W. Silver
Iowa’s Governor Signs Comprehensive Consumer Privacy Law
On March 28, 2023, Iowa’s Governor signed Iowa’s new statute relating to consumer data protection. Iowa joins California, Colorado, Connecticut, Utah, and Virginia in the ever-growing patchwork of consumer privacy laws across the country.
The new law takes effect on January 1, 2025.
Iowa’s consumer privacy law covers businesses…
Iowa to Be Sixth State to Pass a Consumer Privacy Statute
On March 15, 2023, the Iowa legislature unanimously passed Senate File 262, the Consumer Privacy Act, which relates to consumer data and privacy protection. Once signed by Iowa’s governor, the statute will become operative on January 1, 2025, and Iowa will join California, Colorado, Connecticut, Utah, and Virginia in passing…
CPPA Starts Rulemaking on Cybersecurity, Risk Assessments, and Automated Decision-making
While the California Privacy Protection Agency (CPPA) only recently approved revised amended regulations pertaining to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), it is already on to its next rulemaking.
On February 10, 2023, the CPPA issued an invitation for preliminary comments on proposed rulemaking pertaining to cybersecurity audits…
California Privacy Protection Agency Passes Revised Regulations
After a significant delay, on February 3, 2023, the California Privacy Protection Agency (CPPA) unanimously approved amended regulations. The new regulations have not yet gone into effect as they must first be approved by the Office of Administrative Law (OAL). The CPPA’s General Counsel advised that there is no guarantee that the regulations would be…
California Privacy Protection Act Ends 2022 Without CPRA Regulations, But CPPA Targets Risk Assessments and AI for Additional Rulemaking
On December 16, 2022, the California Privacy Protection Agency (CPPA) had its final meeting before the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act takes effect on January 1, 2023. Despite the CPRA taking effect at the start of the year, the CPPA, the agency charged with implementing the law…
CPPA Board Publishes Second Modification to CPRA Regulations
In June 2022, the California Privacy Protection Agency (CPPA) Board first started discussions about revising the regulations previously released by the California Attorney General.
In October, the Board released proposed modifications to the regulations in advance of a planned Board meeting. Since then, the Board has rescheduled both Board and public meetings.
The Board…
CPPA Board Publishes Proposed Modifications to CPRA Regulations in Advance of October Meeting
On October 21 and 22, the California Privacy Protection Agency (CPPA) Board will meet to discuss possible action regarding the proposed regulations for the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Previously, in June 2022, the Board met to discuss revising the regulations previously released by the California Attorney General.
California Consumer Privacy Act FAQs: Employment Information
1. What’s changing?
Under the current version of the California Consumer Privacy Act (“CCPA”), an employer’s obligations related to the personal information it collects from employees, applicants, and contractors residing in California (collectively, “Employment Information”) are relatively limited. Specifically, it needs to (1) provide those individuals a “notice at collection” that discloses the categories of…
CPPA Releases Notice of Proposed Rulemaking
At the start of June, the California Privacy Protection Agency (CPPA), the agency tasked with implementing and enforcing the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA), voted to begin the rulemaking process.
On July 8, 2022, the CPPA officially began the formal rule-making process to adopt proposed regulations…