On December 16, 2022, the California Privacy Protection Agency (CPPA) had its final meeting before the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act takes effect on January 1, 2023. Despite the CPRA taking effect at the start of the year, the CPPA, the agency charged with implementing the law
Virginia’s Consumer Data Protection Act is not the only Privacy and Data Protection Law in the Commonwealth
On January 1, 2023, Virginia’s Consumer Data Protection Act (CPDA) takes effect. Key features of the CPDA include expansive consumer privacy rights (right to access, right of rectification, right to delete, right to opt-out, right of portability, right against automatic decision making), a broad definition of “personal information”, the inclusion of a “sensitive data” category
CPPA Board Publishes Second Modification to CPRA Regulations
In June 2022, the California Privacy Protection Agency (CPPA) Board first started discussions about revising the regulations previously released by the California Attorney General.
In October, the Board released proposed modifications to the regulations in advance of a planned Board meeting. Since then, the Board has rescheduled both Board and public meetings.
The Board
NLRB General Counsel Memo on Electronic Monitoring of Employees
Responding in part to the nature of the post-COVID-19 remote workplace, NLRB GC Jennifer Abruzzo has released a memo on employers’ use of electronic monitoring and automated management in the workplace. The memo also directs NLRB Regions to submit to the Division of Advice any cases involving intrusive or abusive electronic surveillance and algorithmic management
OCR Reminds Healthcare Providers and Their Business Associates – You Need an Incident Response Plan!
We have been quite busy this October, which happens to be National Cybersecurity Awareness Month. But, we did not want to let the month go by without some recognition; and we are grateful to the HHS Office for Civil Rights (OCR) for this always timely reminder for HIPAA covered entities and business associates – have
California Tightens Rules on Vehicle Tracking, Fleet Management
Over the past several years, there has been a significant increase in the use of dashcam technology. The technology available in the market is quite advanced. As we observed here, these devices can be equipped with geolocation, AI, facial recognition, and other technologies. Designed primarily to enhance driver safety and fleet management, privacy concerns
CPPA Board Publishes Proposed Modifications to CPRA Regulations in Advance of October Meeting
On October 21 and 22, the California Privacy Protection Agency (CPPA) Board will meet to discuss possible action regarding the proposed regulations for the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Previously, in June 2022, the Board met to discuss revising the regulations previously released by the California Attorney General.
White House Weighs In On the Use of AI by Businesses
On October 3, 2022, the White House Office of Science and Technology Policy published its “Blueprint for an AI Bill of Rights.” This adds to prior federal guidance released by the EEOC and DOJ regarding the use of AI in employment decisions.
The framework published by the White House is intended to apply
Amendment to CMIA Regarding Mental Health and Mental Health Apps
California passed Assembly Bill (AB) 2089, which amends the Confidentiality of Medical Information Act (CMIA) to include mental health application information under the definition of medical information. Under the revisions to CMIA, mental health application information is defined as information related to a consumer’s inferred or diagnosed mental health or substance use disorder, as
California Consumer Privacy Act FAQs: Employment Information
1. What’s changing?
Under the current version of the California Consumer Privacy Act (“CCPA”), an employer’s obligations related to the personal information it collects from employees, applicants, and contractors residing in California (collectively, “Employment Information”) are relatively limited. Specifically, it needs to (1) provide those individuals a “notice at collection” that discloses the categories of