California Privacy Rights Act

In March 2023, the California Chamber of Commerce filed a Petition for Writ of Mandate and Complaint for Declaratory and Injunctive Relief against the California Privacy Protection Agency (CPPA), the agency tasked with implementation and enforcement of the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA).

The writ sought to

At the California Privacy Protection Agency (CPPA) Board meeting on June 8, 2022, the board voted to begin the rulemaking process. The Board previously released a 66-page draft of regulations, that are intended to implement and interpret the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). While

On June 8, 2022, the California Privacy Protection Agency (CPPA) Board, will meet to discuss and take potential action regarding a draft of its proposed regulations. The June 8th public meeting includes an agenda item where the CPPA Board will consider “possible action regarding proposed regulations … including possible notice of proposed action.”

The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a consumer’s personal information and provides consumers new and expansive rights with respect to their personal information.

Less than one

Colorado is officially the third U.S. state to enact comprehensive privacy legislation, following California and Virginia. The Colorado General Assembly passed the Colorado Privacy Act (CPA), Senate Bill 21-109, on June 8, 2021, and Governor Jared Polis signed it into law on July 7, 2021.

The Colorado Privacy Act takes effect July 1,

The passage of Prop 24, the California Privacy Rights Act of 2020 (“CPRA”), has caused a bit of confusion among businesses in California.  The confusion stems from the fact that the CPRA has an effective date of January 1, 2023, amending the existing California Consumer Privacy Act (CCPA) when it takes effect, but also immediately

The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that businesses conduct risk assessments. While many U.S. companies currently conduct risk assessments for compliance with state “reasonable safeguards” statutes (e.g., Florida, Texas

Virginia may be the first state to follow California’s lead on consumer privacy legislation, but it certainly will not be the last. The International Association of Privacy Professionals (IAPP) observed, “State-Level momentum for comprehensive privacy bills is at an all-time high.” The IAPP maintains a map of state consumer privacy legislative activity, with in-depth analysis

The California Privacy Rights Act (CPRA), passed in November, 2020, added to the California Consumer Privacy Act (CCPA) an express obligation for covered businesses to adopt reasonable security safeguards to protect personal information. The CPRA also clarified the CCPA’s private right of action for consumers whose personal information is breached due to a failure to