As reported by Bloomberg Law, data breach class action litigation has begun under the California Consumer Privacy Act (CCPA). Filed in the Northern District of California, San Francisco Division, a putative class action lawsuit against Hanna Andersson, LLC and its ecommerce platform provider, Salesforce.com, alleges negligence and a failure to maintain reasonable safeguards, among other … Continue Reading
With the California Consumer Privacy Act (CCPA) effective for nearly one month, businesses continue to grapple with the many components of this new privacy framework. A key component of the CCPA is granting consumers the right to request information about and to exercise some control over their personal information. Developing sufficient mechanisms to receive, process … Continue Reading
2020 may very well be the most impactful year for data privacy and cybersecurity in the United States. In honor of Data Privacy Day, we discuss some of the reasons why that may be the case. In short, as privacy and cybersecurity risks continue to emerge for organizations large and small, the law is beginning … Continue Reading
Websites play a vital role for organizations. They facilitate communication with consumers, constituents, patients, employees, and the general public. They project an organization’s image and promote goodwill, provide information about products and services and allow for their purchase. Websites also inform investors about performance, enable job seekers to view and apply for open positions, and … Continue Reading
Recently, the U.S. Federal Trade Commission issued an important opinion, concluding that Cambridge Analytica, LLC, the data analytics and consulting company, engaged in “deceptive practices to harvest personal information” of tens of millions social media users, by way of using their data from a company developed app, GSRapp, for voter profiling purposes without the users’ … Continue Reading
Some business leaders and HR professionals may be waking up this morning not realizing they must provide a “Notice at Collection” to some or all of their employees and applicants under the new California Consumer Privacy Act (CCPA). This is not surprising given the confusion during 2019 about whether this law would reach that far. The … Continue Reading
When privacy geeks talk “privacy,” it is not uncommon for them to use certain terms interchangeably –personal data, personal information, personally identifiable information, private information, individually identifiable information, protected health information, or individually identifiable health information. They might even speak in acronyms – PI, PII, PHI, NPI, etc. Blurring those distinctions might be OK for … Continue Reading
After years of data breaches, mass data collection, identity theft crimes, and failed attempts at broad-based federal legislation, 2020 may be the year that state privacy and data security legislation begins to take hold in the U.S. For example, the California Consumer Privacy Act (“CCPA”) and the New York Stop Hacks and Improve Electronic Data … Continue Reading
Businesses subject to the California Consumer Privacy Act (“CCPA”) are working diligently to comply with the law’s numerous mandates, although final regulatory guidance has yet to be issued. Many of these businesses are learning that AB25, passed in October, requires employees, applicants, and certain other California residents to be provided a notice of collection at … Continue Reading
It’s hard to understate the range of issues the California Consumer Privacy Act (the “CCPA”) raises for covered businesses and their service providers. One of those issues involves the meaning of “consumer.” If you have been following CCPA developments, you know that at least for the first 12 months the CCPA is effective, the new … Continue Reading
Several weeks ago, we published a CCPA FAQS on Cookies, which provides a high-level look at how the impending CCPA may apply to website cookies. The CCPA’s definition of personal information is expansive, and in preparation for the CCPA it is easy to overlook certain elements of personal information, in particular website cookies. A cookie … Continue Reading
On February 21, 2019, California Attorney General Xavier Becerra and Assemblymember Marc Levine (D-San Rafael) announced Assembly Bill 1130 which intended to strengthen and expand California’s existing data breach notification law. On September 11, 2019, the bill passed both houses of the legislature and was presented to Governor Gavin Newsom. Last Friday, October 11, 2019, … Continue Reading
Lots of action for the California Consumer Privacy Act (CCPA) in the last few days! After much anticipation, on October 10th, 2019, California Attorney General Xavier Becerra (“the AG”) announced the Proposed Regulations for the CCPA. The next day, California Governor Gavin Newsom signed into law six amendments to the CCPA. Below is a summary of … Continue Reading
October is National Cybersecurity Awareness Month (NCSAM)! NCSAM is an annual event designed by the U.S. Department of Homeland Security (DHS) and co-led by the Cybersecurity and Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCSA). NCSAM is a collaborative effort by both government and industry leaders intended to enhance public awareness regarding cybersecurity . … Continue Reading
The California Consumer Privacy Act takes effect January 1, 2020. Businesses within the scope of the CCPA are taking steps to prepare, including drafting notices to inform California consumers of their right to opt out of the sale of their personal information. However, California will not be the first state to provide a consumer with … Continue Reading
For years now, state laws have required subject organizations to provide notification to affected data subjects and, in some instances, to state agencies, consumer reporting agencies, and the media, when they experience a “breach” of certain categories of information. And a growing number of states – including California, Colorado, Connecticut, Maryland, Massachusetts, Texas, and, most … Continue Reading
The California Consumer Privacy Act is almost here! The groundbreaking law takes effect January 1, 2020. Covered businesses and their service providers have already started preparing, as the CCPA continues to evolve since it was introduced. California’s legislative session ended on September 13th, with some final modifications to bills that would amend certain aspects of … Continue Reading
As businesses prepare for the effective date of the California Consumer Privacy Act, many are conducting data mapping to identify the personal information they collect, who it belongs to, how they use it, with whom they share it and whether they sell or disclose it. The information a business collects from this exercise will set … Continue Reading
The California Consumer Privacy Act (CCPA), considered the most expansive U.S. privacy laws to date, is set to take effect January 1, 2020. In short, the CCPA places limitations on the collection and sale of a consumer’s personal information and provides consumers certain rights with respect to their personal information. Wondering whether they will have … Continue Reading
Employers, you are not out of the CCPA woods yet. If you have been tracking the proposed amendments to the California Consumer Privacy Act (CCPA), you know that businesses and stakeholders have been clamoring to shape the new sweeping law in a number of ways. We reported earlier this year on some of the potential … Continue Reading
The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is considered the most robust state privacy law in the United States. The CCPA seems to have spurred a flood of similar legislative proposals on the state level, and started a shift in the consumer privacy law landscape. Many of these proposals end up … Continue Reading
The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is considered the most robust state privacy law in the United States. The CCPA seems to have spurred a flood of similar legislative proposals on the state level, and it was only a matter of time before the Empire State introduced its own version … Continue Reading
Per our earlier blog post, Texas was ambitious this legislative session when it proposed two consumer data privacy bills. Both bills made it through committee hearings, but only one made it to the governor’s desk for signature: HB 4390. However, even it arrived there very different than originally drafted. HB 4390, dubbed the Texas Privacy … Continue Reading
The California Senate Appropriations Committee recently blocked a bill that would expand a private right of action under the California Consumer Privacy Act (CCPA). As we reported, in late February, California Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced Senate Bill 561, legislation intended to strengthen and clarify the CCPA. Then in April, the Senate … Continue Reading