Tag Archives: CPRA

Don’t be Fooled by the CPRA Effective Date, Employers Have Current Obligations Under the CCPA

The passage of Prop 24, the California Privacy Rights Act of 2020 (“CPRA”), has caused a bit of confusion among businesses in California.  The confusion stems from the fact that the CPRA has an effective date of January 1, 2023, amending the existing California Consumer Privacy Act (CCPA) when it takes effect, but also immediately … Continue Reading

Data Protection and the Role of Vendor Management

The SolarWinds hack highlights the critical need for organizations of all sizes to include cyber supply chain risk management as part of their information security program. It is also a reminder that privacy and security risks to an organization’s data can come from various vectors, including third party vendors and services providers. By way of … Continue Reading

CPRA Series: The CPRA and Risk Assessments

The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that businesses conduct risk assessments. While many U.S. companies currently conduct risk assessments for compliance with state “reasonable safeguards” statutes (e.g., Florida, Texas, Illinois, … Continue Reading

Colorado Introduces a Comprehensive Consumer Privacy Bill

Colorado recently became the latest state to consider a comprehensive consumer privacy law.  On March 19, 2021, Colorado State Senators Rodriguez and Lundeen introduced SB 21-190, entitled “an Act Concerning additional protection of data relating to personal privacy”. Following California’s bold example of the California Consumer Privacy Act (“CCPA”) effective since January 2020, Virginia recently … Continue Reading

New York Considering Dramatic Expansion of Consumer Privacy Rights

In 2018, the California Consumer Privacy Act (“CCPA”), which provides for an expansive array of privacy rights and obligations, was enacted.  At the time, it was reasonable to wonder whether California’s bold example would catalyze similar activity in other states.  It’s clear now that it has.   Virginia recently passed its own robust privacy law, the … Continue Reading

AG Becerra Announces Approval of Additional CCPA Regulations

Here we go again! On March 15th, 2021, the California Department of Justice (“Department”) announced approval of modifications to the California Consumer Privacy Act’s (CCPA) regulations, originally introduced in December of 2020.  The new regulations mainly modify provisions related to a consumer’s right to opt out of sale of their personal information, with the aim … Continue Reading

Virginia Becomes 2nd State to Enact a Comprehensive Consumer Privacy Law

On Tuesday, March 2nd, Virginia Governor Ralph Northam signed into law the Consumer Data Protection Act (CDPA), officially joining California as the second state with a comprehensive consumer privacy law, intended to enhance privacy rights and consumer protection for state residents.  We provide an in-depth analysis of the CDPA here, along with legislative activity in … Continue Reading

Comprehensive State Privacy Laws On the Move, How Should Organizations Evaluate Them?

Virginia may be the first state to follow California’s lead on consumer privacy legislation, but it certainly will not be the last. The International Association of Privacy Professionals (IAPP) observed, “State-Level momentum for comprehensive privacy bills is at an all-time high.” The IAPP maintains a map of state consumer privacy legislative activity, with in-depth analysis comparing key provisions. … Continue Reading

CPRA Series: Redux on Data Security Requirements and Private Right of Action

The California Privacy Rights Act (CPRA), passed in November, 2020, added to the California Consumer Privacy Act (CCPA) an express obligation for covered businesses to adopt reasonable security safeguards to protect personal information. The CPRA also clarified the CCPA’s private right of action for consumers whose personal information is breached due to a failure to implement … Continue Reading

CPRA Series: Does the California Privacy Rights Act (CPRA) Apply to Your Business?

When California voters approved Proposition 24, the California Privacy Rights Act (CPRA), on November 3, 2020, the result was to substantially amend the California Consumer Privacy Act (CCPA) which became effective only 10 months earlier. We outlined the basic rules for determining when the CCPA applies, and summarize here the changes made by the CPRA. … Continue Reading

CPRA Series: The Importance of Data Retention Schedules and Records Management Policies

Record retention and records management policies are key elements for a company’s data protection program. Numerous recently enacted, or amended, data protection laws adopt data retention or storage limitation principles to safeguard personal information. Companies that do not have clearly defined record retention practices should take notice. Companies with existing practices should review those practices … Continue Reading

CPRA Series: Sensitive Personal Information

The California Privacy Rights Act of 2020 (CPRA) becomes operative on January 1, 2023. Among its numerous amendments and additions to the existing California Consumer Privacy Act (CCPA), the CPRA expands the definition of Personal Information. Specifically, it adds the category of Sensitive Personal Information. This new category tracks the EU General Data Protection Regulation’s … Continue Reading

California DOJ Issues Fourth Set of Modifications to the CCPA Regulations

On December 10, 2020, the California Department of Justice (“Department”) announced a fourth set of modifications to the California Consumer Privacy Act’s (CCPA) regulations.  The deadline to submit comments to the modifications is Monday, December 28, 2020. As a quick recap of past developments related to the CCPA regulations, the Department first published proposed regulations … Continue Reading

As Voice Recognition Technology Market Surges, Organizations Face Privacy and Cybersecurity Concerns

A new report released by Global Market Insights, Inc. last month estimates that the global market valuation for voice recognition technology will reach approximately $7 billion by 2026, in main part due to the surge of AI and machine learning across a wide array of devices including smartphones, healthcare apps, banking apps and connected cars, … Continue Reading

CPRA Series: New, Expanded and Modified Consumer Rights

On November 3, 2020, Californians approved another significant piece of privacy rights legislation, the California Privacy Rights Act, or the CPRA.  The CPRA amends and expands the already (almost) infamous CCPA (California Consumer Privacy Act), which is the privacy law that went into effect in the Golden State last year. New Rights under CPRA The … Continue Reading

The CCPA’s “B2B” Exemption Is Also Extended by Governor Newsom

By signing AB 1281 into law on September 29th, 2020, California Governor Gavin Newsom amended the California Consumer Privacy Act (“CCPA”) to extend until January 1, 2022, not only the current exemption on employee personal information from most of the CCPA’s protections, but also the so-called “B2B” exemption. Welcomed by many “B2B” (business to business) … Continue Reading

California Governor Newsom Signs into Law Extension to CCPA Employee Personal Information Exemption, Vetoes Another Privacy Bill

On September 29th, California Governor Gavin Newsom signed into law AB 1281, an amendment to the California Consumer Privacy Act (“CCPA”) that would extend the current exemption on employee personal information from most of the CCPA’s protections, until January 1 2022. The exemption on employee personal information was slated to sunset on December 31, 2020.  … Continue Reading

California Assembly Passes CCPA Amendment: Employee Personal Information Exemption Extension

The California Consumer Privacy Act (“CCPA”) has only been in effect since January, but amendments are already on the horizon. Personal information in the employment context was highly contested during the CCPA’s amendment process prior to enactment and has continued to be a point of deliberation even after the CCPA’s effective date. In its current … Continue Reading

The California Privacy Rights Act (“CPRA”) Headed to the November 2020 Ballot

As we recently reported, the privacy-right activist group that sponsored the California Consumer Privacy Act (“CCPA”) – Californians for Consumer Privacy – is pushing for an even more stringent privacy bill, the California Privacy Rights Act (“CPRA”). The CRPA has now qualified for the November 3, 2020 ballot, gathering more than 600,000 valid signatures as required, according … Continue Reading

CCPA 2.0 – More Privacy Legislation in the Golden State?

Most companies continue to grapple with compliance with the California Consumer Privacy Act (“CCPA”), which went into effect in January. Companies have overhauled their privacy programs and policies and designed new systems to comply with the CCPA. Now, the privacy-right activist group that sponsored the CCPA – Californians for Consumer Privacy – is pushing for … Continue Reading
LexBlog