California AG Releases Draft CCPA Regulations and Governor Signs CCPA Amendments Into Law

Just under three months before the January 1, 2020 deadline to comply with the California Consumer Privacy Act (“CCPA”), the California Attorney General (“AG”) released a notice of proposed rulemaking and draft regulations pursuant to the CCPA on October 10, 2019. Two days later, on October 11, 2019, California Governor […]

Big Game Phishing

On October 2, 2019, the FBI issued a Public Service Announcement to alert US businesses and organizations to plan and prepare for what are being described as high-impact ransomware events. Certain bad actors seem to be no longer simply interested in a quick and easy financial gain from indiscriminately infecting […]

CCPA FAQs Part 3: Litigation, Regulatory Actions and Liability

This post does not yet reflect amendments to the California Consumer Privacy Act (CCPA) enacted on October 13, 2019. Check back for updates or follow this blog. As we approach the January 1, 2020 effective date of the California Consumer Privacy Act (“CCPA” or “Act”) it is a good time […]

California Privacy Rights and Enforcement Act – CCPA 2.0?

On Sept. 25, 2019, Californians for Consumer Privacy, a nonprofit group led by the real estate magnate who spurred passage of the California Consumer Privacy Act (CCPA) of 2018, filed a new ballot measure called the California Privacy Rights and Enforcement Act (CPRE or now painfully dubbed by many as […]

NIST Issues Preliminary Draft of Privacy Framework

Earlier this month, the National Institute of Standards and Technology (NIST) issued a Preliminary Draft of the Privacy Framework, which aligns with the NIST Cybersecurity Framework and is intended to help organizations better access and manage privacy risks during product and system design and development. Like the Cybersecurity Framework, the Privacy Framework is a voluntary […]

Closing Bell: California Legislature Passes Numerous CCPA Amendments and Other Privacy Bills on Final Day of 2019 Session

The last day of California’s 2019 legislative session on Sept. 13, 2019 saw a flurry of legislative activity as numerous CCPA amendments passed in the Assembly, after being amended in the Senate, and were sent to the governor for his consideration. The more substantial amendments sought by industry groups—including those […]

UPDATE: Brazil’s Data Protection Law Moves Forward

The final version of Brazil’s data protection law, Lei Geral de Proteção de Dados (LGPD), was approved by the Brazilian Federal Senate in May 2019 and sanctioned by President Jair Bolsonaro in July. The LGPD is now scheduled to become effective in August 2020. When the LGPD was first approved […]

New York State Toughens Data Security Laws

On July 25, 2019, New York enacted a pair of data security laws. First, the Stop Hack and Improve Electronic Data Security Act (SHIELD Act) updates New York’s data security requirements. Second, the Identity Theft Prevention and Mitigating Services Act imposes obligations on credit reporting agencies that experience a breach […]

Fashion ID Case: CJEU Rules on Plug-ins and Joint Controllership

On 29 July 2019, the Court of Justice of the European Union handed down its decision in the Fashion ID case, dealing with alleged unlawful data collection through the Facebook Like button and the controllership of said data. In short, the CJEU held that websites containing embedded third-party content can […]

Effort to Exempt “HR Data” from CCPA Falters

Labor groups concerned about employee privacy have succeeded in slowing the effort to pass legislation exempting employer-held information from the California Consumer Privacy Act (“CCPA”).  Thanks to their intervention, the proposed legislation – AB 25 – has been revised to provide that the CCPA will apply to personal information of […]