Category: Policy & Legislation

FTC’s Proposed Amendments to the GLBA Safeguards Rule Seek to Incorporate Requirements from NY DFS Cybersecurity Regulations

On March 5, the FTC announced proposed amendments to the Standards for Safeguarding Customer Information under the Gramm-Leach-Bliley Act (“Safeguards Rule” or “Rule”).  The FTC version of the Safeguards Rule applies to financial institutions that are not governed by federal banking regulators (e.g., FDIC, Federal Reserve, OCC, and NCUA) or […]

California Privacy Legislation Update

With the promulgation of the California Consumer Privacy Act of 2018 (“CCPA”), California has continued its role in pushing bleeding edge privacy and data security legislation.  From the first data breach notification law back in 2003, to the first IoT data security law in 2018, it seems that California will […]

Brexit and its Possible Impact on Data Transfers

In its strictest construction, what ‘Brexit’ means is clear, what it entails and what comes next is absolutely not. Therefore, this article will not focus on matters relating to any such future relationship, but rather only on the terms on which the UK may leave the EU and how that […]

Cooley’s Michael Rhodes Joins 41 California Privacy Experts Urging Major Changes to the California Consumer Privacy Act

Michael Rhodes, chair of Cooley’s cyber/data/privacy practice, joins 41 California privacy lawyers, professionals and professors urging major changes to the California Consumer Privacy Act (CCPA). Led by Santa Clara University School of Law professor, Eric Goldman, the group is urging the legislature to address six significant issues posed by the […]

The Department of Health and Human Services Issues Guidelines on Cybersecurity

On December 28, 2018, the U.S. Department of Health and Human Services (“HHS”) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication (the “Cybersecurity Guidelines”), which provides voluntary cybersecurity practices designed to reduce security risks and improve security for various healthcare organizations. Specifically, the Cybersecurity Guidelines […]

Notes from first CCPA Public Forum in San Francisco

On Tuesday in San Francisco, the California Department of Justice (“DOJ”) held its first of six public forums on the California Consumer Privacy Act of 2018 (“CCPA”) before a packed room of industry representatives and public citizens. The forums are intended to fulfill the Attorney General’s mandate under CCPA to […]

California Attorney General Announces CCPA Workshops

The California State Attorney General’s office announced that it will be holding six rulemaking workshops for the California Consumer Privacy Act of 2018 (“CCPA”). The workshop dates and locations are: January 8 – San Francisco January 14 – San Marcos January 24 – Riverside January 25 – Los Angeles February […]

California Regulates Online Bots

Citing the proliferation of online bots used to deceive consumers and influence voters, the California legislature recently passed the nation’s first law directly regulating online bots.  Enacted on September 28, 2018, SB 1001  prohibits use of online bots in a deceptive or misleading manner for certain commercial or political purposes.  […]

California Consumer Privacy Act of 2018 – Full Text

For your ease of reference, we reproduce here a formatted, hyperlinked copy of the California Consumer Privacy Act of 2018 (CCPA), current as of October 15, 2018. We’ve included in parentheses the general topic for each section, though this is our own interpretation and not set out in the CCPA […]

What the American Bar Association’s Formal Opinion 483 Means for Lawyers

Last week, the American Bar Association’s (“ABA”) Standing Committee on Ethics and Professional Responsibility (the “Committee”) issued Formal Opinion 483 (the “Opinion”) that sets forth the ABA’s opinion concerning the need for lawyers to notify clients of data breaches affecting client confidential data. The opinion outlines certain “reasonable” steps the ABA […]