On Aug. 30, 2020, the California legislature passed Assembly Bill 1281 (AB-1281), which would extend the exemptions for “employee” information and business-to-business (B2B) transactions from its original expiration date of Jan. 1, 2021, to Jan. 1, 2022, if approved by the governor.

Read the full GT Alert, “Extension to CCPA’s Employment and

The U.S. Department of Homeland Security (DHS)’s Cybersecurity and Infrastructure Security Agency (CISA) has released updated chapters to its Cyber Essentials Toolkits (revised August 17, 2020). CISA, the U.S. risk advisor, is tasked with key responsibilities in relation to defending cyber threats against “.gov” networks while collaborating with federal government partners to build more secure

On August 14, 2020, the California Attorney General (AG) announced that the Office of Administrative Law (OAL) approved the California Consumer Privacy Act (CCPA) regulations, which will take effect immediately. The OAL’s approval concludes the expedited review process requested by the AG on June 1. For more information on the review process, see GT’s June

It has been a busy time for the California Consumer Privacy Act (CCPA)—enforcement begins July 1st, final implementing regulations have been submitted for approval, and qualifying signatures for a wide-ranging “CCPA v2.0” ballot initiative are in the process of being counted.

Yet the effect of the CCPA on digital advertising, mobile applications and websites remains

On June 24, the California Secretary of State announced that the California Privacy Rights Act (CPRA) has qualified as a statewide ballot initiative to be listed on this November’s General Election ballot.

The announcement follows official confirmation that the nonprofit group behind the ballot initiative, Californians for Consumer Privacy, obtained in excess of the 623,212

Following much anticipation, the Office of the California Attorney General (OAG) moved one step closer to the California Consumer Privacy Act (CCPA)’s wide-ranging implementing regulations becoming enforceable by law by filing the final CCPA Regulations with the California Office of Administrative Law (OAL) on June 1.

The CCPA grants the OAG the authority to begin

Today, the California Office of the Attorney General (OAG) released a second set of modifications to its proposed California Consumer Privacy Act (CCPA) Regulations.

The proposed regulations were first published and noticed for public comment on October 11, 2019. On February 10, 2020, the OAG released modifications to the proposed regulations based on the earlier

Despite being in effect since Jan. 1, 2020, the California Consumer Privacy Act (CCPA) continues to generate confusion for employers of California residents. Much attention has been given to the CCPA’s effect on a business’ obligations in collecting, using, and sharing California customers’ data. However, given the CCPA’s broad “consumer” definition includes “employees,” it also imposes duties on any in-scope business that manages California employees’ data. Notably, under the CCPA, “employees” include job applicants. The CCPA thus applies to both California customers and employees/job applicants of any “business,” which is defined as a for-profit organization doing business in California that controls how personal information is processed and: (i) has gross annual revenue exceeding $25 million; (ii) buys, receives, sells, or shares personal information of 50,000 or more California consumers, households, or devices; or (iii) derives 50% or more of its annual revenue from selling personal information of California residents. Civ. Code § 1798.140(c)(1). Importantly, for the CCPA to apply, businesses do not have to be physically in California. Thus, for example, a business that does not have any facilities in California, but employs remote workers in California, could be subject to the CCPA if it meets the CCPA’s “business” definition.
Continue Reading Employers: Stop, Drop, and Ensure CCPA Compliance as to Employees Residing in California