Modern data privacy statutes create special rules for activities that involve “selling.” Among other things, most modern U.S. data privacy statutes require companies to allow data subjects to opt out of having their personal information sold. As the following chart indicates, the term “sale” is defined slightly different between and among state statutes, with some
California
Service-Provider Compliance With California Consumer Privacy Act—Written Policies and Procedures
What types of documents, policies, procedures, and protocols should service providers consider putting in place to comply with the CCPA?
The written policies and procedures that service providers put into place to assist in their compliance with the CCPA differ depending upon several factors including the size of the service provider, the quantity of personal…
CCPA Litigation Up 44.1%
The California Consumer Privacy Act (CCPA) provides plaintiffs with a private right of action to pursue statutory damages following data security breaches that impact certain sensitive categories of personal information and are caused by a business’s failure to institute reasonable and appropriate security. Although the CCPA does not permit private suits with respect to alleged…
As the California Attorney General focuses on loyalty programs, what do companies need to remember?
The California attorney general (AG) celebrated data privacy day by doing an “investigative sweep” of the loyalty programs of retailers, supermarkets, home improvement stores, travel companies, and food service companies, and sending out notices of non-compliance to businesses that the AG’s office believes might not be fully compliant with the CCPA. As the…
Under California Data-Privacy Laws, Is a ‘Service Provider’ the Same as ‘Processor’?
No. The European GDPR does not use the term “service provider” and, instead, refers to “processors.” Click here to read the full answer, published by the Washington Legal Foundation.
Gretchen Ramos Quoted in Bloomberg Law article, ‘2022 Privacy Legislation Success Viable as Three States Lead Way’
2022 is poised to be a busy year for privacy, as California begins rulemaking for its updated consumer privacy statute and dozens of states are expected to reintroduce legislation. GT Data, Privacy & Cybersecurity Global Co-Chair Gretchen A. Ramos is quoted in this Jan. 3 Bloomberg Law article. Click here to read the full article
Darren Abernethy Quoted in a Bloomberg Law Article on Global Privacy Control
Global Privacy Control, a way for consumers to signal privacy preferences to a host of websites without manually reaching out to each one, is gaining traction. It is unclear if it can be used as a legal compliance mechanism. GT Shareholder Darren Abernethy is quoted in this article on Global Privacy Control and privacy laws…
What is de-identified data?
The terms “deidentified” and “deidentification” are commonly used in modern privacy statutes and are functionally exempt from most privacy- and security-related requirements. As indicated in the chart below, differences exist between how the term was defined in the California Consumer Privacy Act (CCPA) and how it was defined in later state privacy statutes set to…
Nov. 17 Event | Crash Course: The State of Privacy Law in California
Hosted by the University of Colorado Law School, U.S. Data, Privacy, and Cybersecurity Practice Co-Chair David Zetoony will present on his new book, “The Desk Reference Companion to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).” This reference guide collects over 500 of the most common questions concerning…
How long do health care companies take to respond to deletion requests?
The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the speed with which they respond to the data subject requests that they received in the previous calendar year. Among other things, businesses must report the average or…