All modern privacy statutes regulate when personal information can be shared with third parties, whether those third parties are service providers, vendors, contractors, or business partners. Most modern privacy statutes recognize, however, that privacy risks are reduced when the third party is related to the organization from which the data originates. As the following chart

Greenberg Traurig is a sponsor of the Privacy + Security Forum 2023 Spring Academy May 10-12 in Washington, DC. The conference will break down the silos of privacy and security and bring together seasoned thought leaders, who will host virtual sessions and workshops designed to deliver practical takeaways for all conference participants.

Wednesday, May 10

Three months prior to the enforcement date of the California Consumer Privacy Act (CCPA), as amended, the California Office of Administrative Law approved the updated CCPA Regulations (final rulemaking documents will be posted here after processing). These updates take into account the CCPA’s expanded scope following its amendment by the California Privacy Rights

Modern data privacy statutes require that organizations inform individuals about the organization’s privacy practices by creating a privacy notice (sometimes referred to as a privacy policy or a notice at collection). Some data privacy statutes provide specific directions regarding how the privacy notice must be distributed. For example, the California Consumer Privacy Act and the

The CCPA and its implementing regulations identify six types of information requests that a consumer can submit to a business. As the first five requests ask that a business respond with broad information about the type of information collected (as opposed to the actual information itself), they are often referred to as category-level access requests.

In order to help businesses understand and benchmark industry practice, Greenberg Traurig attorneys analyzed the publicly available privacy policies of companies within the Fortune 500.[1] As of October 2022 – nearly two years after the CCPA took effect – 71% of companies had updated their privacy policies to account for the CCPA.[2] It

Jan. 1 is approaching, and with it comes new requirements under the California Consumer Privacy Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA). What should you and your company be focusing on to ensure you are prepared for the looming compliance deadline? This Data Privacy Dish post offers end-of-year considerations for closing out

The California Consumer Privacy Act and the California Privacy Rights Act specifically state that they do not restrict a business’s ability to collect, use, retain, sell, share, or disclose “aggregated consumer information.”[1] Aggregate consumer information is defined as “information that relates to a group or category of consumers, from which individual consumer identities have

After Europe blazed the trail by passing the sweeping General Data Protection Regulation (“GDPR”) in 2016, California followed closely in the footsteps of European efforts by passing the most comprehensive data privacy law in the United States, the California Consumer Privacy Act (the “CCPA”). Effective January 1, 2020, the CCPA provided a number of obligations

GT Shareholders Gretchen A. Ramos and Darren Abernethy will lead a webinar hosted by the Association of Corporate Counsel titled “Website and Mobile App Compliance Under the CPRA and New State Privacy Laws Effective in 2023” Oct. 6 at 11 a.m. PDT.

Starting Jan. 1, 2023, the California Privacy Rights Act and the CPRA