Probably not.

Some companies have objected to the CCPA’s definition of “business,” which purports to treat some affiliated companies that utilize common branding as a single business for the purpose of the Act. Specifically, they have pointed out that there are situations in which corporate affiliates that share common branding might be of disparate size

Greenberg Traurig invites you to join us for an informative discussion on the recently enacted Proposition 24, the California Privacy Rights Act (CPRA), and how it builds on the compliance issues created by the California Consumer Privacy Act (CCPA).

Thursday, Jan. 14, 2021
10:00 – 10:30 a.m. MST / 12:00 – 12:30 p.m. EST



“Tokenization” refers to the process by which you replace one value (e.g., a credit card number) with another value that would have “reduced usefulness” for an unauthorized party (e.g., a random value used to replace the credit card number).[1] In some instances, tokens are created through the use of algorithms, such as hashing


In order to help businesses, understand and benchmark industry practice, Greenberg Traurig LLP analyzed the privacy policies of companies within the Fortune 500. As of December 2020, there was significant divergence between the rates at which companies in different industry sectors had updated their privacy policies to account for the CCPA. While all of

Amid the pandemic and the barrage of pandemic-related news, it has been easy to overlook the reports of a massive security incident that could potentially affect thousands of companies’ data. Beginning the week of December 7th, several prominent data breaches were reported by companies and government agencies, including the Department of Homeland Security.

Continue reading

In order to help businesses understand and benchmark industry practice, Greenberg Traurig, LLP analyzed the privacy policies of companies within the Fortune 500. As of December 2020 – 12 months after the CCPA had gone into effect and six months after the CCPA became enforceable – 71.8% of the companies within the Fortune 500 had

The CCPA requires that a business include 15 specific disclosures in its privacy policy. These include, for example, disclosures relating to the enumerated categories of personal information that the business collects, the categories of personal information that are shared with service providers or other third parties, and consumers’ ability to request access to and deletion

The regulations implementing the CCPA require that “[e]very business . . . shall provide a privacy policy in accordance with the CCPA and the [regulations].”1 The regulations clarify that a business meets its obligation to “provide” a privacy policy by posting the policy online or, if it does not operate a website, “mak[ing] the

The UK is nearing the end of its Brexit transition period (the Transition Period), which expires Dec. 31, 2020. Although the UK has not been a party to the European Economic Area (EEA) agreement since the passage of Brexit, it has been treated as an EEA member during the Transition Period. Because of this status,


A privacy policy typically discloses the following information to the public:

  • The categories of information collected from a data subject directly and from third parties about a data subject,
  • The purpose for which information is collected and used,
  • The ability (if applicable) of a data subject to opt out of their information being sold,