California Consumer Privacy Act

On Jan. 27, 2023, the California Attorney General announced his office is investigating and sending letters to businesses in the retail, travel, and food industries with popular mobile apps that allegedly are not in compliance with the California Consumer Privacy Act (CCPA) by failing to offer a consumer opt-out mechanism for sales, or honor rights

In order to help businesses understand and benchmark industry practice, Greenberg Traurig attorneys analyzed the publicly available privacy policies of companies within the Fortune 500.[1] As of October 2022 – nearly two years after the CCPA took effect – 71% of companies had updated their privacy policies to account for the CCPA.[2] It

The California attorney general (AG) celebrated data privacy day by doing an “investigative sweep” of the loyalty programs of retailers, supermarkets, home improvement stores, travel companies, and food service companies, and sending out notices of non-compliance to businesses that the AG’s office believes might not be fully compliant with the CCPA. As the

While the CCPA went into effect on Jan. 1, 2020, it did not become fully enforceable until July 1, 2020. When we passed the one-year anniversary of the CCPA becoming law, it provided an opportunity to assess the impact of the CCPA on privacy programs and to begin to benchmark against emerging industry standards. To

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must report the number of deletion requests received. 1

A

  1. EEA Cross-Border Transfers. The U.S. and the EU will work towards, and hopefully reach, a cross-border data transfer solution.
  2. Ransomware. More ransomware attacks and increased regulatory scrutiny of companies that pay ransom demands.
  3. Digital Advertising. Development of alternate marketing strategies, and perhaps more reliance on consumer opt-in, as privacy laws further erode traditional tracking

One week into the final month of what has been a memorable 2020, maintaining an organization’s privacy hygiene is more pressing than ever – and includes new requirements.

From privacy policy updates mandated by the California Consumer Privacy Act (CCPA), to all businesses needing to stay current and non-deceptive in their public disclosures in relation

The CCPA did not explicitly label any data type as being more, or less, “sensitive” than another, although it did confer special data security-related rights on a subset of data types.

The CPRA created a new sub-category of personal information that it labels “sensitive personal information.” [1] The sub-category is comprised of twenty specific data

On June 24, the California Secretary of State announced that the California Privacy Rights Act (CPRA) has qualified as a statewide ballot initiative to be listed on this November’s General Election ballot.

The announcement follows official confirmation that the nonprofit group behind the ballot initiative, Californians for Consumer Privacy, obtained in excess of the 623,212

Following much anticipation, the Office of the California Attorney General (OAG) moved one step closer to the California Consumer Privacy Act (CCPA)’s wide-ranging implementing regulations becoming enforceable by law by filing the final CCPA Regulations with the California Office of Administrative Law (OAL) on June 1.

The CCPA grants the OAG the authority to begin