Global Privacy Control, a way for consumers to signal privacy preferences to a host of websites without manually reaching out to each one, is gaining traction. It is unclear if it can be used as a legal compliance mechanism. GT Shareholder Darren Abernethy is quoted in this article on Global Privacy Control and privacy laws

The terms “deidentified” and “deidentification” are commonly used in modern privacy statutes and are functionally exempt from most privacy- and security-related requirements. As indicated in the chart below, differences exist between how the term was defined in the California Consumer Privacy Act (CCPA) and how it was defined in later state privacy statutes set to

While the CCPA went into effect on Jan. 1, 2020, it did not become fully enforceable until July 1, 2020. When we passed the one-year anniversary of the CCPA becoming law, it provided an opportunity to assess the impact of the CCPA on privacy programs and to begin to benchmark against emerging industry standards. To

Hosted by the University of Colorado Law School, U.S. Data, Privacy, and Cybersecurity Practice Co-Chair David Zetoony will present on his new book, “The Desk Reference Companion to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).” This reference guide collects over 500 of the most common questions concerning

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the speed with which they respond to the data subject requests that they received in the previous calendar year. Among other things, businesses must report the average or

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must publicly report the number of access and deletion requests

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, if a business offers a do not sell my personal information

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must report the number of deletion requests received. 1

A

The California Privacy Protection Agency (the “Agency” or CPPA), the new California state agency created under the California Privacy Rights Act of 2020 (CPRA) to oversee and enforce the California Consumer Privacy Act (CCPA) and the CPRA, has recently called for preliminary public comments on a proposed rulemaking under the CPRA. See the invitation from