On July 8, 2022, the California Privacy Protection Agency (“CPPA”) released proposed regulations to implement the California Privacy Rights Act (“CPRA”). The new proposals would dramatically change the existing regulations that apply to organizations that do business in California.

Click here to read the full article, published by the Washington Legal Foundation Aug. 19, 2022.

UPDATE: The program, “The Proposed CPRA (California Privacy Rights Act) Regulations: What to look for, deciding whether to comment, and how to prepare,” originally scheduled to take place on Thursday, June 30 has been rescheduled as Chairperson Urban of the CPPA recently indicated that she will provide additional information regarding the timeline for public comment

In most contexts, employees should have a low expectation of privacy in the workplace. Their computers, desks, and other common areas may be subject to strict company control and their conduct subject to workplace policies. But as we will discuss in an upcoming two-part series on The Performance Review (Greenberg Traurig’s California Labor and Employment

  1. EEA Cross-Border Transfers. The U.S. and the EU will work towards, and hopefully reach, a cross-border data transfer solution.
  2. Ransomware. More ransomware attacks and increased regulatory scrutiny of companies that pay ransom demands.
  3. Digital Advertising. Development of alternate marketing strategies, and perhaps more reliance on consumer opt-in, as privacy laws further erode traditional tracking

No.

The CPRA created a new sub-category of personal information that it labels “sensitive personal information.” [1] The sub-category is comprised of twenty specific data fields which include, among other things, the religious beliefs, racial origin, precise geolocation, and sexual orientation of a consumer. Beginning on January 1, 2023, consumers will have the right to

Yes.

Most privacy laws in the United States do not require that a company publicly disclose the length of time that personal information will be kept. While the CCPA did not contain such a requirement, the CPRA will require, beginning on January 1, 2023, that businesses inform consumers at the point at which information is

Not specifically. While the CPRA will require businesses whose processing poses a “significant risk” to consumers’ privacy or security to conduct an annual risk assessment and submit it to the newly-created California Privacy Protection Agency, the CPRA does not require that businesses appoint a “Chief Privacy Officer” or similar individual responsible for compliance with the

No.

The CPRA created a new sub-category of personal information that it labels “sensitive personal information.” [1]  The sub-category is comprised of twenty specific data fields which include, among other things, the religious beliefs, racial origin, precise geolocation, or sexual orientation of a consumer.  Beginning on January 1, 2023, if a business collects sensitive personal

Likely no. While the CCPA provides for statutory damages if certain personal information is exposed in a data breach due to a business’s failure to have reasonable and appropriate security in place, the CPRA goes a step further. The CPRA requires the California government to issue regulations requiring businesses whose processing of consumers’ personal information