1. EEA Cross-Border Transfers. The U.S. and the EU will work towards, and hopefully reach, a cross-border data transfer solution.
  2. Ransomware. More ransomware attacks and increased regulatory scrutiny of companies that pay ransom demands.
  3. Digital Advertising. Development of alternate marketing strategies, and perhaps more reliance on consumer opt-in, as privacy laws further erode traditional tracking

No.

The CPRA created a new sub-category of personal information that it labels “sensitive personal information.” [1] The sub-category is comprised of twenty specific data fields which include, among other things, the religious beliefs, racial origin, precise geolocation, and sexual orientation of a consumer. Beginning on January 1, 2023, consumers will have the right to

Yes.

Most privacy laws in the United States do not require that a company publicly disclose the length of time that personal information will be kept. While the CCPA did not contain such a requirement, the CPRA will require, beginning on January 1, 2023, that businesses inform consumers at the point at which information is

Not specifically. While the CPRA will require businesses whose processing poses a “significant risk” to consumers’ privacy or security to conduct an annual risk assessment and submit it to the newly-created California Privacy Protection Agency, the CPRA does not require that businesses appoint a “Chief Privacy Officer” or similar individual responsible for compliance with the

No.

The CPRA created a new sub-category of personal information that it labels “sensitive personal information.” [1]  The sub-category is comprised of twenty specific data fields which include, among other things, the religious beliefs, racial origin, precise geolocation, or sexual orientation of a consumer.  Beginning on January 1, 2023, if a business collects sensitive personal

Likely no. While the CCPA provides for statutory damages if certain personal information is exposed in a data breach due to a business’s failure to have reasonable and appropriate security in place, the CPRA goes a step further. The CPRA requires the California government to issue regulations requiring businesses whose processing of consumers’ personal information

The California Privacy Rights Act of 2020 (the “CPRA” or “Proposition 24”) labels 20 data fields as constituting “sensitive personal information.” [1]  If Proposition 24 is enacted businesses would be permitted to use sensitive personal information for one of the following purposes:[2]

  1. Performing services reasonably expected by the consumer.[3]
  2. Providing goods reasonably expected