In a potentially significant development for companies subject to the California Consumer Privacy Act, as amended (CCPA), on Feb. 9, California’s Third District Court of Appeal overturned a Superior Court decision issued in June 2023 that had stayed the enforcement of new CCPA regulations finalized by the California Privacy Protection Agency (CPPA), first-in-the-nation privacy regulator
CPRA regulations
Updated CCPA Regulations Approved
Three months prior to the enforcement date of the California Consumer Privacy Act (CCPA), as amended, the California Office of Administrative Law approved the updated CCPA Regulations (final rulemaking documents will be posted here after processing). These updates take into account the CCPA’s expanded scope following its amendment by the California Privacy Rights…
California Proposed Privacy Regulations Would Impose Significant Compliance Costs on Business
On July 8, 2022, the California Privacy Protection Agency (“CPPA”) released proposed regulations to implement the California Privacy Rights Act (“CPRA”). The new proposals would dramatically change the existing regulations that apply to organizations that do business in California.
Click here to read the full article, published by the Washington Legal Foundation Aug. 19, 2022.
July 7 Webinar | The Proposed CPRA Regulations: What to look for, deciding whether to comment, and how to prepare
UPDATE: The program, “The Proposed CPRA (California Privacy Rights Act) Regulations: What to look for, deciding whether to comment, and how to prepare,” originally scheduled to take place on Thursday, June 30 has been rescheduled as Chairperson Urban of the CPPA recently indicated that she will provide additional information regarding the timeline for public comment…
Is it Secret, Is it Safe? What Employers Need to Know About the California Privacy Rights Act
In most contexts, employees should have a low expectation of privacy in the workplace. Their computers, desks, and other common areas may be subject to strict company control and their conduct subject to workplace policies. But as we will discuss in an upcoming two-part series on The Performance Review (Greenberg Traurig’s California Labor and Employment…
Data Privacy Day: 2021 Trends to Watch
- EEA Cross-Border Transfers. The U.S. and the EU will work towards, and hopefully reach, a cross-border data transfer solution.
- Ransomware. More ransomware attacks and increased regulatory scrutiny of companies that pay ransom demands.
- Digital Advertising. Development of alternate marketing strategies, and perhaps more reliance on consumer opt-in, as privacy laws further erode traditional tracking
…
Is the CPRA’s right to object to the continued use of sensitive personal information an absolute right?
No.
The CPRA created a new sub-category of personal information that it labels “sensitive personal information.” [1] The sub-category is comprised of twenty specific data fields which include, among other things, the religious beliefs, racial origin, precise geolocation, and sexual orientation of a consumer. Beginning on January 1, 2023, consumers will have the right to…
Does the CPRA require companies to publish the data retention period that applies to the personal information it collects from consumers?
Yes.
Most privacy laws in the United States do not require that a company publicly disclose the length of time that personal information will be kept. While the CCPA did not contain such a requirement, the CPRA will require, beginning on January 1, 2023, that businesses inform consumers at the point at which information is…
Will companies be required to designate an employee responsible for privacy compliance?
Not specifically. While the CPRA will require businesses whose processing poses a “significant risk” to consumers’ privacy or security to conduct an annual risk assessment and submit it to the newly-created California Privacy Protection Agency, the CPRA does not require that businesses appoint a “Chief Privacy Officer” or similar individual responsible for compliance with the…
Now that the CPRA has passed, are all companies required to post a ‘Limit the Use of My Sensitive Personal Information’ link on their homepage?
No.
The CPRA created a new sub-category of personal information that it labels “sensitive personal information.” [1] The sub-category is comprised of twenty specific data fields which include, among other things, the religious beliefs, racial origin, precise geolocation, or sexual orientation of a consumer. Beginning on January 1, 2023, if a business collects sensitive personal…