The term “personally identified information” is utilized by some industry groups, including the Network Advertising Initiative (“NAI”).  Personally identified information, or “PII,” is defined by such organizations to refer to a significantly narrower set of data than the term “personal information” used within the CCPA.  The following provides a side-by-side comparison of the two terms:

The California Privacy Rights Act of 2020 (the “CPRA” or “Proposition 24”) labels 20 data fields as constituting “sensitive personal information.” [1]  If Proposition 24 is enacted businesses would be permitted to use sensitive personal information for one of the following purposes:[2]

  1. Performing services reasonably expected by the consumer.[3]
  2. Providing goods reasonably expected

Yes and no.

The CCPA references directly, or by incorporating definitions from other code provisions, 55 data types that may fall under the broad definition of “personal information.”  While the CCPA does not label any data type as being more, or less, sensitive than another, the Act does confer special rights on a subset of

Notwithstanding a two-month-long pandemic shutdown, a wave of new legislation has flooded the halls of the California legislature, including four discreet privacy-related bills, each with different objectives and consequences. Upon the closing of the signature period, Gov. Newsom signed only two of the bills into law, vetoing the other two.

Read the full GT Alert,

On Oct. 27 at 12:30 p.m. EST, Greenberg Traurig Of Counsel Darren Abernethy will be a panelist on a complimentary webinar hosted by the American Chamber of Commerce in Luxembourg (AMCHAM) and Luxembourg American Chamber of Commerce in New York (LACC): “After Schrems II, can I still transfer personal data outside of the European

On Friday, Oct. 9 at 9:00 a.m. PST, GT Shareholder Gretchen Ramos (SF) will present “Practical Solutions: Cross Border & Onward Transfers of EEA Data During Uncertain Times” during the PrivacyConnect San Francisco webinar. PrivacyConnect is a free, virtual series that provides an overview of the latest global regulatory updates, requirements, and trends. Through an

On August 27, 2020 the Dutch Data Protection Authority (Dutch DPA) announced that it approved the first ‘code of conduct’ in the Netherlands, the Data Pro Code. The Data Pro Code was drafted by NL Digital, the Dutch industry association for organizations in the ICT sector in the Netherlands.

What is a ‘Code of

On Aug. 30, 2020, the California legislature passed Assembly Bill 1281 (AB-1281), which would extend the exemptions for “employee” information and business-to-business (B2B) transactions from its original expiration date of Jan. 1, 2021, to Jan. 1, 2022, if approved by the governor.

Read the full GT Alert, “Extension to CCPA’s Employment and

The U.S. Department of Homeland Security (DHS)’s Cybersecurity and Infrastructure Security Agency (CISA) has released updated chapters to its Cyber Essentials Toolkits (revised August 17, 2020). CISA, the U.S. risk advisor, is tasked with key responsibilities in relation to defending cyber threats against “.gov” networks while collaborating with federal government partners to build more secure