The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), enacted March 27, 2020, rewrote significant portions of 42 U.S.C. § 290dd-2, the federal statute governing the confidentiality of substance use disorder (SUD) records that is more commonly known by its implementing regulations at 42 C.F.R. Part 2 (Part 2). Among other changes, the CARES

Despite being in effect since Jan. 1, 2020, the California Consumer Privacy Act (CCPA) continues to generate confusion for employers of California residents. Much attention has been given to the CCPA’s effect on a business’ obligations in collecting, using, and sharing California customers’ data. However, given the CCPA’s broad “consumer” definition includes “employees,” it also imposes duties on any in-scope business that manages California employees’ data. Notably, under the CCPA, “employees” include job applicants. The CCPA thus applies to both California customers and employees/job applicants of any “business,” which is defined as a for-profit organization doing business in California that controls how personal information is processed and: (i) has gross annual revenue exceeding $25 million; (ii) buys, receives, sells, or shares personal information of 50,000 or more California consumers, households, or devices; or (iii) derives 50% or more of its annual revenue from selling personal information of California residents. Civ. Code § 1798.140(c)(1). Importantly, for the CCPA to apply, businesses do not have to be physically in California. Thus, for example, a business that does not have any facilities in California, but employs remote workers in California, could be subject to the CCPA if it meets the CCPA’s “business” definition.
Continue Reading Employers: Stop, Drop, and Ensure CCPA Compliance as to Employees Residing in California

In August 2018, Brazil took a significant step by passing comprehensive data protection legislation: the General Data Protection Law (Lei Geral de Proteção de Dados Pessoais – Law No. 13,709/2018, as amended) (LGPD). The substantive part of the legislation takes effect August 16, 2020, leaving fewer than six short months for companies to prepare.

On February 7, 2020, the California Attorney General’s Office (OAG) issued proposed changes to the California Consumer Privacy Act Regulations (Modified Regulations), which were originally issued on October 11, 2019. Organizations have until February 24 to submit written comments on the proposed changes to the regulations implementing the CCPA.

Key Changes

Some of the major

YouTube Content Creators Must Act

As of January 6, 2020, YouTube creators must designate their videos (both new as well as all videos previously posted) as either made for kids or adults. The new requirement has left esport, gaming, musician, vlog, and many other creators scrambling to correctly categorize their videos; otherwise, they face a

Although the California Consumer Privacy Act (CCPA) has only been in effect for a matter of weeks – and its proposed regulations are not yet finalized – it could be overhauled by a new privacy law later this year. Last fall, the group that first formulated the CCPA as a ballot initiative in 2018, Californians

Florida joins the increasing number of states considering a consumer privacy bill this legislative session. The Florida privacy companion bills were introduced in both the state’s Senate (SB 1620) and House of Representatives (HB 963). If enacted, the law will become effective in July 2020.

The bill includes three significant new

Florida could be the first state to deny life and long-term care insurers access to genetic test results. Under a new bill titled “Genetic Information for Insurance Purposes” (HB 1189), life insurers and long-term care insurers are prohibited from canceling, limiting, or denying coverage, or establishing differentials in premium rates based on genetic

In a mere two weeks, as the ball drops in Times Square, California Attorney General (AG) Xavier Becerra will welcome not only a new decade, but a new era of enforcement under the California Consumer Privacy Act (CCPA).

In a news briefing Monday, AG Becerra shed light on two topics of high interest for many