California Consumer Privacy Act (CCPA)

2021 proved to be a momentous year for privacy and data security law.  The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening insurance market, and significant corporate anxiety.  Two more U.S. states passed comprehensive data privacy laws in 2021.  The FTC was very active, issuing new guidance for artificial intelligence (AI), publishing revisions to the GLBA Safeguards Rule, and bringing new enforcement actions.  The U.S. Supreme Court issued a number of opinions that had the effect of narrowing the scope of key privacy statutes while biometric litigation in Illinois exploded.  The European Commission promulgated new rules for cross-border transfers, and U.S. state regulatory enforcement activities ramped up.
Continue Reading Predictions for Privacy & Data Security in 2022

With a little over a year of enforcing the California Consumer Privacy Act (CCPA) under its belt, the Office of the California Attorney General (OAG) recently held a press conference to announce updates on its CCPA enforcement efforts and promote new tools relating to California consumers’ right to opt out of the sale of their personal information.
Continue Reading California Enforcement Updates and Privacy Tools Highlight Regulatory Scrutiny of Right to Opt Out

On January 12, 2021, the federal District Court for the Central District of California dismissed a data breach law suit—including a claim filed under the California Consumer Privacy Act (“CCPA”)—against Marriott International, Inc.  The holding, which dismissed the claims for lack of standing, will likely play a role in a number of CCPA cases that

The California Attorney General’s Office recently released a fourth set of proposed regulatory modifications to the California Consumer Privacy Act (the “CCPA”).

As background, the Attorney General’s Office had only just recently given notice of a third set of modifications on October 12, 2020.  The third set of modifications revised the regulations relating to the

On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”).  The CPRA goes into effect on January 1, 2023, and will expand several of the existing protections in the California Consumer Privacy Act (the “CCPA”).

As background, the original CCPA

The Regulations to the California Consumer Privacy Act (CCPA) continue to evolve, in confusing fashion. As background, the AG’s Office had previously issued proposed Regulations to the CCPA in October 2019. The AG’s Office then issued a revised set of proposed amendments to the Regulations in February 2020 and then again in March 2020. While

Last week, California Governor Gavin Newsom signed into law two amendments to the California Consumer Privacy Act (CCPA) that would impact various CCPA exemptions. One amendment, A.B. 1281 would extend two exemptions that were set to expire later this year: the employee exemption and the business (B2B) exemption. Both of these exemptions will now remain

On August 14, 2020, the California Office of Administrative Law (“OAL”) approved in part and withdrew in part the Regulations regarding the California Consumer Privacy Act (“CCPA”).  While most of the changes are non-substantive, the OAL withdrew certain provisions of the Regulations and resubmitted them to the Attorney General’s Office for further review.  Approved sections

With the ongoing covid crisis leaving businesses of all sizes concerned about the short and medium term future, the intimidating task of considering a liquidation or restructuring is inevitably starting to become a reality.  Although privacy in the bankruptcy context is nothing new—especially in the context of personally identifiable information (“PII”) held by a company—it