“Companies need to be vigilant as they set up their consumer response processes. This ‘verified consumer’ part is no small thing. It requires a robust commitment to accurately sourcing your verification data, skill in identifying dubious requests, and some healthy skepticism wouldn’t hurt. The emphasis now is to bend over backward to help consumers to

CISO members of the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) published a white paper to help cybersecurity leaders in retail and hospitality prepare for compliance with the California Consumer Privacy Act (CCPA).

Key recommendations from the white paper:

  • Consider contract language that prevents third-parties from selling personal information sold to them unless

The International Organization for Standardization (ISO) published a standard for company’s to implement personal information management systems (PIMS). The ISO’s guidance aims to assist businesses with compliance goals and further the emphasis on personal data protection.

In the wake of the detailed privacy framework requirements of the recent FTC Facebook settlement and the California Consumer

Some basics about how the California Consumer Privacy Act applies to selling children’s personal information:

  • Businesses subject to CCPA cannot sell the personal information of consumers who are 16 years old or younger without prior authorization.
  • If the minor is less than 13 years old, the businesses must obtain authorization from a parent or guardian.

First we take Sacramento, then we take Albany…

The New York Privacy Act, a privacy bill proposed by State Sen. Kevin Thomas, D-N.Y., bears similarities to the California Consumer Privacy Act.

Like the CCPA, it would allow people to find out what data companies are collecting on them, see who they’re sharing that data with,

“For those who will for the first time be facing consumer data access requests under the CCPA, my advice is to get started now building automated systems when possible and human teams that can help you gather data and respond to requests in a timely manner because it takes longer and is more difficult than

The California Consumer Privacy Act “has galvanized the U.S. Congress to start thinking really hard about federal privacy legislation. We’ve encouraged them to do that,” said Federal Trade Commission Chairman Joe Simons.

Other key takeaways from Simons’ conversation with International Association of Privacy Professionals Chief Knowledge Officer Omer Tene:

  • Though not specifically commenting on any

“There are very good reasons to care about privacy laws, including those of other states and countries” – says Gary D. Weingarden Esq., CDPO, CIPM, GDPR-R, “but fear of cross-border fines isn’t at the top of the list.”

Per Weingarden:

  • If you’ve certified compliance with Privacy Shield, you should comply.
  • Individuals and classes of plaintiffs

“Numerous stakeholders have urged further refinement of [CCPA]—from addressing workability issues from a business compliance standpoint, to strengthening the law from a consumer and privacy protection standpoint,” Assembly member Ed Chau, who chairs the committee and also cosponsored CCPA, told Wired in a statement.

Chau says the committee plans to “review and analyze all bills,”

“When it comes to tech in California, the balance is making sure we continue to have an environment that fosters creativity and innovation, while … fighting to have the proper amount of consumer protection and privacy that any of us … would want,” said Ian Calderon, California Assembly majority leader.

“The law may not be