CCPA

Subscribe to CCPA

The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic.

Its provisions are closer to the European Union’s General Data Privacy Regulation (GDPR) than the California Consumer Privacy Act (CCPA) and include:

  • Controller and processor obligations
  • Right of correction
  • Provisions regarding profiling

The International Association of Privacy Professionals (IAPP) has put together a helpful tracker of CCPA amendments.

There are currently five amendments in play, including amending the definition of de-identification and extending the employee and B2B carve outs until January 2022 if the California Privacy Rights Act (CPRA), which is on the CA ballot, doesn’t pass.

CCPA Regulations

Comments to the final California Consumer Privacy Act regulations asked if the  CCPA carve-out regarding the Gramm Leach Bliley Act (GLBA), the data protection law governing US financial institutions, applies to:

  1. Financial institutions under GLBA
  2. Service providers that must comply with GLBA
  3. Sources of information that are subject to GLBA
The California Attorney General’s Answer:

shutterstock_1048545287

The California Privacy Rights Act (CPRA) is going on the November ballot and, if passed, will bring California data protection law closer to the European Union’s General Data Protection Reguation (GDPR), implementing concepts such as:

  • data minimization
  • retention limitation
  • sensitive information limitation
  • data protection risk assessments; and
  • strong buttoning down of downstream service providers

This

On the first day the California Consumer Privacy Act became enforceable, California Attorney General Xavier Becerra issued the following public statement:

“Today we begin enforcement of the California Consumer Privacy Act (CCPA), a first-of-its-kind data privacy law in America. We encourage every Californians to know their rights to internet privacy and every business to know

CCPA Regulations

The California Privacy Rights Act (CPRA) is on its way (if approved by voters in November), but what does this mean for you?

  •  First: Assess your core California Consumer Privacy Act (CCPA) compliance, enforcement starts tomorrow. July 1, 2020.
  • Second: Look beyond the consumer facing CCPA “must haves” and button down other CCPA

shutterstock_1048545287

For companies scrambling to button up their California Consumer Privacy Act (CCPA) compliance by the July 1 enforcement date,  some news out of the state capital of Sacramento:

Per a memorandum issued June 24, 2020 by the California Secretary of State, the California Privacy Rights Act (CPRA), often dubbed “CCPA 2.0”, has collected a sufficient

GDPR CCPA Privacy Vendors

Key takeaways from my recent presentation titled “Service Providers v. Data Processors: What Should Your Agreement Address?”  with Lexology and Exterra.

  • As the “business,” the “buck stops with you” as it relates to liability to the individual regarding processing their data.
  • Between you and your service provider/data processor, you can and should impose liability for

CCPA Regulations

A few highlights from the final CCPA regulations:

Service providers:

Per the California Attorney General’s Final Statement of Reasons, a service provider that processes information in breach of the provisions of the agreement between the “business” and such service provider is subject to direct enforcement by the Attorney General, even if the business is not