Comments to the final California Consumer Privacy Act regulations asked if the  CCPA carve-out regarding the Gramm Leach Bliley Act (GLBA), the data protection law governing US financial institutions, applies to:

  1. Financial institutions under GLBA
  2. Service providers that must comply with GLBA
  3. Sources of information that are subject to GLBA
The California Attorney General’s Answer:

The California Privacy Rights Act (CPRA) is going on the November ballot and, if passed, will bring California data protection law closer to the European Union’s General Data Protection Reguation (GDPR), implementing concepts such as:

  • data minimization
  • retention limitation
  • sensitive information limitation
  • data protection risk assessments; and
  • strong buttoning down of downstream service providers

This

On the first day the California Consumer Privacy Act became enforceable, California Attorney General Xavier Becerra issued the following public statement:

“Today we begin enforcement of the California Consumer Privacy Act (CCPA), a first-of-its-kind data privacy law in America. We encourage every Californians to know their rights to internet privacy and every business to know

The California Privacy Rights Act (CPRA) is on its way (if approved by voters in November), but what does this mean for you?

  •  First: Assess your core California Consumer Privacy Act (CCPA) compliance, enforcement starts tomorrow. July 1, 2020.
  • Second: Look beyond the consumer facing CCPA “must haves” and button down other CCPA

For companies scrambling to button up their California Consumer Privacy Act (CCPA) compliance by the July 1 enforcement date,  some news out of the state capital of Sacramento:

Per a memorandum issued June 24, 2020 by the California Secretary of State, the California Privacy Rights Act (CPRA), often dubbed “CCPA 2.0”, has collected a sufficient

Key takeaways from my recent presentation titled “Service Providers v. Data Processors: What Should Your Agreement Address?”  with Lexology and Exterra.

  • As the “business,” the “buck stops with you” as it relates to liability to the individual regarding processing their data.
  • Between you and your service provider/data processor, you can and should impose liability for

A few highlights from the final CCPA regulations:

Service providers:

Per the California Attorney General’s Final Statement of Reasons, a service provider that processes information in breach of the provisions of the agreement between the “business” and such service provider is subject to direct enforcement by the Attorney General, even if the business is not

California Attorney General Xavier Becerra submitted final proposed regulations under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL).

Under Executive Order N-40-20 related to the COVID-19 pandemic, OAL has 30 working days and an additional 60 calendar days to determine whether the regulations satisfy the procedural requirements of the

The IAPP — International Association of Privacy Professionals — offers its take on the top 10 impactful provisions of the California Privacy Rights Act ballot initiative.

  • Sensitive information obligations
  • New enforcement authority
  • Expanded data breach definition
  • Audits and risk assessment for high risk processing
  • Restrictions on automated processing and profiling
  • Right to rectification
  • Opt-in and