“Companies doing business in California may face a heightened risk of litigation when the state’s new privacy law takes effect in January, litigation and privacy attorneys say,” reports Bloomberg’s Sara Merken.

“The California Consumer Privacy Act clears the way for state residents to sue companies for data breaches involving certain information, if a company fails

A new study estimates the costs of California Consumer Privacy Act (CCPA) compliance:

“California’s new privacy law could cost companies a total of up to $55 billion in initial compliance costs, according to an economic impact assessment prepared for the state attorney general’s office by an independent research firm.”

“On the low end, the researchers

The California Attorney General has issued long-awaited draft regulations for the California Consumer Privacy Act (CCPA), which is scheduled to take effect in 2020.

High level takeaways:
  • Big emphasis on disclosure and transparency: both format and content of the privacy notices.
  • Separation between the privacy notice for “at or before collection of information” and the

A local  Munich court has interpreted the right of access under Article 15 of GDPR and German law. Here are some key takeaways for GDPR and for consumer access requests under CCPA:

  • The right of access under GDPR is a comprehensive right concerning the stored or processed personal data.
  • It includes all data, such as

CCPA applies to Small-to-Medium-Sized Enterprises, and they face unique challenges.

SMEs surveyed by the IAPP – International Association of Privacy Professionals stated that even if they “do not meet the CCPA’s definition of a ‘business,” their clients and customers will require them to sign contracts attesting to CCPA compliance.

Many have already faced such demands.

“Companies need to be vigilant as they set up their consumer response processes. This ‘verified consumer’ part is no small thing. It requires a robust commitment to accurately sourcing your verification data, skill in identifying dubious requests, and some healthy skepticism wouldn’t hurt. The emphasis now is to bend over backward to help consumers to

CISO members of the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) published a white paper to help cybersecurity leaders in retail and hospitality prepare for compliance with the California Consumer Privacy Act (CCPA).

Key recommendations from the white paper:

  • Consider contract language that prevents third-parties from selling personal information sold to them unless

The International Organization for Standardization (ISO) published a standard for company’s to implement personal information management systems (PIMS). The ISO’s guidance aims to assist businesses with compliance goals and further the emphasis on personal data protection.

In the wake of the detailed privacy framework requirements of the recent FTC Facebook settlement and the California Consumer

Some basics about how the California Consumer Privacy Act applies to selling children’s personal information:

  • Businesses subject to CCPA cannot sell the personal information of consumers who are 16 years old or younger without prior authorization.
  • If the minor is less than 13 years old, the businesses must obtain authorization from a parent or guardian.