Californians took to the polls last week and decisively voted to approve Proposition 24, the California Privacy Rights Act, an amendment to the recently-enacted California Consumer Privacy Act (“CCPA”). The amendments to CCPA law are expected to strengthen protections to what is already the foremost data privacy law in the Country.
[Read More]CCPA regulations
CCPA Amendment Passes, Creating New HIPAA-related Exceptions
On September 25, 2020, California Governor Gavin Newsom signed AB 713 (the “Amendment”) into law, amending the California Consumer Privacy Act (“CCPA”) to implement exceptions related to consumer health data. Specifically, the CCPA amendment addresses inconsistencies between data protection afforded under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the CCPA, respectively. The Amendment took effect on September 30, 2020.
What does the CCPA Amendment cover?
[Read More]Clarifying the $25 Million Threshold in the Final CCPA Regulations
On August 14, 2020, the Office of Administrative Law (“OAL”) approved the California Department of Justice’s final California Consumer Privacy Act (“CCPA”) regulations and filed them with the California Secretary of State. Prior to approval, some businesses were uncertain as to whether the $25 million revenue threshold was related to revenue generated only from California State sales, California residents, or total global revenues. The California Attorney General’s Office has since clarified that limiting the threshold to revenue generated only in California or from California State residents would be inconsistent with the intended broad reach of the CCPA regulations.
What businesses are regulated by CCPA Regulations?
[Read More]CCPA 2.0 on California’s November Ballot
Although it feels just like yesterday that the California Consumer Privacy Act (“CCPA”) went into effect (it was January 1, 2020), California may be at it again. After securing 931,000 signatures from California State residents, the privacy-right activist group, Californians for Consumer Privacy, has qualified yet another privacy bill for the November 3, 2020 ballot. The California Privacy Rights Act (“CPRA”), which some are calling CCPA 2.0, would expand the privacy rights of Californians with enforcement set to begin on January 1, 2023.
What is CCPA 2.0?
[Read More]CCPA Enforcement has Begun
Although the California Consumer Privacy Act (“CCPA”) went into effect on January 1, 2020, the California Attorney General (“AG”) was prohibited from bringing enforcement actions until July 1, 2020. Due to the COVID-19 pandemic, some observers were unsure whether the AG would be able to meet the July 1st deadline. However, the AG is moving full speed ahead and has even denied businesses’ requests to delay the CCPA enforcement date due to COVID-19. Now, the AG has commenced enforcement action as planned, and businesses have already started to receive CCPA violation notices.
What should you do if you receive a CCPA violation notice?
[Read More]Final CCPA Regulations Released
On June 1, 2020, the California Attorney General’s Office submitted the final text of California Consumer Privacy Act (“CCPA”) regulations to the Office of Administrative Law (“OAL”) for review. Typically, OAL has thirty (30) working days to determine whether regulations under its review satisfy the procedural requirements of the Administrative Procedure Act. The California State Attorney General has requested that OAL expedite its review and make the CCPA regulations effective on the same day that they are filed with the Secretary of State. It is uncertain at this time whether OAL will comply with the California State Attorney General’s request and enact the final CCPA regulations by the July 1, 2020 enforcement date.
When will the final CCPA Regulations take effect?
[Read More]Preparing CCPA Privacy Policies Before the July 1 Enforcement Date
Despite the myriad issues that businesses now face with the Covid-19 pandemic, the California State Attorney General remains committed to the California Consumer Privacy Act (“CCPA”) enforcement date of July 1, 2020. As such, businesses that have not already done so should add CCPA compliance to their immediate to-do lists. One area of compliance that requires attention is online privacy policies that include CCPA-mandated provisions (“CCPA Privacy Policies”). Since the proposed CCPA regulations were first released to the public on October 11, 2019, the California State Attorney General’s Office has released two (2) modifications thereto. Those modifications have, in turn, necessitated changes to companies’ CCPA Privacy Policies. Businesses must, among other things, update their online privacy policies to ensure that they include CCPA-required disclosures and the associated menu of consumer options.
What is required of CCPA Privacy Policies?
[Read More]CCPA Record Keeping Requirements
Despite the ongoing Covid-19 pandemic, the California Consumer Privacy Act (“CCPA”) enforcement date remains set at July 1, 2020. Readers of this blog know that we have been providing frequent updates on all things CCPA. In this post, we take a deep dive into the record keeping requirements contained in the CCPA.
What are the CCPA record keeping requirements?