Tag Archives: CCPA

Maryland and California Propose Biometric Privacy Legislation that Would Include Illinois-Like Private Rights of Action

By Gerard Stegmaier, Sarah Bruno, Mark Quist, Hubert Zanczak and Stuart Cobb on Posted in Privacy & Data Protection
Maryland and California look to join the list of states that not only regulate biometric data but provide consumers with the opportunity to seek hefty statutory damages and attorney’s fees from offending businesses. Similar to Illinois’ oft-litigated Biometric Information Privacy Act (“BIPA”), both bills would also (i) require written consent prior to the collection of … Continue Reading

California amends CCPA and clarifies rulemaking deadline

By Sarah Bruno, Bart Huffman, Christian Blair and Hubert Zanczak on Posted in Data & Cyber Security
On October 5, 2021, California Governor Gavin Newsom signed into law amendments to the California Consumer Privacy Act (CCPA) via Assembly Bill 694. Businesses are eagerly awaiting clarification on many aspects of the CCPA and the California Privacy Rights Act (CPRA) (the CPRA is set to go into effect on January 1, 2023, with a 12-month look-back … Continue Reading

CPRA: The next frontier in (California) privacy

By Sarah Bruno, Divonne Smoyer and Alexis Cocco on Posted in Privacy & Data Protection
Before the dust has even settled on many California Consumer Privacy Act (CCPA) compliance projects, California voters have welcomed the future of privacy by overwhelmingly approving Proposition 24: The California Privacy Rights Act (CPRA).  Building off of the CCPA framework, the CPRA expands the rights of California consumers, adds new responsibilities for both business and … Continue Reading

Legally blown: Reese Witherspoon and her fashion line face breach of contract and privacy class action over ‘free dress’ giveaway

By Jason Gordon, Sarah Bruno, Alexis Cocco and Erika Auger on Posted in Privacy & Data Protection, Regulatory
Hollywood movie star Reese Witherspoon and her clothing line, Draper James, LLC, have found themselves the subjects of a public relations debacle, and now, a class action after running a promotion for teachers gone horribly wrong. In April, Draper James ran an Instagram promotion to recognize and thank teachers for their work during the COVID-19 … Continue Reading

The wait is over: Final CCPA regulations have been submitted

By Sarah Bruno, Casey Perrino and Alexis Cocco on Posted in Privacy & Data Protection
After many months and several rounds of revisions, the Office of the California Attorney General has finally submitted the final proposed regulations package under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). The complete package, which includes the Final Text of Proposed Regulations and the Final Statement of Reasons, … Continue Reading

A legal outlook on the three most common barriers to upgrading archiving technology

By Anthony Diana and Therese Craparo on Posted in Information Governance, Regulatory
Modern businesses have a more global reach than ever before. Technology has fundamentally changed the way employees work, communicate and collaborate. While global connectivity offers businesses opportunities, it also creates substantial challenges when it comes to archiving communications. Earlier this month, we co-hosted a thought leadership event in New York City with Smarsh, a multinational … Continue Reading

CCPA litigation is here: putative class action filed for alleged notice and collection violations

By Sarah Bruno, Alexis Cocco and Casey Perrino on Posted in In the Courts, Privacy & Data Protection
Although the California Consumer Privacy Act (CCPA) specifically precludes private lawsuits except for those resulting from certain data breaches, that has not stopped at least one plaintiff from bringing a putative class action based on an alleged CCPA violation. A proposed class action was filed on February 27, 2020, in the Southern District of California … Continue Reading

The growth of Adtech and how it falls into privacy laws’ crosshairs

By Sarah Bruno and Casey Perrino on Posted in Privacy & Data Protection, Regulatory
The onslaught of privacy regulations has impacted every industry and, while it seems that no industry can be flat footed – from auto manufacturers to ecommerce platforms – one in particular has had to remain especially nimble: the advertising technology (Adtech) industry.  The Adtech industry has struggled with privacy regulations, including the CCPA, but it … Continue Reading

California legislature proposes ‘urgency statute’ to revise CCPA’s health care and research exemptions

By Kimberly Gold and Alexis Cocco on Posted in Privacy & Data Protection, Regulatory
As currently drafted, the California Consumer Privacy Act (“CCPA”) leaves many questions unresolved regarding how the law applies to data collected and used in the health care and life sciences industries, particularly in the research context. Clinical research sponsors and other industry participants have raised concerns about how the CCPA may impede care delivery and … Continue Reading

Wisconsin representative proposes “groundbreaking” data privacy law modeled after GDPR, including statutory penalties up to $20 million or 4 percent of total annual revenue

By Mark Quist, Alexis Cocco and Paul Connell on Posted in Privacy & Data Protection, Regulatory
A trio of consumer data privacy bills modeled after Europe’s General Data Protection Regulation (GDPR) has been introduced in the Wisconsin State Assembly. The three bills, collectively dubbed the Wisconsin Data Privacy Act (WDPA), were sponsored by Republican State Representative Shannon Zimmerman, who is seeking to make Wisconsin “the most consumer-friendly state in our nation … Continue Reading

2020 could be a monumental year for adtech

By Elle Todd, Keri S. Bruce and Sarah Bruno on Posted in Cookies, Tracking & Online Behavioral Advertising, Data & Cyber Security, Privacy & Data Protection, Regulatory
With the California Consumer Privacy Act (CCPA) coming into effect on January 1 and the announcement on 14 January from Google that it will be phasing out third party cookies within the next two years, it seems that 2020 will be a significant year for the adtech industry as industry players react with solutions and … Continue Reading

New year, new laws: Washington re-introduces comprehensive privacy act among flurry of 2020 consumer privacy bills

By Kimberly Gold, Sarah Bruno and Jim Barbuto on Posted in Privacy & Data Protection
Washington state’s lawmakers started the 2020 legislative session with a renewed focus on consumer privacy through the introduction of ten privacy-related bills across the state House and Senate on January 13. Chief among these proposals was the comprehensive Washington Privacy Act (WPA), a new version of which was re-introduced in the Senate after the previous … Continue Reading

Proposed CCPA amendment would provide significant clarity to health care and life sciences companies

By Alexis Cocco and Kimberly Gold on Posted in Privacy & Data Protection, Regulatory
Despite intensive lobbying from industry groups, multiple amendments before its effective date, and extensive proposed regulations from the California attorney general, the California Consumer Privacy Act (CCPA) went into effect earlier this month with still many questions left unanswered: What compromises will be made regarding employee and business-to-business data? Will there be further insight into … Continue Reading

The EU-U.S. Privacy Shield: feedback, and potential EU recognition of privacy laws of California and other U.S. states?

By Katalina Bateman, Alexis Cocco and Karen Lee Lust on Posted in Global Data Transfers
Background On October 23, 2019, the European Commission (EC) released its report on a third annual review of the EU-U.S. Privacy Shield. While the report confirms that the U.S. continues to provide an adequate level of protection for personal data transfers in the context of the Privacy Shield, there are some gaps between the expectations … Continue Reading

Biometric privacy: The year in review and looking toward 2020

By Kimberly Gold, Michael Galibois, Jim Barbuto and Noelle Klockner on Posted in Privacy & Data Protection
2019 signalled significant growth in both regulatory focus and litigation involving biometric privacy. The passage of the California Consumer Privacy Act (CCPA), the addition of biometrics to numerous state data breach notification laws (including New York), and continued class action lawsuits emanating from Illinois’ Biometric Information Privacy Act (BIPA) made biometrics a trend line in … Continue Reading

IAB issues CCPA compliance framework for public comment

By Keri S. Bruce and Gerard Stegmaier on Posted in Privacy & Data Protection, Regulatory, Social, Mobile, Analytics & Cloud (SMAC)
Given the vast challenges California’s sweeping new privacy law, the California Consumer Privacy Act (CCPA), poses for digital marketing, the Interactive Advertising Bureau (IAB) released for public comment a draft of its proposed Compliance Framework for Publishers & Technology Companies (the Framework) on October 22. “Selling” and CCPA challenges for digital. Those who have been … Continue Reading

Uncertainty hangs over the life sciences and healthcare industries in draft regulations of The California Consumer Privacy Act

By Catherine David, Brad Rostolsky, Kimberly Gold and Alexis Cocco on Posted in Privacy & Data Protection, Regulatory
On October 10th, the Attorney General of California, Xavier Becerra, delivered the highly anticipated text of the proposed California Consumer Privacy Act (CCPA) regulations. However, untouched and unexplained were the Health Insurance Portability and Accountability Act, California Medical Information Act, and clinical research exemptions. The industry has and will continue to grapple with these exemptions, which … Continue Reading

California attorney general issues draft CCPA regulations

By Kimberly Gold, Bart Huffman, Samuel F. Cullari, Aaron Lancaster, Wendell Bartnick and Alexis Cocco on Posted in Privacy & Data Protection, Regulatory
On October 10, 2019, California Attorney General Xavier Becerra issued proposed regulations implementing and interpreting the California Consumer Privacy Act (CCPA). The draft regulations address privacy policies, consumer notices, practices for handling consumer requests, ways to verify consumer requests, requirements regarding minors, and rules governing nondiscrimination practices. The regulations are currently in draft form, with … Continue Reading

A new California privacy initiative seeks to further bolster individual privacy rights

By Kimberly Gold, Gerard Stegmaier, Alexis Cocco, Jacqueline Lefebvre and Taber Rueter on Posted in Privacy & Data Protection, Regulatory
Another potentially groundbreaking California ballot initiative has been announced, just as companies began to digest and incorporate the amendments to the California Consumer Privacy Act (CCPA) into their compliance plans and learned the draft CCPA regulations will be issued by the California Attorney General in October. Last week, the primary advocate for and co-architect of … Continue Reading

Last minute amendments likely finalize CCPA language for January 1 deadline.

By Bart Huffman, Gerard Stegmaier, Wendell Bartnick and Alexis Cocco on Posted in Privacy & Data Protection, Regulatory
Late last week, the California legislature approved five bills intended to clarify the scope and required compliance obligations of the California Consumer Privacy Act (CCPA or the Act). Organizations now have just over three months to determine whether they need to comply with the newly amended CCPA, assess what their obligations are, and implement the … Continue Reading

The facial scan that launched a thousand laws: biometric privacy legislation trend continues to grow nationwide

By Kimberly Gold, Michael Galibois and Jim Barbuto on Posted in Privacy & Data Protection
Many states are following in the footsteps of Illinois’ Biometric Information Privacy Act (BIPA), a law that has led to an increase in the volume of class action privacy litigation and highlighted the importance of enterprise-level management of biometric data (e.g., fingerprint, voiceprint, and retina, facial, or iris image). Organizations that collect and use biometric … Continue Reading

What businesses should know about the upcoming CCPA rulemaking

By Gerard Stegmaier and Mark Quist on Posted in Privacy & Data Protection
With barely half a year until the California Consumer Privacy Act (CCPA) takes effect in January 2020, the landmark privacy law is in a state of flux. The already-amended landmark law is likely to face further rounds of revision, and the California Attorney General is required to hammer out many key compliance requirements through an … Continue Reading

California lawmakers propose new CCPA amendments that address major concerns of the business community while preserving the privacy law

By Xiaoyan Zhang, Gerard Stegmaier and Kimberly Gold on Posted in Privacy & Data Protection
Last week, the California Assembly’s Committee on Privacy and Consumer Protection, which exercises jurisdiction over privacy and personal information protection matters, approved several amendment bills intended to clarify and narrow the scope of the California Consumer Privacy Act (CCPA or the Act). In January 2020, the CCPA will impose landmark burdens and obligations on businesses … Continue Reading
LexBlog