Photo of Brian Anderson

Brian Anderson is a Partner in Sheppard Mullin’s San Francisco office. He is Team Leader of the firm’s Advertising Team and Technology Transactions Team.

The California attorney general has released draft regulations for CCPA, giving companies further guidance on a variety of topics. The regulations are in draft, and comments are due to the attorney general’s office by December 6, 2019. The AGs office will also be holding a series of hearings across the state, on December 2 (Sacramento), 3 (Los Angeles), 4 (San Francisco), and 5 (Fresno). Among the many items that companies will be examining in more detail in the coming days, the regulations provide details about how to verify consumers and the need for website accessibility in the provision of notices. The proposal also calls on companies to acknowledge access and deletion requests within 10 days of receipt of such a request.
Continue Reading Proposed CCPA Regs Released, Comments Due Dec. 6

California legislators have passed many bills to amend the California Consumer Protection Act since the law was passed. Last week there was significant developments in the status of those bills, as we reported. In addition to dropping the concept of a private right of action for non-breach matters, there are other key things to keep in mind. Some are good news for corporations, but some pending bills that would have helped clarify the law are not moving forward. On the pro-business side, employers and businesses that focus on handling employee data will be happy to learn of the revised definition to consumers. On the pro-consumer side, however, a bill was withdrawn that would have allowed the sharing of unique consumer identifiers for marketing purposes without being considered a “sale,” drawing a chorus of “shucks” from businesses alike. Keep reading for the details.
Continue Reading Like a Butterfly, Will the CCPA Continue to Evolve?

In response to the concern of many that the definition of consumer is so broad as to cover employees, a bill has been introduced in California to exclude employees from the scope of CCPA. As those who have been following CCPA are aware, the definition of “consumer” is extremely broad. Under the proposal, amended on March 25 of this year, the definition would specifically exclude from the definition information collected by a business “in the course of a person acting as a job applicant,” employee, contractor, or agent of the business. The carve-out goes on to clarify that this would hold true only if the individual’s information is used “for purposes compatible with the context” in which they gave it to the company.
Continue Reading Will CCPA’s Definition of Consumer Be Narrowed?

As the first month of 2019 comes to a close, it is clear that this year will be another busy one in the world of privacy. To help get a handle on what to worry about this year, it is helpful to look back on the privacy developments from 2018 and consider what will be recurring or new themes in the year to come. To help on this front, we have put together our comprehensive “year in review” bulletin. In this document, we’ve included all of the developments we reported on in 2018, in one handy spot. You can view the summary here. There were many themes that emerged, from biometrics to targeting, breach laws to breach enforcement, 2018 was a busy year in privacy. We expect 2019 to be equally packed with privacy developments.
Continue Reading Year In Review: Eye on Privacy 2018

Everyone who has been paying attention to privacy news knows that January 1, 2020 is the implementation date of the California Consumer Protection Act, and July 1, 2020 is the current deadline for enforcement to begin. July 2020 is also the current deadline for the California AG to implement regulations under CCPA. Read more about the law in our blog post from last year. What should companies do over the coming months to get ready for what looks like a sweeping new set of requirements? Two big ones: keep a 12 month look-back of data processing activities and take stock of what you collect and how you use it. Over the coming months you will also want to look at how you might handle rights requests, and take the CCPA into account for your 2019 and 2020 budgeting. This graphic can help you communicate the importance of CCPA to internal stakeholders.
Continue Reading 2019 is the Year of . . . CCPA?

As has been widely reported, California’s new privacy regime entitled the California Consumer Privacy Act of 2018, or CCPA, is set to come into effect on January 1, 2020. The law constitutes an expansion beyond California’s existing privacy laws, in particular California’s existing Shine the Light Law and the California Online Privacy Protection Act. Various provisions of the new law will apply to businesses with annual total revenue greater than $25 million (not just in California), that obtain or share for commercial purposes the personal information of 50,000 or more, or that get 50% or more of their revenue from selling or sharing PII. The law was passed quickly to avoid a similar voter-initiative ballot measure, and as a result has several ambiguities and apparent inconsistencies. It is therefore very likely that the law will be changed by amendment, and clarified through rules and regulations, before it comes into effect in 2020. 
Continue Reading The California Consumer Privacy Law (CCPA) Is Coming: What Should Your Company Do Now?