The California Privacy Protection Agency recently published public comments received in response to its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). The comments were originally solicited in September and due by November 8. The public feedback totals nearly 900 pages. It includes comments from various companies, industry associations, and other interested parties.

Continue Reading California Publishes Initial Public Comments to CPRA

California recently passed AB 694, which makes a few “technical” changes to the California Privacy Rights Act (CPRA). Importantly, this amendment clarifies the timing for the new California Privacy Protection Agency’s (CPPA) rulemaking authority.

Continue Reading California Bill Clarifies Timing for CPRA Rulemaking Authority

California’s new privacy protection agency recently issued an invitation for public comments as part of its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). Introduced and passed by ballot initiative in November 2020, CPRA amends and introduces several new concepts to CCPA.

Continue Reading California’s New Privacy Agency Seeks Feedback on CPRA

The California attorney general has created a tool for consumers to report situations where companies sell information but do not have an opt-out of sale link on their website. The release of the tool came at the same time as the AG’s update on its CCPA enforcement actions. In that update, the AG highlighted one of the most common problems it had found: not having appropriate disclosures around “sales.”

Continue Reading AG Implements Tool to Allow Consumer Reporting of Alleged DNS Violations

On March 15, 2021, the California Office of Administrative Law (“OAL”) approved additional regulations to the CCPA. These regulations were originally proposed at the end of 2020 (which we covered here).  The changes are effective immediately. The modifications largely focus on (1) changes impacting those companies that “sell” information, and (2) the verification process for rights requests made by authorized agents.
Continue Reading Changes to CCPA Regulations are Approved and in Effect

Throughout 2020, companies have been negotiating with their business partners the issue of “selling” under CCPA. Is the partner a service provider? A third party? Is there an exchange of consideration? These issues will not likely go away in 2021, especially as we turn to addressing the CCPA modification, CPRA.
Continue Reading 2020 In Review: Exchanging Data With Business Partners

As 2020 draws to a close and we approach CCPA’s first birthday, the regulations continue to remain very much in “infant” mode. On December 10, 2020, the California Attorney General released a fourth set of proposed regulations. This is the second set of proposed changes released since the regulations went into effect in August 2020. Companies have until December 28, 2020 to submit comments to the AG on the modifications.
Continue Reading The Button is Back! Fourth Set of Modifications to CCPA Regulations Released

By ballot initiative, California residents recently approved Proposition 24, or the California Privacy Rights Act (CPRA), with approximately 56 percent voting in favor. CPRA significantly amends the CCPA by expanding individual rights, introducing new GDPR-style governance measures, and establishing a new enforcement agency (among other things). Importantly, CPRA does not replace or repeal CCPA, but rather augments it.  Further, no new private right of action will be added by CPRA.  The substantive provisions of CPRA do not take effect until January 1, 2023.
Continue Reading The CCPA Wheels Keep Turning: The Addition of CPRA

The California Attorney General recently released a third set of proposed modifications to the CCPA regulations. As we previously covered, the CCPA regulations were approved and went into effect on August 14, 2020. Many companies will likely be frustrated by the fact that new changes have been proposed again, just two months after the final version was approved. Companies have until October 28, 2020 to submit comments to the AG on the modifications.
Continue Reading Will CCPA Regulation Change Again?: Comment Deadline Looming

An amendment to the CCPA recently passed through the legislature, adding some much needed clarity to HIPAA-regulated entities, research institutions and other life science and medical device companies. CCPA in its current form left open uncertainty for business associates, de-identified information, and information collected in the course of medical research. AB 713 helps clarify certain exemptions and applicability of CCPA to organizations in the health and research space.
Continue Reading CCPA Amendment Adds Needed Clarity for Medical & Research Community