In this third post of our ongoing series, we examine key takeaways for companies in light of the recently released draft CPRA regulations. Today’s focus is on contractual requirements. (Visit here for information about collection and notice under the draft regulations, and here for information about choice.)

Continue Reading What Should We Do About the Draft CPRA Regulations?: Contracts

The California AG recently issued an opinion interpreting the scope of information that should be provided to consumers in an access request. In responding to access requests, companies must provide a list of all personal information that it has about that consumer. The AG opinion clarifies that inferences a company draws from personal information should be included in such a response.
Continue Reading In First CCPA “Opinion”, California AG Clarifies Scope of Access Requests

Did your business receive a letter from the California Attorney General’s office about your loyalty program? You are not alone. The California AG celebrated Data Privacy Day last month by announcing that his office had conducted an “investigative sweep” of business operating loyalty programs in California. His office then sent out notices of non-compliance to several loyalty program operators.


Continue Reading California AG Takes Aim At Customer Loyalty Programs

The California Privacy Protection Agency recently published public comments received in response to its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). The comments were originally solicited in September and due by November 8. The public feedback totals nearly 900 pages. It includes comments from various companies, industry associations, and other interested parties.

Continue Reading California Publishes Initial Public Comments to CPRA

California recently passed AB 694, which makes a few “technical” changes to the California Privacy Rights Act (CPRA). Importantly, this amendment clarifies the timing for the new California Privacy Protection Agency’s (CPPA) rulemaking authority.

Continue Reading California Bill Clarifies Timing for CPRA Rulemaking Authority

California’s new privacy protection agency recently issued an invitation for public comments as part of its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). Introduced and passed by ballot initiative in November 2020, CPRA amends and introduces several new concepts to CCPA.

Continue Reading California’s New Privacy Agency Seeks Feedback on CPRA

The California attorney general has created a tool for consumers to report situations where companies sell information but do not have an opt-out of sale link on their website. The release of the tool came at the same time as the AG’s update on its CCPA enforcement actions. In that update, the AG highlighted one of the most common problems it had found: not having appropriate disclosures around “sales.”

Continue Reading AG Implements Tool to Allow Consumer Reporting of Alleged DNS Violations

On March 15, 2021, the California Office of Administrative Law (“OAL”) approved additional regulations to the CCPA. These regulations were originally proposed at the end of 2020 (which we covered here).  The changes are effective immediately. The modifications largely focus on (1) changes impacting those companies that “sell” information, and (2) the verification process for rights requests made by authorized agents.
Continue Reading Changes to CCPA Regulations are Approved and in Effect

Throughout 2020, companies have been negotiating with their business partners the issue of “selling” under CCPA. Is the partner a service provider? A third party? Is there an exchange of consideration? These issues will not likely go away in 2021, especially as we turn to addressing the CCPA modification, CPRA.
Continue Reading 2020 In Review: Exchanging Data With Business Partners