The California Privacy Protection Agency (CPPA) Board recently met and unanimously voted to finalize the proposed final CPRA regulations. This approved version was first released in January and updated those released in November 2022. Along with the proposed final CPRA regulations, the CPPA published a draft final statement of reasons and appendices containing responses to the comments received during the public comment periods. Continue Reading CPRA Update: Moving Toward Finalization

As many are aware, the CPRA regulations are currently in draft status and may continue in that state until April, despite the law’s January 1 effective date. This could result in regulations being in final form after the July 1 date that the California Privacy Protection Agency (CPPPA) has signaled that it will begin enforcement. Last week, during a Dec. 16 CPPA board meeting, the agency’s executive director indicated that the final rules will likely be released at the end of January. Although there will then be a comment period, the director indicated that the agency does not currently anticipate making further revisions to the draft regulations. Continue Reading How To Handle CPRA Regulations Delay

Companies subject to California’s Consumer Privacy Act (CCPA) may soon need to figure out how to scale their privacy compliance programs to include employee and B2B information. The current exemptions that exist for most of the law’s requirements to this type of information are set to expire January 1, 2023.Continue Reading CCPA May Soon Apply to Employee and B2B Information

As we pass the half-way mark of 2022, many are reflecting on their privacy compliance progress. One area that seems to be a constant battle is training. How much is needed? What kind of training? What are expectations from regulators around training?Continue Reading Privacy and Cybersecurity Training: Addressing Regulatory Concerns

In this third post of our ongoing series, we examine key takeaways for companies in light of the recently released draft CPRA regulations. Today’s focus is on contractual requirements. (Visit here for information about collection and notice under the draft regulations, and here for information about choice.)Continue Reading What Should We Do About the Draft CPRA Regulations?: Contracts

The California AG recently issued an opinion interpreting the scope of information that should be provided to consumers in an access request. In responding to access requests, companies must provide a list of all personal information that it has about that consumer. The AG opinion clarifies that inferences a company draws from personal information should be included in such a response.
Continue Reading In First CCPA “Opinion”, California AG Clarifies Scope of Access Requests

Did your business receive a letter from the California Attorney General’s office about your loyalty program? You are not alone. The California AG celebrated Data Privacy Day last month by announcing that his office had conducted an “investigative sweep” of business operating loyalty programs in California. His office then sent out notices of non-compliance to several loyalty program operators.

Continue Reading California AG Takes Aim At Customer Loyalty Programs

The California Privacy Protection Agency recently published public comments received in response to its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). The comments were originally solicited in September and due by November 8. The public feedback totals nearly 900 pages. It includes comments from various companies, industry associations, and other interested parties.
Continue Reading California Publishes Initial Public Comments to CPRA