In the fifth in our series of California developments, we turn to data broker obligations. There are two of note. First, the California privacy agency is moving forward Delete Act regulations it proposed earlier this year. (Its board voted to move regulations addressing data broker requirements to the Office of Administrative Law for review and approval last month.) Second, it announced an investigative sweep of compliance with the Act.Continue Reading California’s Privacy Regulator Had a Busy November, Data Broker Edition: What Does It Mean for Businesses?

In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry.Continue Reading California’s Privacy Regulator Had a Busy November, Cybersecurity Audits and Insurance Edition: What Does It Mean for Businesses?

In the third in our series of new CCPA regulations from California, we look at obligations for conducting risk assessments under CCPA. CCPA had called on the California agency to promulgate rules to address such assessments, and when they would be needed.Continue Reading California’s Privacy Regulator Had a Busy November, Risk Assessment Edition: What Does It Mean for Businesses?

In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely “any form of automated processing of personal information” to analyze or predict people’s work performance, health, and personal preferences, among other things.Continue Reading California’s Privacy Regulator Had a Busy November, Automated Decisionmaking Edition: What Does It Mean for Businesses?

The California Privacy Protection Agency released proposed CCPA rules for a variety of topics in November, as well as announcing an investigative sweep for compliance with the Delete Act. Topics include the following, which we cover in this week’s California-focused blog posts:Continue Reading California’s Privacy Regulator Had a Busy November: What Does It Mean for Businesses?

California’s governor has signed an amendment to CCPA, the state’s well-known privacy law. While California was the first to pass a “comprehensive” privacy law, it is the second -with this new amendment- to include “neural data” to the definition of sensitive personal information. It follows Colorado, which added this information to its law earlier this year. Unlike Colorado, the modification will not go into effect until January 1, 2025. (Colorado’s amendment, on the other hand, became effective at the beginning of August.)Continue Reading California Joins Colorado in the Brain Wave Action

Earlier this month, the California Privacy Protection Agency (CPPA) issued its first-ever enforcement advisory (No. 2024-01). The advisory addresses what it calls the “foundational principle” of data minimization, and more specifically, as applied to the processing of consumer requests.Continue Reading The CPPA Signals Focus on Data Minimization and Consumer Requests

California recently passed a groundbreaking new law aimed at further regulating the data broker industry. California is already one of only three states (along with Oregon and Vermont) that require data brokers—businesses that collect and sell personal information from consumers with whom the business does not have a direct relationship—to meet certain registration requirements.Continue Reading California’s “Delete Act” Significantly Expands Requirements for Data Brokers

The enforcement division of the California Privacy Protection Agency (CPPA) recently announced it intends to review the privacy practices of connected vehicles. The driving force behind the review is the technologies in connected cars that raise privacy concerns. These include location sharing and smartphone integration. Connected cars often also have cameras and web-based entertainment systems. These cars—and the technologies in them—may monitor people both in the car and outside of it. For many Californians, the car is part of their daily routines. Connected vehicles can effectively becoming a constant data generator.Continue Reading California Regulator Drives Inquiry into Vehicle Data