CCPA

California’s Privacy Regulator Had a Busy November, Data Broker Edition: What Does It Mean for Businesses?

By Liisa Thomas, Kathryn Smith & James O'Reilly* on December 13, 2024

Posted in California Privacy, CCPA, Data Broker, US Privacy

In the fifth in our series of California developments, we turn to data broker obligations. There are two of note. First, the California privacy agency is moving forward Delete Act regulations it proposed earlier this year. (Its board voted to move regulations addressing data broker requirements to the Office of Administrative Law for review and approval last month.) Second, it announced an investigative sweep of compliance with the Act.Continue Reading California’s Privacy Regulator Had a Busy November, Data Broker Edition: What Does It Mean for Businesses?

California’s Privacy Regulator Had a Busy November, Cybersecurity Audits and Insurance Edition: What Does It Mean for Businesses?

By Liisa Thomas, Kathryn Smith & James O'Reilly* on December 12, 2024

Posted in California Privacy, CCPA, Cybersecurity, Insurance Privacy, US Privacy

In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry.Continue Reading California’s Privacy Regulator Had a Busy November, Cybersecurity Audits and Insurance Edition: What Does It Mean for Businesses?

California’s Privacy Regulator Had a Busy November, Risk Assessment Edition: What Does It Mean for Businesses?

By Liisa Thomas, Kathryn Smith & James O'Reilly* on December 11, 2024

Posted in California Privacy, CCPA, Risk Assessments, US Privacy

In the third in our series of new CCPA regulations from California, we look at obligations for conducting risk assessments under CCPA. CCPA had called on the California agency to promulgate rules to address such assessments, and when they would be needed.Continue Reading California’s Privacy Regulator Had a Busy November, Risk Assessment Edition: What Does It Mean for Businesses?

California’s Privacy Regulator Had a Busy November, Automated Decisionmaking Edition: What Does It Mean for Businesses?

By Liisa Thomas, Kathryn Smith & James O'Reilly* on December 10, 2024

Posted in Automatic Decisionmaking, California Privacy, CCPA, US Privacy

In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely “any form of automated processing of personal information” to analyze or predict people’s work performance, health, and personal preferences, among other things.Continue Reading California’s Privacy Regulator Had a Busy November, Automated Decisionmaking Edition: What Does It Mean for Businesses?

California’s Privacy Regulator Had a Busy November: What Does It Mean for Businesses?

By Liisa Thomas, Kathryn Smith & James O'Reilly* on December 9, 2024

Posted in Automatic Decisionmaking, California Privacy, CCPA, US Privacy

The California Privacy Protection Agency released proposed CCPA rules for a variety of topics in November, as well as announcing an investigative sweep for compliance with the Delete Act. Topics include the following, which we cover in this week’s California-focused blog posts:Continue Reading California’s Privacy Regulator Had a Busy November: What Does It Mean for Businesses?

California Joins Colorado in the Brain Wave Action

By Liisa Thomas on October 1, 2024

Posted in California Privacy, CCPA, Health Privacy, US Privacy

California’s governor has signed an amendment to CCPA, the state’s well-known privacy law. While California was the first to pass a “comprehensive” privacy law, it is the second -with this new amendment- to include “neural data” to the definition of sensitive personal information. It follows Colorado, which added this information to its law earlier this year. Unlike Colorado, the modification will not go into effect until January 1, 2025. (Colorado’s amendment, on the other hand, became effective at the beginning of August.)Continue Reading California Joins Colorado in the Brain Wave Action

The CPPA Signals Focus on Data Minimization and Consumer Requests

By Brittany Walter on April 25, 2024

Posted in California Privacy, CCPA, Data Minimization, US Privacy

Earlier this month, the California Privacy Protection Agency (CPPA) issued its first-ever enforcement advisory (No. 2024-01). The advisory addresses what it calls the “foundational principle” of data minimization, and more specifically, as applied to the processing of consumer requests.Continue Reading The CPPA Signals Focus on Data Minimization and Consumer Requests

California AG Turns on CCPA Investigation of Streaming Services

By Alyssa Sones on February 2, 2024

Posted in California Privacy, CCPA, US Privacy

To close out Data Privacy Week, California Attorney General Rob Bonta announced a new investigative sweep probing streaming apps’ and devices’ compliance with the California Consumer Privacy Act (CCPA).Continue Reading California AG Turns on CCPA Investigation of Streaming Services

CCPA Amendments Extend Protections to Reproductive Health and Citizenship Status

By Julia Kadish on October 27, 2023

Posted in California Privacy, CCPA, Health Privacy

Governor Newsom recently signed two amendments to the CCPA strengthening protections for certain data types. The changes go into effect January 1, 2024.Continue Reading CCPA Amendments Extend Protections to Reproductive Health and Citizenship Status

California’s “Delete Act” Significantly Expands Requirements for Data Brokers

By Brittany Walter on October 12, 2023

Posted in California Privacy, CCPA, Data Broker

California recently passed a groundbreaking new law aimed at further regulating the data broker industry. California is already one of only three states (along with Oregon and Vermont) that require data brokers—businesses that collect and sell personal information from consumers with whom the business does not have a direct relationship—to meet certain registration requirements.Continue Reading California’s “Delete Act” Significantly Expands Requirements for Data Brokers

California Regulator Drives Inquiry into Vehicle Data

By Liisa Thomas & Alyssa Sones on August 15, 2023

Posted in California Privacy, CCPA, Consumer Privacy, Telemetrics, US Privacy

The enforcement division of the California Privacy Protection Agency (CPPA) recently announced it intends to review the privacy practices of connected vehicles. The driving force behind the review is the technologies in connected cars that raise privacy concerns. These include location sharing and smartphone integration. Connected cars often also have cameras and web-based entertainment systems. These cars—and the technologies in them—may monitor people both in the car and outside of it. For many Californians, the car is part of their daily routines. Connected vehicles can effectively becoming a constant data generator.Continue Reading California Regulator Drives Inquiry into Vehicle Data

Eye On Privacy