California has once again decided it needed to pass privacy legislation to protect the residents of the great state from the nefarious actions of Big Tech. However, this time they did it with a ballot initiative and not via the thoughtful (mostly) mechanism of the legislative process. The proponents of the California Privacy Rights Act of 2020 (“CPRA”) touted this as an improvement over the CCPA – but is it really? To listen to the proponents of the CPRA, it aims to strengthen California consumer privacy rights, while for the most part, avoiding the imposition of overly-burdensome requirements on a business, particularly those businesses that are already CCPA compliant. So, what’s changed, really?
Continue Reading California Prop 24 – Is the New Privacy Law Really New (Or Is the Sky Falling)
The CCPA Regulations Are Finally Here
Monday, California Attorney General Xavier Becerra submitted of the Final Regulations under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). Under the California Administrative Procedure Act (APA), the OAL has 30 business days plus 60 calendar days (due to a COVID-related executive order) to determine whether the regulations meet the requirements of the APA. This final submission comes after various public forums, hearings, commentary, and revisions to the regulations.
Continue Reading The CCPA Regulations Are Finally Here
US Senators Propose COVID-19 Consumer Data Protection Act
At the beginning of 2020, a Federal privacy law, similar to that of GDPR or PIPEDA, was a faint and distant reality. However, in light of some mobile device and other monitoring being considered because of the COVID-19 pandemic, US Senators Roger Wicker (R-Miss.), chairman of the Senate Committee on Commerce, Science, and Transportation; John
What We Can Expect from the CCPA Regulations
While the United States largely hit the brakes as of March in the wake of the COVID-19 crisis, California Attorney General Xavier Becerra made clear his intentions to begin enforcement of the Act on July 1, 2020, as originally planned. This announcement came despite many organizations’ pleas to defer enforcement in order to relieve the additional stress imposed on organizations as they respond to the COVID-19 crisis, and continue to work towards ensuring their compliance with the CCPA. While Becerra has not yet published his final regulations on the Act, there are aspects of the regulations that we expect to be largely intact in their current form once the final regulations are out as a result of reviewing the three drafts General Becerra has already produced.
Continue Reading What We Can Expect from the CCPA Regulations
Protect Your People: Newest Workday Scam Reroutes Employee Direct Deposit Funds
Cross-posted from Carpe Datum Law
Another week, another well-concocted phishing scam. The most recent fraudulent activity targeted businesses that use Workday, though this is not a breach or vulnerability in Workday itself. Specifically, the attack involves a well-crafted spam email that is sent to employees purporting to be from the CFO, CEO, or Head of
China Finalizes New Cyber Security Law
Cross Posted from Carpe Datum Law.
China has finalized a broad new Cyber Security Law, its first comprehensive data privacy and security regulation. It addresses specific privacy rights previously adopted in the European Union and elsewhere such as access, data retention, breach notification, mobile privacy, online fraud and protection of minors.
There is plenty in the new law to irritate international businesses operating in China. It requires in general that Chinese citizens’ data be stored only in China, for starters, possibly requiring global corporations to maintain separate IT systems for Chinese data. Most of the privacy enhancements benefiting citizens align with those required in the European Union, but it is unclear how the Chinese will expect compliance, particularly since, as with many Chinese laws, its language is vague as to its scope, application and details. This vagueness leaves interpretation to the State Council, the chief administrative authority in China, headed by Premier Li Keqiang.
The law expands Chinese authorities’ power to investigate even within a corporation’s Chinese data systems, and provides for draconian penalties for non-compliance by business entities or responsible individuals include warnings, rectification orders, fines, confiscation of illegal gains, suspension of business operations or the revocation of the entity’s business license.
Continue Reading China Finalizes New Cyber Security Law