There have been seminal events in the cybersecurity space since 2012, but there has likely been no event in recent times bigger than the SolarWinds attack which was first announced in December 2020. Though it likely had “nation-state” origins, the SolarWinds attack raised a number of serious issues for US companies and indeed the US
While the United States largely hit the brakes as of March in the wake of the COVID-19 crisis, California Attorney General Xavier Becerra made clear his intentions to begin enforcement of the Act on July 1, 2020, as originally planned. This announcement came despite many organizations’ pleas to defer enforcement in order to relieve the additional stress imposed on organizations as they respond to the COVID-19 crisis, and continue to work towards ensuring their compliance with the CCPA. While Becerra has not yet published his final regulations on the Act, there are aspects of the regulations that we expect to be largely intact in their current form once the final regulations are out as a result of reviewing the three drafts General Becerra has already produced.
Continue Reading What We Can Expect from the CCPA Regulations
The rush for California to get all of the “rules of the road” ready for next year has seemed to cause a bit of confusion with California’s privacy law. Draft regulations were published the same day the Governor signed into law a series of amendments to the underlying law. It is all a bit confusing, However, now that the Governor has signed the last raft of amendments, and the dust has somewhat settled, the question on everyone’s mind is: What changed in the California Consumer Protection Act (“CCPA”)? How does this effect the draft regulations that the Attorney General published?
Fortunately, there are a number of significant changes which help clarify the CCPA, as well as materially change the scope of the CCPA – even if the AG didn’t include some of these changes into the initial draft regulations announced earlier this month. The most impactful changes across industries are as follows:
To start off, the issue of employee coverage under the CCPA has been a fractious one. On one hand, business has rightly claimed that the relationship with an employee is not the same as the relationship with a customer. On the other hand, privacy advocates have claimed that employees shouldn’t give up privacy rights just because they are employees.
Continue Reading CCPA Amendments – What did California Actually Do?
Those interested in keeping up with the latest news impacting the California Consumer Privacy Act have been heavily focused on AB 25, and its potential to exclude employees from the scope of the CCPA. In a marathon late-night session, the California Senate Judiciary Committee weighed in July 11 on various bills – including AB 25. An while AB 25 was part of the Committee debate, that amendment may actually make the bill less useful than first intended. Additionally, another bill made it out of committee which has the potential of a far greater impact than anyone seems to be noticing.
Continue Reading CCPA Amendments – Employees and the Loyalty Program Change Nobody is Talking About
Cross-Posted from Carpe Datum Law Blog
Senate Bill 561, which would have generated even greater compliance challenges and litigation risk for businesses, has been held in committee and placed on suspense. This development effectively prevents the bill from advancing for a vote and is a bit of CCPA good news for businesses. It also serves…
In prior posts, we’ve commented on the California Consumer Privacy Act (“CCPA”), likening it, and its Texas ‘flavored’ variant(s), to ‘elephants in the room’. Here, we’ve opted to expand our coverage and talk about what we’re seeing other states do (or, let’s expand the elephant metaphor to: elephants, elephants everywhere.)
It seems that all of a sudden, consumer privacy is THE hot topic and everyone’s jumping on the CCPA bandwagon! Consumers have woken up to what is happening with their personal information and are demanding government protective action! These are sensationalist statements, to be true, but are they accurate statements? Well, as is usually the case it is a bit more nuanced and it is important to set some things straight.
Continue Reading 2019: Is This The Year of Consumer Privacy (or, Elephants, Elephants Everywhere)
Last year, the Federal Communications Commission (“FCC”) issued an update to its rules implementing the Telephone Consumer Protection Act of 1991 (“TCPA”). These changes became effective October 16th of this year. At its core, the TCPA requires consent (either express or implied) to make telemarketing calls. Now, the TCPA now requires prior express consent for the majority of telemarketing efforts. In addition, the “established business relationship” exception for calls to a residential landline has been eliminated. Finally, there are additional “opt-out” requirements for any pre-recorded messages. Considering the fact that the TCPA is functionally a “strict liability” statute with statutory damages of $500 to $1500 per violation, this isn’t something that one should ignore. It is too easy of a case for a bored plaintiff’s lawyer to make.
Continue Reading Recent Changes to Telephone Consumer Protection Act – the US is starting to look like the EU