The California Privacy Protection Agency (CPPA) Board, created by the California Privacy Rights Act (CPRA), has been busy of late. As we recently reported, the CCPA has hired renowned privacy technologist Ashka Soltani as its new Executive Director to lead the agency. Meanwhile, the agency’s committees have been hard at work. The Regulations Subcommittee has
The California Privacy Protection Agency (CPPA) Board, created by the California Privacy Rights Act (CPRA), has been busy of late. As we recently reported, the CCPA has hired renowned privacy technologist Ashka Soltani as its new Executive Director to lead the agency. Meanwhile, the agency’s committees have been hard at work. The Regulations Subcommittee has proposed its framework for its rulemaking process. Notably, the subcommittee recommends an immediate start to pre-rulemaking activities such as issuing an invitation for comments, the creation of additional subcommittees, and the identification of informational hearing topics. A pre-rulemaking process gives the agency flexibility to hear from stakeholders outside of the formal and constrained process that will begin once the regulatory process officially commences. The framework also notes that the notice of proposed rulemaking, initial statement of reasons (ISOR), and text of the regulations should be published in winter 2021-2022, with public hearings taking place thereafter. This suggests that stakeholders have a short window of opportunity to take advantage of the pre-regulatory educational period. It will be interesting to see if the agency conducts the kind of “listening tour” the Office of Attorney General (OAG) went on across the Golden State by means of town halls prior to its California Consumer Privacy Act (CCPA) rulemaking process, or elects to spend its time in more intimate and concerted explorations.…
Continue Reading California Privacy Agency Moves Forward With Rulemaking Process
On July 19, the Office of the Attorney General of California (OAG) issued a press release summarizing its first year of CCPA enforcement. Seventy-five percent of companies receiving a notice to cure are said to have come into compliance within the 30-day cure period, with 25% reportedly still within that period or under ongoing investigation. The OAG also published summaries of 27 resolved exemplary cases. The OAG was careful to note that the summaries do not constitute advice and do not include all of the facts, however they do offer some insights. Disappointingly, however, the summaries often lack enough detail to allow readers to surmise the enforcement posture that was taken by the OAG, the exact nature of the alleged violations, or the specific actions taken by the company that satisfied the OAG’s inquiry.
With the stroke of his pen on July 7, Governor Jared Polis (D) signed the Colorado Privacy Act (CPA or Act) into law, making the Centennial State the third U.S. state to pass comprehensive consumer privacy legislation. The Act, passed by the legislature on June 8, is a combination of elements of California and Virginia…
The buzz surrounding non-fungible tokens (NFTs) reached a fever pitch with the US$69 million sale of an NFT by digital artist Beeple in March 2021. While artwork has remained the predominant use of NFTs – and generated a good deal of media hype along the way − companies across a variety of industries are coming up with new and innovative use cases for NFTs – and turning to our multidisciplinary global team for guidance in the uncharted territory surrounding these digital assets.
First: What Is an NFT?
NFTs are unique tokens based on blockchain technology. Unlike cryptocurrency tokens such as bitcoin, which are fungible, NFTs are digitally unique – no two NFTs are alike. The unique nature of NFTs, as well as the security and other advantageous features of blockchain technology, provide a number of unique benefits, including:
- Verification of ownership and authenticity
- Driving of value of digital assets through scarcity
- Built-in smart contracts for re-sale royalties for artists and other NFT creators
- Decentralization of digital asset ownership, management and transfers (in other words, independence from large platforms)
Continue Reading First CA Consumer Rights Requests Metrics Reporting Due
Regulations governing biometric data collection, use, and processing have already been complex and strict with the Illinois’ Biometric Information Privacy Act (“BIPA”) as well as the biometrics laws in Washington and Texas. BIPA, which has a private right of action, has generated a flood of class action litigation. New York City has recently added to the mix by passing two new biometrics laws, the Tenant Data Privacy Act (“TDPA”) and an amendment to the New York City Administrative Code (“NYC Administrative Code”), both of which set forth requirements when it comes to processing of biometric data that expand consumers’ rights and impose obligations on processing biometric data.
Colorado’s SB 21-190 has passed both chambers and if not vetoed will become the 3rd omnibus state privacy law enforceable 7/1/23. It has no private right of action, but includes the right to object to processing for purposes of targeted advertising, the sale of personal data, or profiling, including via means of an online…
Data is a valuable, but challenging asset.
Organizations can only meaningfully protect, and effectively make the most of, their digital assets if they know what data they have, the usage limitations that apply to it and where it resides and who has access to it. Data management is a huge challenge for organizations in the modern hyper-connected tech-enabled world; yet challenges can be turned into opportunities by organizations willing and able to step-up to them.
Data management is not just about legal compliance. In many ways, it comes down to branding.…
Continue Reading Informational Privacy as a Branding & Asset Management Opportunity
Correction to the original article: First American Title Insurance Company is not associated or involved with the March 3, 2021 consent decree between Residential Mortgage and New York Department of Financial Services.
In early March, the New York State Department of Financial Services (“DFS”) entered into a consent order requiring Residential Mortgage Company to pay…