CCPA

To stay up to date on the newest developments in data privacy, security and innovation, be sure to register for Team CPW’s speaking engagements in December.  Details for the events next month are available below.

December 2: Association of Corporate Counsel Just In Time CLE December 2

Ann LaFrance, Kyle Fath and Kristin Bryan

Registration is open for a series of upcoming not-to-be-missed webinars covering key areas for companies seeking to regulate the global compliance landscape.  Register below for insights from CPW’s Alan Friel, Marisol Mork, Eric Troutman and others.

Webinar Series: Advertising, Media and Brands – Global Compliance Challenges

2021 has provided unique challenges for businesses operating across

In case you missed it, below is a summary of recent posts from CPW.  Please feel free to reach out if you are interested in additional information on any of the developments covered.

EU Proposed Regulatory Regime for Artificial Intelligence (AI) Could Set Global Standard – Consumer Privacy World

Data Privacy and Cybersecurity FTC Priorities

The California Privacy Protection Agency (CPPA) Board, created by the California Privacy Rights Act (CPRA), has been busy of late. As we recently reported, the CCPA has hired renowned privacy technologist Ashkan Soltani as its new Executive Director to lead the agency. Meanwhile, the agency’s committees have been hard at work. The Regulations Subcommittee has proposed its framework for its rulemaking process. Notably, the subcommittee recommends an immediate start to pre-rulemaking activities such as issuing an invitation for comments, the creation of additional subcommittees, and the identification of informational hearing topics. A pre-rulemaking process gives the agency flexibility to hear from stakeholders outside of the formal and constrained process that will begin once the regulatory process officially commences. The framework also notes that the notice of proposed rulemaking, initial statement of reasons (ISOR), and text of the regulations should be published in winter 2021-2022, with public hearings taking place thereafter. This suggests that stakeholders have a short window of opportunity to take advantage of the pre-regulatory educational period. It will be interesting to see if the agency conducts the kind of “listening tour” the Office of Attorney General (OAG) went on across the Golden State by means of town halls prior to its California Consumer Privacy Act (CCPA) rulemaking process, or elects to spend its time in more intimate and concerted explorations.
Continue Reading California Privacy Agency Moves Forward With Rulemaking Process

On July 19, the Office of the Attorney General of California (OAG) issued a press release summarizing its first year of CCPA enforcement. Seventy-five percent of companies receiving a notice to cure are said to have come into compliance within the 30-day cure period, with 25% reportedly still within that period or under ongoing investigation. The OAG also published summaries of 27 resolved exemplary cases. The OAG was careful to note that the summaries do not constitute advice and do not include all of the facts, however they do offer some insights. Disappointingly, however, the summaries often lack enough detail to allow readers to surmise the enforcement posture that was taken by the OAG, the exact nature of the alleged violations, or the specific actions taken by the company that satisfied the OAG’s inquiry.


Continue Reading California AG Offers Cryptic CCPA Enforcement Summaries, and Launches Complaint Tool

CCPA-California-Consumer-Privacy-ActThe deadline is fast approaching for businesses that buy, receive, sell, or share the personal information of 10 million or more California consumers to report their California Consumer Privacy Act (“CCPA”) rights requests metrics. On July 1, 2021, these businesses must report certain data (outlined below) in their privacy policy or elsewhere online accessible via a link in their privacy policy.
Continue Reading First CA Consumer Rights Requests Metrics Reporting Due

Informational privacy is a hot topic. Just recently new privacy laws in California and Virginia have brought Europe-inspired requirements on how companies process personal information to the US.

Data is a valuable, but challenging asset.

Organizations can only meaningfully protect, and effectively make the most of, their digital assets if they know what data they have, the usage limitations that apply to it and where it resides and who has access to it. Data management is a huge challenge for organizations in the modern hyper-connected tech-enabled world; yet challenges can be turned into opportunities by organizations willing and able to step-up to them.

Data management is not just about legal compliance.  In many ways, it comes down to branding.
Continue Reading Informational Privacy as a Branding & Asset Management Opportunity

We congratulate our friend and colleague Lydia de la Torre on her appointment to the inaugural board for the California Privacy Protection Agency.  “Californians deserve to have their data protected and the individuals appointed today will bring their expertise in technology, privacy and consumer rights to advance that goal,” said Governor Newsom. “These appointees