Archives: CCPA

CCPA/CPRA Rulemaking Update: What to Expect

By Jamie Kim, Shruti Bhutani Arora and Jeewon Serrato on December 6, 2022 Posted in CCPA, CPRA

The California Privacy Protection Agency (“CPPA” or the “Agency”) published on November 3, 2022, a Public Notice of Proposed Modifications and Additional Materials Relied Upon, which starts what we hope is the last round of rulemaking to finalize the regulations for the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act … Continue Reading

California’s Landmark Age-Appropriate Design Code Act: What You Need to Know

By Jeewon Serrato, Jennifer Mitchell, Justin T. Yedor and Christine Mastromonaco on September 8, 2022 Posted in CCPA, Children’s Privacy

On Aug. 29, California’s Senate unanimously passed Assembly Bill 2273, known as the Age-Appropriate Design Code Act (the CA AADC or the Bill). The Bill, which is anticipated to be signed into law by Gov. Gavin Newsom, is aimed at promoting online safety and privacy for children under 18. The Bill was inspired by the … Continue Reading

CCPA Employee and B2B Exemptions Set to Expire on Jan. 1, 2023

By Jeewon Serrato, Jerel Pacis Agatep and Shruti Bhutani Arora on September 7, 2022 Posted in CCPA

The California Consumer Privacy Act (CCPA) exemptions for employee and business-to-business Personal Information (PI) likely will not be extended. Aug. 31, 2022 was the last day for each house to pass bills, per the California Constitution (Art. IV, Sec 10(c) and the Joint Rules (J.R. 61(b)(18))), and no legislative proposals or amended bills made it … Continue Reading

If it’s broke, just fix it…: Curing Alleged CCPA Violations

By Colby Everett, Robyn M. Feldstein and Casie Collignon on June 14, 2022 Posted in CCPA

Courts across the United States continue to grapple with California’s landmark consumer privacy law, the California Consumer Privacy Act (CCPA). While the contours of this law are being litigated on multiple fronts, one important, but not most discussed provision, is Section 1798.150(a)(1), the right to cure. The CCPA, like other, similar California privacy laws, includes … Continue Reading

CPPA Begins CPRA Rulemaking

By Jennifer Mitchell, Jeewon Serrato, Justin T. Yedor and Jenny Ha on June 2, 2022 Posted in CCPA, CPRA

On May 26, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to provide updates on the Agency’s rulemaking process. The next day, the CPPA released draft regulations for the California Privacy Rights Act (CPRA). This post includes initial impressions of the proposed regulations and how they square with … Continue Reading

Complying with the CCPA’s Right to Deletion

By Janine Anthony Bowen on February 9, 2022 Posted in CCPA

The California Consumer Privacy Act dramatically changed the regulatory landscape for privacy in the United States. Among the CCPA’s many requirements, one right is proving a particular challenge for many businesses: the right to delete. Whitney Schneider-White and Justin Yedor coauthored this white paper with Privatar, which discusses the challenges complying with the CCPA’s right … Continue Reading

California AG Focuses CCPA Enforcement on Loyalty Programs

By Jeewon Serrato, Jerel Pacis Agatep, Shruti Bhutani Arora and Foram Dmytryk on February 3, 2022 Posted in CCPA

On Jan. 28, 2022, the California Attorney General Rob Bonta (AG) published a statement putting businesses that operate loyalty programs on notice that the California Consumer Privacy Act (CCPA) requirements for a Notice of Financial Incentive (NOFI) is likely going to be an area of focus for enforcement. This is the first time the AG … Continue Reading

California Privacy Protection Agency Board Chair Discusses CPRA Rulemaking Process and Agency Authority

By Justin T. Yedor and Jeewon Serrato on October 15, 2021 Posted in CCPA, Consumer Data, CPRA, Data Privacy, Data Protection, Uncategorized

Justin T. Yedor and Jeewon Serrato On October 5, 2021, Jennifer Urban, who serves as Chair of the Board the California Privacy Protection Agency (the CPPA) spoke with members of the California Lawyer’s Association about the Board’s work to get the new Agency off the ground, the challenges it faces in doing so and the … Continue Reading

8 Key Takeaways for Initial Defenses Under the CCPA and CPRA

By Marshall J. Mattera, Jeewon Serrato, Casie Collignon and Stanton Burke on October 7, 2021 Posted in CCPA, CPRA, Data Breach Notification Laws, Data Breaches, Privacy

Authors: Marshall Mattera, Jeewon Serrato, Casie Collignon and Stanton Burke Since the Jan. 1, 2020 kickoff for private enforcement under the California Consumer Privacy Act (CCPA), plaintiffs have filed scores of class actions invoking the CCPA. Such claims, when properly made, present substantial risk to companies including statutory damages up to $750 per consumer. Early … Continue Reading

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

By Justin T. Yedor, Stanton Burke and Jeewon Serrato on September 23, 2021 Posted in CCPA, CPRA, Information Security, Online Privacy, Uncategorized

By Justin Yedor, Stanton Burke, and Jeewon K. Serrato For businesses awaiting guidance on how to comply with the California Privacy Rights Act (the “CPRA”), the new California Privacy Protection Agency (“CPPA”) began the rulemaking process on September 22, 2021 with an Invitation for Preliminary Comments on Proposed Rulemaking (the “Invitation for Comment”). In the … Continue Reading

AdTech Under the CCPA and CPRA

By Alan L. Friel and Kyle R. Fath on February 15, 2021 Posted in CCPA, CPRA

Please join us for a follow-up discussion on AdTech Under the CCPA and CPRA, originally presented as part of the PrivacyOC Privacy Week Forums 2021. Speakers Alan Friel and Kyle Fath will discuss four seemingly overlapping consumer rights under the CPRA: 1) Do Not Sell, 2) Do Not Share, 3) Do Not Profile, and 4) … Continue Reading

California AG Becerra Tweets Endorsement for a Universal Opt-Out Tool

By Taylor A. Bloom and Alan L. Friel on February 8, 2021 Posted in CCPA

On Jan. 28, California Attorney General Becerra tweeted his support for a newly developed privacy tool that may function as a means for universal opt out. “#CCPA requires businesses to treat a user-enabled global privacy control as a legally valid consumer request to opt out of the sale of their data. CCPA opened the door … Continue Reading

California Voters Approve Reworking of Landmark Consumer Privacy Law – What CCPA 2.0 Will Mean for Businesses and Consumers

By Alan L. Friel and Kyle R. Fath on November 4, 2020 Posted in CCPA

The nation awoke the morning after Election Day 2020 with much still unresolved. By early morning Pacific Time, however, it was called by various media outlets that California voters approved a ballot measure, Proposition 24, known as the California Privacy Rights Act of 2020 (CPRA). Referred to by some as CCPA 2.0, the CPRA amends … Continue Reading

California OAG Proposes New CCPA Regs Two Weeks Before Voters Decide on the Fate of CCPA 2.0

By Alan L. Friel, Jeewon Serrato, Shea M. Leitch and Patrick Waldrop on October 20, 2020 Posted in CCPA

On Monday, Oct. 12, the California Office of the Attorney General (the Attorney General or OAG) released a third set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations (the Regulations). The full text can be found on the Attorney General’s website here. The proposed modifications to the Regulations are limited to four … Continue Reading

Jeewon Kim Serrato Co-Authors Article about Pricing, Value of Consumer Data and CCPA’s Non-Discrimination Requirement

By Jeewon Serrato on October 19, 2020 Posted in CCPA

Partner Jeewon Kim Serrato co-authored an article published in the California Lawyer Association’s Fall 2020 issue of the “Competition Journal” of the Antitrust, UCL and Privacy Section. The article, “Privacy, Pricing, and the Value of Consumer Data: Complex Nature of the CCPA’s Non-Discrimination Requirement,” discusses the intersection of privacy and competition law and provides an in-depth … Continue Reading

Employee Training and Record-Keeping Requirements in the Final CCPA Regulations and a Preview of New Retention Requirements in the CPRA

By Nichole Sterling and James A. Sherer on September 15, 2020 Posted in CCPA

The California Consumer Privacy Act (CCPA) does not in itself outline specific employee training or record-keeping requirements that demonstrate business compliance with the law. However, the California attorney general’s final CCPA Regulations, intended to guide the application of the CCPA, detail that specific types of employee training and record-keeping are required for CCPA compliance. Specifically, … Continue Reading

Return to Work: What Employers Should Know About AB 1281, CCPA Notice Requirements and Recent Labor Law Guidance

By Alan L. Friel, Jeewon Serrato and Catrina Wang on September 8, 2020 Posted in CCPA

While most privacy news and alerts have been focused on the collection and processing of customer data (see our earlier posts about interest-based advertising and the House Judiciary Committee’s Antitrust Hearing with Big Tech, for example), privacy issues related to data collected from employees and business-to-business (B2B) contacts increasingly are becoming a concern for businesses. … Continue Reading

IAB Launches CCPA Benchmark Survey

By Taylor A. Bloom, Kyle R. Fath, Gerald J. Ferguson, Alan L. Friel and Linda A. Goldstein on August 27, 2020 Posted in Advertising, CCPA

The Interactive Advertising Bureau (IAB), a leading advertising industry organization, has launched a CCPA Benchmark Survey to assess how companies across the digital advertising ecosystem are approaching CCPA compliance. The survey provides an opportunity for companies to anonymously report on their handling of various CCPA matters, including to provide statistics relating to the number of … Continue Reading

CCPA Final Regulations, with a Few Unexpected Changes

By Alan L. Friel, Jeewon Serrato, Stanton Burke, Kyle R. Fath, Taylor A. Bloom and Catrina Wang on August 19, 2020 Posted in CCPA

On Friday, August 14, 2020, California Attorney General Xavier Becerra announced approval by the Office of Administrative Law (OAL) of final regulations (Final Regs) under the California Consumer Privacy Act (CCPA). Proposed final regulations were submitted to the OAL by the Office of the Attorney General (OAG) on June 1, 2020. During OAL’s review process, … Continue Reading

California AG Begins CCPA Enforcement

By Jeewon Serrato, Andreas Kaltsounis and Stanton Burke on July 16, 2020 Posted in CCPA

Last week, the International Association of Privacy Professionals hosted a keynote session with Stacey Schesser, supervising deputy attorney general (AG) of the California Department of Justice, to discuss the July 1 start of the AG’s enforcement authority under the California Consumer Privacy Act (CCPA). The deputy AG discussed the current scope of the AG’s enforcement authority and confirmed that on July 1, … Continue Reading

CCPA Final Regulations Published in Advance of July 1 Enforcement Date

By Alan L. Friel and Jeewon Serrato on June 10, 2020 Posted in CCPA

On June 1, 2020, the Office of the California Attorney General (OAG) submitted the final proposed regulations (final regs) under the California Consumer Privacy Act (CCPA or the Title) to the California Office of Administrative Law (OAL). OAL now has 30 working days, plus an additional 60 calendar days under Executive Order N-40-20 related to … Continue Reading

Three Paths to Final CCPA Regulations by July 1

By Taylor A. Bloom, Kyle R. Fath and Gerald J. Ferguson on May 29, 2020 Posted in CCPA

The California Consumer Privacy Act (CCPA) requires the California Attorney General (AG) to issue regulations to “further the purposes of the title” by July 1, 2020. As that date quickly approaches, various rumors have been circulating about the status of the final regulations and whether they will actually be issued by July 1, or at … Continue Reading

CCPA Compliance Meets Trade Secret Protection: A Peaceful Coexistence?

By C. Dennis Loomis, Alan L. Friel, Jeewon Serrato and Catrina Wang on May 12, 2020 Posted in CCPA

Since the California Consumer Privacy Act (CCPA) went live on January 1, 2020, businesses have been working to develop procedures for lawfully complying with requests from California consumers relating to their personal information. Such requests may provoke a vexing question for which there currently is no definitive answer in the CCPA: What is the business … Continue Reading

Upcoming Webinars

By BakerHostetler on April 21, 2020 Posted in Advertising, CCPA

April 23, 2020: Marketing, Promoting and Pricing Your Products During the Pandemic For some companies, the COVID-19 pandemic has meant trying to cope with flying-off-the-shelf demand; for others, it has meant retail shutdowns, force majeure and trying to find creative new ways to keep sales afloat. For all of us, it has been a time … Continue Reading