Tag Archives: California

Privacy vs. Perks: Comparing the CCPA’s Notice of Financial Incentive and the Colorado Privacy Act’s Bona Fide Loyalty Program Rules

Photo of Justin T. YedorPhoto of Jamie KimBy Justin T. Yedor and Jamie Kim on Posted in Information Privacy
Global communication networkWhat is loyalty? Ask a mob boss, a Los Angeles Lakers fan and a Labrador retriever, and you might get three different answers. Ask a retailer, and they’ll likely tell you that a loyalty program can be a great tool for rewarding their best customers and helping drive further purchases. But with these benefits come … Continue Reading

California’s Landmark Age-Appropriate Design Code Act: What You Need to Know

Photo of Jeewon SerratoPhoto of Jennifer MitchellPhoto of Justin T. YedorPhoto of Christine MastromonacoBy Jeewon Serrato, Jennifer Mitchell, Justin T. Yedor and Christine Mastromonaco on Posted in CCPA, Children’s Privacy
On Aug. 29, California’s Senate unanimously passed Assembly Bill 2273, known as the Age-Appropriate Design Code Act (the CA AADC or the Bill). The Bill, which is anticipated to be signed into law by Gov. Gavin Newsom, is aimed at promoting online safety and privacy for children under 18. The Bill was inspired by the … Continue Reading

CPPA Begins CPRA Rulemaking

Photo of Jennifer MitchellPhoto of Jeewon SerratoPhoto of Justin T. YedorPhoto of Jenny HaBy Jennifer Mitchell, Jeewon Serrato, Justin T. Yedor and Jenny Ha on Posted in CCPA, CPRA
On May 26, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to provide updates on the Agency’s rulemaking process. The next day, the CPPA released draft regulations for the California Privacy Rights Act (CPRA). This post includes initial impressions of the proposed regulations and how they square with … Continue Reading

CPRA Rulemaking Explained and CPRA Amendments Push Forward, Including Employee and Business-to-Business Exemptions

Photo of Jeewon SerratoPhoto of Marshall J. MatteraBy Jeewon Serrato and Marshall J. Mattera on Posted in CPRA
On Feb. 18, Chairperson Jennifer Urban of the California Privacy Protection Agency (CPPA) addressed the California state bar and clarified the announcements that were made during the CPPA board meeting on Feb. 17. Read on for an explanation of the California Privacy Rights Act (CPRA) rulemaking process and brief summaries of the privacy bills in … Continue Reading

California AG Focuses CCPA Enforcement on Loyalty Programs

Photo of Jeewon SerratoPhoto of Jerel Pacis AgatepPhoto of Shruti Bhutani AroraPhoto of Foram DmytrykBy Jeewon Serrato, Jerel Pacis Agatep, Shruti Bhutani Arora and Foram Dmytryk on Posted in CCPA
On Jan. 28, 2022, the California Attorney General Rob Bonta (AG) published a statement putting businesses that operate loyalty programs on notice that the California Consumer Privacy Act (CCPA) requirements for a Notice of Financial Incentive (NOFI) is likely going to be an area of focus for enforcement. This is the first time the AG … Continue Reading

California Privacy Protection Agency Board Chair Discusses CPRA Rulemaking Process and Agency Authority

Photo of Justin T. YedorPhoto of Jeewon SerratoBy Justin T. Yedor and Jeewon Serrato on Posted in CCPA, Consumer Data, CPRA, Data Privacy, Data Protection, Uncategorized
Justin T. Yedor and Jeewon Serrato On October 5, 2021, Jennifer Urban, who serves as Chair of the Board the California Privacy Protection Agency (the CPPA) spoke with members of the California Lawyer’s Association about the Board’s work to get the new Agency off the ground, the challenges it faces in doing so and the … Continue Reading

8 Key Takeaways for Initial Defenses Under the CCPA and CPRA

Photo of Marshall J. MatteraPhoto of Jeewon SerratoPhoto of Casie CollignonPhoto of Stanton BurkeBy Marshall J. Mattera, Jeewon Serrato, Casie Collignon and Stanton Burke on Posted in CCPA, CPRA, Data Breach Notification Laws, Data Breaches, Privacy
Authors: Marshall Mattera, Jeewon Serrato, Casie Collignon and Stanton Burke Since the Jan. 1, 2020 kickoff for private enforcement under the California Consumer Privacy Act (CCPA), plaintiffs have filed scores of class actions invoking the CCPA. Such claims, when properly made, present substantial risk to companies including statutory damages up to $750 per consumer. Early … Continue Reading

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

Photo of Justin T. YedorPhoto of Stanton BurkePhoto of Jeewon SerratoBy Justin T. Yedor, Stanton Burke and Jeewon Serrato on Posted in CCPA, CPRA, Information Security, Online Privacy, Uncategorized
By Justin Yedor, Stanton Burke, and Jeewon K. Serrato For businesses awaiting guidance on how to comply with the California Privacy Rights Act (the “CPRA”), the new California Privacy Protection Agency (“CPPA”) began the rulemaking process on September 22, 2021 with an Invitation for Preliminary Comments on Proposed Rulemaking (the “Invitation for Comment”).  In the … Continue Reading

Ad and Publishing Industries Confront CCPA Challenges While Congress Considers Privacy

By Alan L. Friel on Posted in CCPA
The California Consumer Privacy Act (CCPA), effective Jan. 1, 2020, will require more privacy transparency and choice for consumers than they have ever had under U.S. law, but its approach to providing consumers with the right to opt out of a sale of their personal information threatens to disrupt the third-party digital advertising ecosystem. Most … Continue Reading

Additional California Bill, AB 25, Proposed to Further Amend the CCPA

Photo of Taylor A. BloomBy Niloufar Massachi, Taylor A. Bloom and Alan L. Friel on Posted in CCPA
On March 25, Assembly Member Chau introduced Assembly Bill 25 (AB 25), which proposes to amend a section of the California Consumer Privacy Act (CCPA), set to take effect on Jan. 1, 2020. This amendment would expressly exclude employees from the definition of a “consumer” under the CCPA. As currently drafted, the CCPA governs the … Continue Reading

California Sets Forth Further Legislation Imposing New Obligations on Companies

By Alan L. Friel and Niloufar Massachi on Posted in CCPA, Children’s Privacy, Consumer Data, GDPR
Over the past few weeks, California Republican lawmakers have introduced a new package of legislation called “Your Data, Your Way,” which would expand and strengthen consumer privacy rights beyond what is required by the new California Consumer Privacy Act (CCPA). The “Your Data, Your Way” package is comprised of bills that would impose new obligations … Continue Reading

SB-1121 Does Not Fix the CA Consumer Privacy Act, But Would Delay Enforcement

By Alan L. Friel on Posted in CCPA, State Legislation
In response to controversies concerning consumers’ personal information, such as the Facebook/Cambridge Analytica controversy, and a California ballot initiative that qualified for the November ballot and proposed the California Consumer Privacy Act (“CCPA Initiative”), the legislature in California responded with AB-375, which proposed an alternative version of the California Consumer Privacy Act of 2018. The … Continue Reading

California Passes Groundbreaking Data Privacy Law Granting Consumers Expansive Privacy Rights

By Alan L. Friel and Niloufar Massachi on Posted in Advertising, Behavioral Advertising, CCPA, Marketing
California has passed an unprecedented privacy law that protects consumers’ rights by providing them with a greater degree of transparency and choice with respect to their personal information online. On June 28, 2018, Assembly Bill 375 was signed into law by Gov. Jerry Brown as the California Consumer Privacy Act of 2018 (CCPA) just hours … Continue Reading

California Legislature Working Feverishly To Avert Privacy Ballot Initiative

By Alan L. Friel on Posted in Advertising, Behavioral Advertising, Online Privacy, Retail Industry, State Legislation
We have previously reported a ballot initiative known as the California Consumer Privacy Act of 2018 (“CCPA”), that is expected to be on the November ballot.  If passed, it would make sweeping changes to consumer privacy protection rights for Californians, likely creating a new national standard.  On June 21st, the California Assembly amended AB- 375, … Continue Reading

Nevada Enacts Online Privacy Policy Law; Illinois ‘Right to Know’ Bill Carried Over

Photo of Melinda L. McLellanBy David Kitchen, Alan L. Friel and Melinda L. McLellan on Posted in Enforcement, Online Privacy, State Legislation
Nevada recently became the latest state to pass a law requiring operators of websites and online services to post a public notice regarding their privacy practices. California was the first state to pass such a law in 2004, and Delaware enacted a similar law effective January 1, 2016.  Similar to its predecessors, the new Nevada … Continue Reading

California Amends Its Breach Notification Statute

Photo of M. Scott KollerBy M. Scott Koller on Posted in Data Breach Notification Laws
For the third time in as many years, California has once again amended its breach notification statute. This time it expanded the definition of “personal information,” clarified the term “encryption,” and mandated additional formatting and content requirements for individual notification letters. These amendments impact both companies and agencies and will go into effect on January … Continue Reading

CA AG Requires Chief Privacy Officer and Privacy Compliance Program

By Alan L. Friel on Posted in Cybersecurity, Enforcement
California’s Attorney General, Kamala Harris, has required Houzz, a home décor information and e-commerce website and mobile app publisher, to hire a chief privacy officer (CPO), conduct a company-wide privacy assessment, and maintain a privacy compliance program to settle a lawsuit that alleged Houzz failed to follow California law that requires disclosure of the recording … Continue Reading

California Attorney General Releases 2014 Data Breach Report and Recommendations, Finding More of the Same.

By Tanya Forsheit on Posted in Breach Notification, Data Breaches, Identity Theft, Retail Industry
Editor’s Note: The author thanks Jaysen Borja for his contributions to this post. On October 28, 2014, Attorney General Kamala Harris released the second annual California Data Breach Report.  The report detailed the nature and scope of data breach notifications that her office received in 2013.  Her office has been analyzing notifications of data breaches … Continue Reading

California Extends Deadline for Reporting Breaches to the CDPH from 5 to 15 Business Days

By Cory J. Fox on Posted in Data Breach Notification Laws, HIPAA/HITECH, Medical Privacy
On September 18, 2014, California Governor, Jerry Brown, signed Assembly Bill 1755 (“AB1755”) into law, amending breach notification provisions in the California Health and Safety Code applicable to licensed clinics, health facilities, home health agencies, and hospices. Under existing law, certain health care entities licensed by the California Department of Public Health (“CDPH”), including hospitals … Continue Reading

California’s Latest Amendments to Its Data Security Breach Notification Law – Much Ado about Nothing?

Photo of M. Scott KollerBy Tanya Forsheit and M. Scott Koller on Posted in Data Breaches
Editor’s Note: The authors would like to thank Jaysen Borja for his contributions to this post. On September 30, 2014, California Governor, Jerry Brown, signed Assembly Bill 1710 into law, amending California’s existing personal information privacy laws.  A.B. 1710 makes several changes to existing laws including: (1) the requirement that businesses that “maintain” personal information … Continue Reading

California Continues to Regulate Privacy and Advertising to Minors in New Law Regulating School-related Online Services

By Alan L. Friel on Posted in Cybersecurity, Enforcement
On September 29, 2014, California Governor Jerry Brown signed SB 1177 into law, effective Jan 1, 2015.  See Governor Brown Issues Legislative Update.  The new privacy and advertising regulation goes beyond FERPA, the federal student privacy law, and existing state student privacy laws that govern schools and requires them to obtain privacy protections for student … Continue Reading

New CA Privacy Disclosure Requirements Clarified By AG

By Alan L. Friel on Posted in Mobile Privacy
California has a number of privacy notice requirements for businesses collecting data from California residents, including as of January 1 of this year a requirement that websites, mobile apps and online services make certain disclosures regarding how they respond to browser and other “do not track signals” and regarding the presence and functionality of tracking … Continue Reading

Opening the Flood Gates? California Voters May Create Presumption of Harm in Privacy Breach Cases

Photo of BakerHostetlerBy BakerHostetler on Posted in Data Breaches, Privacy Class Actions, Privacy Litigation
Authored by: Julian Perlman Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. California has moved one step closer towards amending its Constitution to create a presumption of harm whenever personal data is shared without a consumer’s express opt-in, a change that would clear a significant hurdle to many privacy breach … Continue Reading
LexBlog