California Governor Signs All Pending CCPA-Related Bills Into Law

On October 11, 2019, the California Governor, Gavin Newsom, signed into law five CCPA-amending bills and an additional CCPA-related bill that were awaiting his signature. The CCPA, or the California Consumer Privacy Act of 2018, gives California consumers certain rights to learn about and control how a business within the CCPA’s scope handles the personal information that business collects about the consumer.

In anticipation of the official finalized version of the CCPA, incorporating the five, newly-signed amendments, we have created an “Unofficial CCPA, As Amended” which is available here for reference.

The Governor’s signature on these six bills last Friday is the latest step in the efforts of the California legislature to clarify and amend the scope and requirements of the CCPA since its passage in 2018. These amendments to the CCPA will become operative with the rest of the CCPA on January 1, 2020. More information about these bills is available here.

The day before, October 10, 2019, the California Attorney General released proposed implementing regulations for the CCPA, which are now subject to public comment prior to finalization. More information about the press release and the proposed regulations is available here.

Please continue to check our blog for CCPA-related information and updates.

For more insights or inquiries on CCPA, please reach out to your Proskauer lawyers: Ryan Blaney, Lary Alan Rappaport, Christina Kroll or Divya Taneja.

Tags: amendment, California Consumer Privacy Act of 2018 (“CCPA”), CCPA, personal data, personal information

The “Meat on the Bones”: Attorney General Xavier Becerra Releases CCPA Implementing Regulations

By Ryan Blaney and Christina Kroll on October 11, 2019 Posted in California, Data Privacy Laws, Privacy Law

On October 10, 2019, the California Attorney General, Xavier Becerra, announced at a press conference that his office has released proposed implementing regulations for the California Consumer Privacy Act (“CCPA”). The text of the proposed regulations is available here.

As background, the CCPA is a California privacy law that seeks to give California consumers the rights to know about and control the personal information that businesses collect about them. For a detailed discussion of the CCPA, please see our previous posts (available here and here). Continue Reading

Tags: California Attorney General, California Consumer Privacy Act of 2018 (“CCPA”), CCPA, regulations

Nevada Consumer Opt-Out Right from Sale of Personal Information Goes into Effect

By Divya Taneja and Stephanie Kapinos on September 30, 2019 Posted in Data Privacy Laws, Privacy Law, State Privacy Laws

Effective tomorrow, October 1, 2019, the existing Nevada Privacy of Information Collected on the Internet from Consumers Act will be amended to include a consumer right to opt out from the sale of personal information and to impose verification requirements on “Operators” covered by the law. The existing law requires such covered entities to post privacy notices. The new consumer opt-out right was added through Senate Bill 220 (“SB 220”), which was signed into law earlier this summer. While this addition to Nevada’s privacy framework draws comparisons to consumer rights afforded under the California Consumer Privacy Act (the “CCPA”), the act, as amended by SB 220, applies to a much narrower category of businesses and is limited to certain types of “Covered Information” that are transferred as part of a “Sale” of data. Continue Reading

Tags: California Consumer Privacy Act of 2018 (“CCPA”), Nevada, Nevada Privacy of Information Collected on the Internet from Consumers Act, Operator, Senate Bill 220 (“SB 220”), State Privacy Laws

Employees Will Be Exempted from Most Requirements of the Amended California Consumer Privacy Act… For Now

By Anthony J. Oncidi and Cole Lewis on September 25, 2019 Posted in California, Data Privacy Laws, Legislation, Privacy Law, State Privacy Laws

In an effort to give consumers more control over the data businesses collect from and about them, the California legislature passed the California Consumer Privacy Act (CCPA) in 2018 (and amended it a few months later). The CCPA gives consumers the right to know about and have deleted the data businesses have gathered about them, among other rights. However, the CCPA applies to “consumers” and defines “consumers” so widely that it would cover employees and job applicants, which are not ordinarily understood to be consumers.

Read the full blog post on Proskauer’s California Employment Law Update.

Tags: amendment, California Attorney General, California Consumer Privacy Act of 2018 (“CCPA”), California privacy laws, legislation

CCPA Legislative Round-Up: Winners and Losers

By Christina Kroll and Divya Taneja on September 18, 2019 Posted in California, Legislation, Privacy Law

Businesses and California consumers are one step closer to understanding what their respective obligations and rights are under the California Consumer Privacy Act of 2018 (the “CCPA”). The CCPA is California’s landmark legislation that seeks to give California consumers the rights to learn about and control certain aspects of how a business handles the personal information that a business collects about them. It achieves this by requiring businesses to implement certain measures that enable consumers to exercise these rights. For an in-depth discussion of the CCPA more generally, please read our previous posts (here and here). Continue Reading

Tags: California Consumer Privacy Act of 2018 (“CCPA”), CCPA, Drafting Errors and Clarifying Changes, Facial Recognition Technology Disclosure, legislation, Loyalty Programs, Personal Information and Publicly Available Information, Vehicle Information

The New SHIELD Act Changes Breach Notification Rules and Data Security Standards for New Yorkers’ Personal Information

By Ellen Moskowitz and Elizabeth (Betsy) Rosen on August 21, 2019 Posted in Data Breaches, Data Privacy Laws, Legislation, Privacy Law

Reflecting the movement to toughen data security laws on a state-by-state basis, on July 25, 2019, Governor Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”). The Act amends New York State’s current data breach notification law, which covers breaches of certain personally-identifiable computerized data (referred to in the New York breach law as “Private Information”). The Act also breaks new ground by imposing substantive data security requirements on businesses that own or lease the Private Information of New York residents, regardless of whether the businesses otherwise conduct business in New York State. Both portions of the Act are backed by potential civil penalties for noncompliance.

Read the full client alert here.

Tags: Data Breach Notification Law, New York, Private Information, SHIELD Act, the Stop Hacks and Improve Electronic Data Security Act

ICO Issues First Intentions to Fine Under the GDPR

By Kelly McMullon on July 25, 2019 Posted in Data Privacy Laws, European Union, GDPR

GDPR fines are seemingly like buses, you wait over a year for enforcement action by the UK’s data supervisory authority, the ICO, and then two come along at once – and with quite dramatic effect. Continue Reading

Tags: enforcement action, European Union (EU), General Data Protection Regulation (GDPR), ICO