Qualifying businesses have another year to complying with certain, major provisions of the CCPA. The CCPA, or the California Consumer Privacy Act of 2018, is a California law that gives California consumers, defined broadly to encompass all California residents, certain rights with respect to their personal information. Namely, it gives consumers the right to know about the personal information that businesses collect about them; the right to know what businesses do with that information; and, the right opt out of the sale of certain personal information if a business sells that personal information. In turn, qualifying businesses that do business in California must institute certain policies, practices, and methods that allow consumers to effectuate those rights.
regulations
CCPA: California Attorney General Releases Final Proposed Regulations
On June 1, 2020, the California Attorney General’s office released the third and final set of CCPA proposed regulations (available here). Below, we provide information about the final proposed regulations and enforcement actions.
The “Meat on the Bones”: Attorney General Xavier Becerra Releases CCPA Implementing Regulations
On October 10, 2019, the California Attorney General, Xavier Becerra, announced at a press conference that his office has released proposed implementing regulations for the California Consumer Privacy Act (“CCPA”). The text of the proposed regulations is available here.
As background, the CCPA is a California privacy law that seeks to give California consumers the rights to know about and control the personal information that businesses collect about them. For a detailed discussion of the CCPA, please see our previous posts (available here and here).
Kingdom in the Cloud: Saudi Arabia’s Draft Cloud Computing Regulations
Proskauer litigation associate Courtney Bowman and Jonathan Reardon, head of the Al Khobar, Saudi Arabia office of the Middle East-based firm Al Tamini & Co., recently co-authored an article published by Bloomberg about Saudi Arabia’s draft cloud computing regulations. The article analyzes the draft regulations and their potential impact on…
Massachusetts Data Security Regulations: Your Company May Not Be Located There, But If Your Customers Are, You Need to Comply
As we’ve discussed in prior posts, newly effective regulations promulgated under Massachusetts’ recent data security law, Mass. Gen. Law ch. 93H, have raised the bar for data security compliance, and they have a long reach. The regulations are national and international in scope, as they apply to all companies –…
Massachusetts’ Revised Data Security Regulations Extend Deadline (Again) and Soften Some Requirements
Undersecretary Barbara Anthony, of the Massachusetts Office of Consumer Affairs and Business Regulation, announced today revisions to Massachusetts’ data security regulations, as well as an extension of the applicable compliance deadline from January 1, 2010 to March 1, 2010. (Previous to an earlier extension, the compliance deadline was May 1, 2009.)
The revised regulations emphasize their “risk-based” approach, enabling persons covered by the regulations to tailor their information security programs to their size, scope, type of business, resources, amount of personal information, and need. These changes were primarily intended to ease the burden of the regulations on small businesses that may not handle a significant amount of personal information, or may not have the resources to develop a sophisticated security program. That said, the changes apply to all business, not just small businesses.