The Colorado Legislature recently passed the Colorado Privacy Act (“ColoPA”), joining Virginia and California as states with comprehensive privacy legislation. Assuming Colorado Governor Jared Polis signs the bill (SB 21-190)...more
Just a few months after California officials announced the nominations of the inaugural Board members of the California Privacy Protection Agency (“CalPPA”), the CalPPA released the agenda for its first board meeting on June...more
The California Privacy Rights Act (CPRA), effective January 1, 2023, adds “contractors” to the list of entities that a business may entrust with customer data. So what is a “contractor?” And how are “contractors” different...more
As we move deeper into the second year of CCPA litigation, the substantive issues continue to develop and we remain focused on the patterns and implications of recent filings and rulings. In this post, we highlight notable...more
California officials today announced their nominees to be the five inaugural members of the California Privacy Protection Agency (“CPPA”) Board. Created by the California Privacy Rights Act (“CPRA”), the CPPA will become a...more
On March 2, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law, making Virginia the second state to enact comprehensive privacy legislation.
With the VCDPA on the books, companies have...more
In the absence of comprehensive federal privacy law, states are following California’s lead and proposing their own privacy bills. This blog post provides an overview of three state bills that we are tracking closely in this...more
It has been a full year since the California Consumer Privacy Act (“CCPA”) took effect at the top of 2020. In the cases filed in the second half of the year, the complaints more frequently assert a violation of the CCPA as a...more
1/25/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular ,
Private Right of Action
Private consumer litigation in 2020 was significantly impacted by the California Consumer Privacy Act (CCPA) which took effect on January 1, 2020. Whether asserted as a standalone CCPA violation claim or as a predicate act...more
The California Attorney General’s office announced a fourth set of proposed modifications to the CCPA regulations. These modifications: (1) clarify the requirement for businesses that sell personal information that is...more
On Tuesday, November 3, 2020, California voters passed ballot Proposition 24, the California Privacy Rights Act of 2020 (“CPRA”). Also known as CCPA 2.0, CPRA brings a number of changes to the CCPA, the majority of which will...more
California became the first U.S. state with a comprehensive consumer privacy law when the California Consumer Privacy Act (“CCPA”) became operative on January 1, 2020. The CCPA provides for broad privacy rights for residents...more
11/2/2020
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Proposed Rules ,
Public Disclosure ,
Regulation S-K ,
Securities and Exchange Commission (SEC) ,
Shareholder Litigation ,
Shareholders
Only two months after finalizing the CCPA regulations, the California Attorney General’s office today released a new set of proposed changes, most significantly addressing “Do Not Sell My Personal Information” requests. The...more
Prior to the September 30 deadline to sign or veto legislation, California Governor Gavin Newsom recently took action on three bills related to data privacy. Bringing some potential certainty to the dynamic CCPA landscape,...more
On Tuesday, the New York Attorney General Letitia James announced a settlement with Dunkin’ Brands, Inc. over allegations that the company failed to adequately respond to years of cyberattacks that compromised customers’...more
On August 30th, the California legislature passed a bill to continue the employee and business-to-business (B2B) exemptions contained in the CCPA for another year. Currently, the CCPA provides two limited exemptions for...more
The California Office of Administrative Law today approved the CCPA Regulations that the California Attorney General submitted in June, and the regulations are effective immediately. As we discussed here, the now-final...more
On July 22, the New York Department of Financial Services (DFS) announced the first enforcement action under its new Cybersecurity Regulation, which requires that businesses registered or licensed by DFS comply with a number...more
January 1, 2020 was the effective date for the California Consumer Privacy Act (CCPA). As we reported and summarized in our Q1 2020 CCPA Litigation Round-Up, private litigants wasted no time in filing consumer-related causes...more
On July 16, the European Court of Justice (CJEU) issued a highly-anticipated decision evaluating the validity of two popular mechanisms for transferring personal data from the EU to the United States: Privacy Shield and...more
Earlier this month, we offered our analysis and takeaways from a Magistrate Judge’s decision that defendant Capital One was required to produce a third-party data breach assessment report as part of ongoing consumer...more
Following a data breach, companies generally launch an investigation to determine the source and scope of the breach. These efforts are often led by in-house privacy, compliance, and/or litigation counsel with an eye firmly...more
The FTC’s most recent COPPA enforcement action, announced on June 4 with app developer HyperBeard, provides evidence of an ongoing debate within the Commission about privacy harm and the role of monetary relief in the...more
On June 2, California Attorney General Xavier Becerra announced that he had submitted final CCPA regulations to the Office of Administrative Law (OAL) for review. The final regulations are substantively identical to the...more
6/3/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Proposed Regulation ,
State Attorneys General
Following the Republican-sponsored COVID-19 Consumer Data Protection Act of 2019, Democratic legislators recently introduced the Public Health Emergency Privacy Act. Senators Richard Blumenthal and Mark Warner of Connecticut...more