On April 2, the California Privacy Protection Agency (CPPA or “the Agency”) issued the Agency’s first-ever enforcement advisory. The advisory (“Applying Data Minimization to Consumer Requests”) reaffirms data minimization as...more
Getting into compliance with the California Consumer Privacy Act (CCPA) can seem like an overwhelming task. After all, the law is comprised not only of a dense statute and detailed regulations, but the amendment effective...more
On March 27, 2023, the California Privacy Protection Agency (CPPA) will close its second phase of rulemaking on automated decision-making (ADM) systems under the California Privacy Rights Act (CPRA)— but not before giving...more
In the last few years, data privacy laws and regulations have been big news. Much of the coverage—including one of our recent blog posts—concerned website compliance. Companies scrambled to post notices and forms on their...more
When it comes to data privacy law, change is the only constant. The global pandemic unleashed a new set of risks related to data privacy that companies will have to confront in 2021. But despite the COVID chaos, data privacy...more
As more organizations find themselves under scrutiny for the way they collect and use consumer data, maintaining CCPA compliance has never been more important. CCPA has been introduced to give control back to consumers,...more
No. Both the CCPA and the GDPR provide individuals with a right to request access to their personal information and a right to request the deletion of their personal information. As a result, businesses that field rights...more
While businesses are not required to create a written policy or procedure for processing access requests, some businesses – particularly those that receive high volumes of such requests – choose to create such a policy. If...more
Maybe. The CCPA requires a business to respond to an access request by disclosing all information that it has “collected” about a consumer in the previous 12 months. Unlike the CCPA’s treatment of a business’s obligation...more
As one of the oldest and most recognized data privacy and security practices, we have had the honor of helping dozens of companies set up and evolve their data privacy programs over the past decade. That experience has given...more
The words “hodgepodge” and “patchwork” are overused in the world of risk and compliance, but they’re certainly appropriate for describing the myriad data privacy regulations popping up around the world. In 2018, the world...more
Effective as of January 1, 2020, the California Consumer Privacy Act (CCPA) gives broad rights to people on their personal data in the custody of companies. This focus on data rights significantly raises the compliance burden...more
With the enactment of the European General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act ("CCPA”), retailers have been forced to cope with a shifting privacy landscape that impacts the data that...more
The first landmark data privacy law in the United States goes into effect Jan. 1, 2020. The California Consumer Privacy Act (CCPA) is set to be the toughest privacy law in the country and will apply to more than 500,000 U.S....more
As organizations prepare for January 1, 2020 – the California Consumer Privacy Act (CCPA) commencement day – there are a number of nuances of the legislation that companies must navigate. The one I am hearing the most about...more
Pursuant to Cal. Civ. Code Sections 1798,100(a), and 1798.110(a) and (b), a consumer has a right to request, and a business that “collects personal information about a consumer” has an obligation to disclose and deliver upon...more
The CCPA requires that a company allow Californians to access the information held about them, or, in some situations, request that the information that they provided to a company be deleted. In order to access or delete...more