The Office of the Attorney General has released the long-anticipated proposed CCPA regulations. The proposed regulations outline procedures intended to facilitate consumers’ new rights under the CCPA and provide compliance guidance to businesses regarding:
- Notices businesses must provide to consumers under the CCPA;
- Handling consumer requests made pursuant to the CCPA;
- Verifying the identity of the consumer making those requests;
- Personal information of minors; and
- Nondiscrimination and offering of financial incentives.
Please see our Alert for a detailed discussion of the proposed regulations.
Governor Gavin Newsom signed five CCPA amendment bills into law on Friday, October 11, 2019. He also signed an amendment broadening the California breach notification law and a new law which creates a data broker registry for the sale of certain personal information. The event marked the culmination of the California Legislature’s efforts this year to clarify the terms and scope of the CCPA, which takes effect on January 1, 2020.
A summary of these laws and their impact may be found in our previous Alert.
Stay tuned to the Duane Morris TechLaw Blog for developments regarding the CCPA and its implementation.
By: Michelle Hon Donovan, Brandi Taylor and Angelica Zabanal
Last Friday, September 13, 2019, marked the final day for the California Legislature to vote to pass amendments intended to clarify the terms and scope of the California Consumer Privacy Act (CCPA), which takes effect on January 1, 2020. The bills are now on Governor Gavin Newsom’s desk for approval, and the Governor will have until October 13, 2019, to sign or veto them.
Of the CCPA amendment bills that were in consideration, the following were passed:
- AB 25, regarding employee exemption
- AB 874, regarding the definition of PI (personal information)
- AB 1146, regarding warranty and vehicle repairs
- AB 1355, regarding the B2B exemption and other clarifying amendments
- AB 1564, regarding toll-free telephone number exception
Also of note, AB 1130 – a bill that does not specifically amend CCPA – also passed. This bill expands the categories of PI covered by California’s data breach notification laws, which will now include tax identification numbers, passport numbers, military identification numbers and unique identification numbers issued on a government document, as well as certain types of specified unique biometric data. This expansion is anticipated to impact liability under the CCPA’s private right of action
While not an exhaustive list of the bills that stalled during the legislative process, the following bills of note failed to be passed by the legislature:
- AB 873, regarding the definition of de-identified
- AB 846, regarding customer loyalty programs
- AB 981, regarding exemption for certain insurance transactions
While the approved amendments did not significantly overhaul the CCPA, several notable changes were made. Please see our Alert for a detailed discussion of these changes.
California recently passed what some argue to be the most robust net neutrality state law in the United States. That law has not yet gone into effect.
The very same day that California Governor Jerry Brown signed the net neutrality bill into law, the US Department of Justice was quick to filed a federal lawsuit, among other goals, to block implementation of the law. And last week, the Department of Justice and California Attorney General Xavier Becerra entered into an agreement to further postpone implementation of the California net neutrality law until the federal lawsuit is concluded.
So, what is at stake here? Continue reading California Net Neutrality Law Put On Hold Pending Federal Litigation
Privacy is like oxygen. It generally is not noticed by a consumer until it is gone. California lawmakers, however, are quite aware of privacy and have recently passed perhaps the most strict privacy law in the United States.
Only days ago, the California Consumer Privacy Act of 2018 (“the Act”) was signed into law by Governor Jerry Brown after it had been approved on a unanimous basis by the California State Assembly and the California Senate. The Act does not become operative until 2020, but when it goes it to effect, it will pack a punch. Indeed, the Act will provide great control to consumers with respect to their own personal data. Continue reading New California Law Seeks to Lead the U.S. in Online Privacy Protection
The other shoe has dropped — a recently enacted revenge porn law has reached the point of criminal prosecution in California.
Indeed, a San Diego man has just been charged with operating a Web site that allows users to post sexual images of others so that he then allegedly could extort large sums of money from the victims whose images had been posted.
Continue reading Revenge Porn Website Creator Faces 31 Criminal Charges
In my most recent blog, I reported on the phenomenon of “revenge porn,” the unfortunate practice by former lovers, boyfriends, and husbands of posting nude and sexual photos and videos of women with whom they had been intimate.
Now, according to Reuters, California Gov. Jerry Brown has just signed a unique state law that criminalizes revenge porn.
Continue reading California Criminalizes “Revenge Porn”
The relationship between privacy and mobile applications is coming into focus. On February 27, 2012, the California Attorney General entered into a Joint Statement of Principles with the six largest mobile application companies – Apple, Google, H-P, Microsoft, Amazon and RIM – regarding consumer privacy and transparency issues when data is collected through an app. http://ag.ca.gov/cms_attachments/press/pdfs/n2647_agreement.pdf. The Five Principles set parameters for good practice. Although not legally binding, the AG promises to review compliance in the fall, and may use California laws on privacy, false advertising, unfair business practices and others as enforcement tools. Since California often leads the way in privacy enforcement it is likely that other states will follow suit.
Continue reading California Spotlights Mobile Applications and Privacy: The Impact on the App (Including the mHealth) Industry