California is the newest “privacy battleground” and the CCPA will apply to a wide scope of business and an even wider scope of personal information. Since February, Mintz has run a webinar series focused on the CCPA and our team is working on assessments of collection and use of personal information and CCPA exposure to help clients start planning now for the January 1, 2020 effective date.
CCPA Webinar Recordings
California Consumer Privacy Act: Overview (2/6/2019)
This webinar, the first in our California Consumer Privacy Act Series, provides an overview of the act including who it applies to, the types of data covered, and the new rights granted by the act such as data access, deletion, and portability. Actionable, business-focused advice is provided regarding preparing data inventories and process flows to support these new rights, as well as business model considerations in light of the act’s guidance on data monetization and the sanctions and remedies that companies may face. Click to View Recording
In May of 2018, the EU’s General Data Protection Regulation (GDPR) took effect. Not to be outdone, California passed its own sweeping data protection legislation in August of 2018 — the California Consumer Privacy Act of 2018 (CCPA). In this webinar, Sue Foster and Cynthia Larose discuss the key similarities and differences between the GDPR and the CCPA, as well as practical steps your company can take to assess gaps and map out your path to compliance. Click to View Recording
The CCPA includes an exemption for personal health information collected by HIPAA-covered entities. But, health care organizations and life sciences companies still have obligations under CCPA and are not completely “home free.” In this webinar, Dianne Bourque and Cynthia Larose discuss the requirements of the CCPA for health care organizations – both HIPAA-covered entities and business associates – and life sciences companies, and discuss the scope of the HIPAA, Confidentiality of Medical Information Act, and clinical research exemptions. Click to View Recording
With the January 1, 2020 deadline for compliance with the California Consumer Privacy Act fast approaching, companies that serve California residents want to know how the act will affect their businesses. The retail and hospitality industries depend on knowing and understanding consumers to both attract and retain them. In this webinar, Cynthia Larose and Brian Lam focus on how to retool common process flows to become compliant with the act while maintaining user experience, provide a checklist on best practices for complying with the new regulations, and discuss current developments with amendments to the act. Click to View Recording
California Consumer Privacy Act: Enforcement and That Private Right of Action (7/31/2019)
EU General Data Protection Regulation (GDPR) Webinar Series
CCPA Blog Posts
Get ready: October 1, 2019 is the new date for many U.S. businesses to begin providing consumers the right to opt-out of the sale of their personal information. While January 1, 2020 was the date upon which many businesses were prepared to provide notice of consumers’ right to opt-out of the sale of their personal information to comply with California’s Consumer Privacy Act (CCPA), Nevada moved the goalpost last week and signed Nevada Senate Bill 220 (SB-220) into law, which requires many businesses to provide a similar opt-out, and becomes effective on October 1, 2019.
The California Consumer Privacy Act takes effect on January 1, 2020, but amendments are expected. In an article recently published by Bloomberg Law, Mintz attorneys Joshua Briones, Esteban Morales and Matthew Novian discuss the April 9 hearing on SB-561, a bill that would expand the private right of action and remove compliance opportunities for businesses, and explain why the bill should be closely watched.
On June 28, 2018, California passed the California Consumer Privacy Act (CCPA) and then further amended it on September 23, 2018. CCPA breaks new state law privacy ground, and this post addresses some of the confusion surrounding the exemptions for health information.
Last week, California State Senator Jackson and state Attorney General Becerra introduced a new bill, Senate Bill 561. If passed, it will greatly expand the consumers’ right to bring private lawsuits for violations of the California Consumer Privacy Act (“CCPA”). SB 561 will: (1) provide for a private right of action for all CCPA violations—not just those stemming from a data breach; (2) eliminate the 30-day safe-harbor provision that currently allows companies to cure the violation and thereby avoid a private right of action; and (3) prevent companies from seeking specific opinions from the Attorney General and instead allow the AG’s office to provide “general guidance” via publications.
CCPA Amendment May Answer Employee Question (3/28/2019)
We’ve now presented two webinars (links will be posted ICYMI) on the scope of the California Consumer Privacy Act, and have been talking with scores of clients about preparation and planning. One of the most frequently asked questions is whether the CCPA really applies to employee personal data processe by employers for business purposes.
On the heels of the passing one of the nation’s leading pieces of privacy legislation, the California Consumer Privacy Protection Act (“CCPA”), Governor Newsom, used his first “State of the State” address, to highlight his position on data protection and privacy, by saying that technology companies “make billions of dollars collecting, curating and monetizing our personal data have a duty to protect it” and that “Consumers have a right to know and control how their data is being used.”
California AG’s Office Gets Public Input on CCPA (1/29/2019)
The California Attorney General’s Office (CAGO) is conducting a series of public hearings around the state to gather input on the California Consumer Privacy Act of 2018 (CCPA). We attended the CAGO’s January 25th, 2019 hearing. The panel of CAGO staff informed those in attendance to anticipate a Notice of Proposed Regulatory Action in the fall of 2019.
California continues to lead the nation in cybersecurity and privacy legislation on the heels of the recent California Consumer Privacy Act of 2018 (“CCPA”). Governor Brown recently signed into law two nearly identical bills, Assembly Bill No. 1906 and Senate Bill No. 327 (the “Legislation”) each of which required the signing of the other to become law, on September 28th, 2018.
Labor Day is passed, and the Privacy & Security Matters blog is back after a bit of a hiatus. The California State Legislature was busy up to the last day of the session working on privacy legislation.
June 28, 2018 will be a watershed day in the history of U.S. data privacy legislation. California has become the first state to move away from the U.S. approach of legislating data privacy in slow bits.