Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

Privacy & Thumbnail Viewpoints Thumbnail

California AG Issues Revised Draft CCPA Regulations

February 10, 2020 | Blog | By Cynthia Larose

Late in the afternoon on Friday, the California Attorney General dropped the long-awaited revised draft regulations implementing the California Consumer Privacy Act of 2018 (CCPA).  The AG’s office provided a redline to the initial draft regulations, which we have previously discussed.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

The View from DC: Expansion of COPPA?

February 7, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

Representative Kathy Castor (D-FL) has introduced the Protecting the Information of Our Vulnerable Children and Youth Act (PRIVCY ACT), which is a significant rewrite of the Children’s Online Privacy Protection Act (COPPA). In so doing, the bill expands the scope of COPPA’s protections and creates new enforcement mechanisms. The children advocacy groups, Common Sense Media and the Campaign for a Commercial-Free Childhood, have come out in public support of the bill, as has the privacy advocacy group, the Center for Digital Democracy.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
The companies Salesforce.com, Inc. and Hanna Andersson, LLC are on the receiving end of a novel lawsuit, which appears to be the very first data breach class action ever filed with alleged violations of the California Consumer Privacy Act (“CCPA”).  The case is styled as Barnes v. Hanna Andersson, LLC , N.D. Cal., Case No. 20-cv-00812.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

UPDATED: It’s Déjà vu All Over Again: Washington Privacy Act Fails to Pass

February 4, 2020 | Blog | By Christopher Buontempo, Cynthia Larose

Aristotle first suggested that “nature abhors a vacuum,” meaning that where there is a void, the universe seeks to fill it.  Although there has been some movement in Congress towards comprehensive federal privacy legislation states like California have taken up the gauntlet to fill the vacuum. We now have the California Consumer Privacy Act (CCPA) in force and expect to see other states take up similar laws this year. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Some US companies who do business in the UK are wondering whether they need to update their GDPR notices or take other steps now that the UK has officially left the European Union.  The answer is: Not yet.  The threat of a “Hard Brexit” with immediate changes to UK laws has passed.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

REMINDER: Brexit Effects on Privacy Shield

January 31, 2020 | Blog | By Cynthia Larose

Now that the United Kingdom has officially withdrawn from the European Union as of January 31, you should look at your transfers of personal data in light of Brexit.   Under the Withdrawal Agreement between the UK and the EU, EU law (including GDPR) will continue to apply to and in the UK during the transition period from January 31, 2020 to December 21, 2020.   
Read more
Privacy & Thumbnail Viewpoints Thumbnail
With the CCPA having just become effective January 1st, 2020, affected entities and consumers may not have expected that actions are already being taken to dramatically amplify the consumer protections put in place by the CCPA.  Yet Alastair Mactaggart, who led the effort that resulted in the CCPA, via the advocacy group Californians for Consumer Privacy, has put forth a ballot initiative, to be known as the California Privacy Rights Act (CPRA), to do just that. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Congressional Privacy Action – Part 2: The House

January 29, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

The House is taking a different approach to drafting a federal privacy bill.  On December 18, Democratic and Republican staff for the House Energy & Commerce Committee released a bipartisan staff draft for circulation.  The “staff” in “staff draft” is key – the document does not necessarily reflect the policy positions of Members, particularly committee Chairman Frank Pallone (D-NJ) and Ranking Member Greg Walden (R-OR).
Read more
Viewpoint Thumbnail

Congressional Privacy Action – Part 1: The Senate

January 28, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

As 2020 gets underway, Congress will continue to deliberate on federal privacy legislation in the second session of the 116th Congress.  The California Consumer Privacy Protection Act (CCPA) went into effect on January 1, and the state will begin enforcing the law on July 1.  State Attorney General Xavier Becerra (D) is expected to release final regulations implementing CCPA within six months (although business certainly hopes sooner….). 
Read more
Privacy & Thumbnail Viewpoints Thumbnail
As more and more states seek to expand biometric privacy protection, plaintiffs begin to explore new claims under these legislative schemes. Companies, therefore, must proactively monitor their compliance with emerging privacy laws.
Read more
Viewpoint Thumbnail

Is Your Company Still Running Windows 7? READ THIS!

January 10, 2020 | Blog | By Cynthia Larose

If you haven’t been paying attention to all the Microsoft warnings for the past year and your company is still running Windows 7, time’s up.   After January 14, 2020, Microsoft will stop pushing out security updates to Windows 7 for free.  You’ll still be able to run those Windows 7 systems, but they will be more susceptible to security problems and there will be no patches pushed out for these vulnerabilities.  
Read more
Viewpoint Thumbnail
The short answer is “no”.    The CCPA has a specific definition for “service provider” at Section 1798.140(v) – see our annotated version of the CCPA here – and it also requires a vendor to be bound by a written contract that prohibits it from retaining the personal information for “any purpose other than for the specific purpose of performing the services specified in the contract … or as otherwise permitted by this title” and more.
Read more
Health Care Viewpoints Thumbnail

A New Decade of HIPAA: What Can We Expect?

December 23, 2019 | Blog | By Sarah Beth Kuyers, Dianne Bourque, Ellen Janos

As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old.  It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the first breach notification rule – the one based on the harm standard.   And the Omnibus Rule’s “low probability of compromise” standard is almost seven years old!   Regulators and regulated entities are heading into the new year and decade with a lot of momentum on some important issues.  As we prepare to welcome 2020, we’d like to indulge in a bit of hindsight – as well as speculation – about what the new decade might hold for HIPAA-regulated entities. 
Read more
Viewpoint Thumbnail
Because the term “consumer” is so broad in the CCPA (remember:  it’s any California resident), it would have applied to employee and job applicant data and all business contact information across the board.  After much negotiation, the legislature enacted (and the Governor signed) two amendments dealing with this information.  Until January 1, 2021, the CCPA will not apply to information collected about employees or job applicants, or in typical business-to-business (B2B) transactions by a business otherwise required to comply with CCPA.
Read more
Viewpoint Thumbnail

CCPA QOTD: What are the penalties for non-compliance with the CCPA?

December 18, 2019 | Blog | By Cynthia Larose

Unless you have been living off the grid for the past year, you likely know that we are now down to 13 days and counting to the effective date of the California Consumer Privacy Act (CCPA).   We have received hundreds of questions and concerns from clients over the past few weeks in the preparations of compliance programs and thought we would share a question of the day (QOTD).
Read more
Viewpoint Thumbnail
The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago.  The revised Guidelines do not significantly change the EDPB’s essential framework for determining whether or not the GDPR applies to a given data processing activity.  The revised Guidelines do provide a few additional (and reasonably useful) examples as well clarifying a few points that were a bit hazy in the original formulation of the EDPB’s framework. 
Read more
Viewpoint Thumbnail

The California Consumer Privacy Act – A Brief Guide for Covered Employers

October 29, 2019 | Blog | By Cynthia Larose, Jennifer Rubin

The California Consumer Privacy Act becomes effective on January 1, 2020 with an amendment that impacts California employers. Covered businesses should, of course, already be in the process of preparing CCPA privacy notices and disclosures. And while the amendment carves out some of the direct CCPA provisions applicable to California employers, employee data – and how it is handled – should also be on every covered employers’ to do list.
Read more
Viewpoint Thumbnail
The California Attorney General’s CCPA draft regulations impose additional requirements for collection of data from children under 13 on top of those imposed by the federal Children’s Online Privacy Protection Act (COPPA), and also create additional requirements for minors between the ages of 13 and 16. Businesses will need to have reasonable processes in place to ensure that the person providing consent for the sale of a child’s data on his or her behalf is actually their parent or legal guardian. Minors must also be able to opt in, and later, opt out, of the sale of their PI. Businesses should include these practices in their privacy policies.   
Read more
Viewpoint Thumbnail
The California Attorney General’s draft regulations specify how businesses verify consumers’ identities when they receive consumers’ data requests.  Specifically, Section 999.323 requires a business (i) to verify consumers’ requests by using available data and implementing reasonable security measures, (ii) not to collect new data for verification unless necessary for security purposes, and (iii) to promptly delete newly collected information.
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Within Article 3 (pages 10-18), the regulations detail important requirements that every business must follow when providing and fulfilling consumer rights under the CCPA.
Read more
Sign up to receive email updates from Mintz.
Subscribe Now

Explore Other Viewpoints: