October 29, 2019 | Blog | By Cynthia Larose, Jennifer Rubin
The California Consumer Privacy Act becomes effective on January 1, 2020 with an amendment that impacts California employers. Covered businesses should, of course, already be in the process of preparing CCPA privacy notices and disclosures. And while the amendment carves out some of the direct CCPA provisions applicable to California employers, employee data – and how it is handled – should also be on every covered employers’ to do list.
October 21, 2019 | Blog | By Elana R. Safner
The California Attorney General’s CCPA draft regulations impose additional requirements for collection of data from children under 13 on top of those imposed by the federal Children’s Online Privacy Protection Act (COPPA), and also create additional requirements for minors between the ages of 13 and 16. Businesses will need to have reasonable processes in place to ensure that the person providing consent for the sale of a child’s data on his or her behalf is actually their parent or legal guardian. Minors must also be able to opt in, and later, opt out, of the sale of their PI. Businesses should include these practices in their privacy policies.
October 18, 2019 | Blog | By Natalie Prescott
The California Attorney General’s draft regulations specify how businesses verify consumers’ identities when they receive consumers’ data requests. Specifically, Section 999.323 requires a business (i) to verify consumers’ requests by using available data and implementing reasonable security measures, (ii) not to collect new data for verification unless necessary for security purposes, and (iii) to promptly delete newly collected information.
Analysis of Attorney General Regulations to CCPA – Part 2: Business Practices for Handling Consumer Requests
October 17, 2019 | Blog | By Brian Lam
Within Article 3 (pages 10-18), the regulations detail important requirements that every business must follow when providing and fulfilling consumer rights under the CCPA.
October 16, 2019 | Blog | By Christopher Buontempo
Article 2 of the California Attorney General’s draft regulations specify certain notices that must be given to consumers at the time of collection of their personal information, including consumers’ rights to opt-out of the sale of their personal information, and notices of financial incentives a business may offer in exchange for consumers’ personal information. Article 2 also provides specific CCPA requirements for company privacy policies.
October 15, 2019 | Blog | By Christopher Buontempo, Brian Lam, Cynthia Larose, Natalie Prescott, Elana Safner
The California Attorney General’s office (CA AG) has published the long-awaited implementing regulations to the California Consumer Privacy Act (CCPA). In addition to the regulations, the CA AG also released a Notice of Proposed Rulemaking and Initial Statement of Reasons to support the draft regulations. The CA AG will hold a series of public hearings as outlined in the Notice of Proposed Regulations, and will be accepting written comments from the public on the regulations until 5:00 PM PST on December 6, 2019.
October 10, 2019 | Blog | By Cynthia Larose
The California Attorney General has issued draft regulations to the California Consumer Privacy Act. View the draft regulations in this post.
October 2, 2019 | Blog | By Cynthia Larose
September 20, 2019 | Blog | By Cynthia Larose, Brian Lam
Interested parties and privacy professionals have all been anxiously awaiting how legislative activity would shake out before the California Consumer Privacy Act (“CCPA”) is implemented January 1, 2020. Now that the dust has settled inside the golden dome in Sacramento and the state legislature’s 2019 session has come to a close, we can see which bills passed and will be provided to Governor Gavin Newsom, who has until October 13th to either veto these bills or sign them into law.
September 10, 2019 | Blog | By Cynthia Larose
51 tech company CEOs today signed and sent an open letter to Congress asking for help to hold off and supersede the rising number of state privacy laws growing like weeds. The letter was sent on behalf of the Business Roundtable, a group that has sent its own “Framework for Consumer Privacy Legislation” to Congress as a “jumpstart.”
September 6, 2019 | Blog | By Cynthia Larose
In California's Senate session on September 5, AB 1130 was passed, which amends the state’s data breach notification law. The amendment would include passports, biometric data, and taxpayer and military identification numbers to the definition of “personal information” requiring notice under the breach notification law if breached.
Facsimiles and Other Fossils: FTC Initiates Review to Update COPPA Rule to Keep Pace with Emerging and Connected Technology
August 26, 2019 | Blog | By Cynthia Larose, Elana R. Safner
Spurred by the rapid evolution of technology, the Federal Trade Commission (“FTC” or “Commission”) decided unanimously to begin a review of the Children’s Online Privacy Protection Act (“COPPA”) Rule. The review could upend compliance plans for many businesses with a digital footprint.
August 13, 2019 | Blog | By Cynthia Larose
The California Legislature has returned from its summer recess and got right to work on the pending amendments to the California Consumer Privacy Act (CCPA). The Legislature has 30 days from today to send any amendments to the Governor’s desk for signature.
August 12, 2019 | Blog | By Christian Tamotsu Fjeld, Alexander Hecht
As August recess gets underway for the House and the Senate, ML Strategies has prepared a summary of the status of this summer’s key cybersecurity issues. ML Strategies will continue to track these and other cybersecurity priorities before Congress and the Administration through August and beyond.
August 2, 2019 | Blog | By Christopher Buontempo, Cynthia Larose
We know we told you yesterday about the Equifax settlement and how you could make a claim in connection with the breach. Well, consumers whose personal information was compromised in Equifax’s massive 2017 data breach are in for another surprise: they may not receive the entire $125 payout option initially offered following Equifax’s settlement agreement with the FTC.
July 30, 2019 | Blog | By Christopher Buontempo, Cynthia Larose
July 23, 2019 | Blog | By Cynthia Larose
According to our CCPA Countdown Clock, we are 161 days and counting to the effective date of the California Consumer Privacy Act. The Mintz Privacy team is deeply involved in working with clients on developing compliance programs and digging into customer data for inventory and mapping exercises. If you’re not already doing that, our handy tip sheet outlines the very top level issues and may help to provide a broad overview.
July 22, 2019 | Blog | By Dianne Bourque, Matt Mora
There are reports that HHS plans to issue a proposed rule next month, which would again amend 42 CFR Part 2 (“Part 2”) and modify how the medical records of patients with substance abuse disorders are currently shared between providers. Part 2 amendments, especially amendments to align Part 2 with the Health Insurance Portability and Accountability Act (“HIPAA”), would be welcome news to the many stakeholders in the industry who have repeatedly voiced their concerns regarding the regulatory hurdles that surround the disclosure of drug and alcohol treatment records.
July 1, 2019 | Blog | By Cynthia Larose, Brian Lam
While the California Consumer Protection Act (“CCPA”) is certainly one of the most important pieces of privacy legislation affecting many businesses today, we want to remind our readers of another California initiative that may affect their operations, which we are calling the “Disclose Your Bots” law.
June 7, 2019 | Blog | By Cynthia Larose, Christopher Buontempo
Get ready: October 1, 2019 is the new date for many U.S. businesses to begin providing consumers the right to opt-out of the sale of their personal information. While January 1, 2020 was the date upon which many businesses were prepared to provide notice of consumers’ right to opt-out of the sale of their personal information to comply with California’s Consumer Privacy Act (CCPA), Nevada moved the goalpost last week and signed Nevada Senate Bill 220 (SB-220) into law, which requires many businesses to provide a similar opt-out, and becomes effective on October 1, 2019.
Explore Other Viewpoints:
- Arbitration, Mediation & Alternate Dispute Resolution
- Bankruptcy & Restructuring
- Class Action
- Complex Commercial Litigation
- Consumer Product Safety
- Debt Financing
- EB-5 Financing
- Education & Nonprofits
- Employment, Labor & Benefits
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Products Liability & Complex Tort
- Project Development & Finance
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations