Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: CaCPA

Posted in Consumer Privacy

California Privacy Compliance Obligations May Soon Change Under CPRA Ballot Initiative

The California Privacy Rights Act is progressing through California’s elections process for inclusion on the November 2020 ballot. Businesses may want to begin considering how their data privacy obligations in California may change if voters enact CPRA. The CPRA would significantly amend the CCPA. Included in this blog post is a summary of key additions and modifications to the CCPA’s existing obligations.

Posted in Consumer Privacy

CCPA Regulations Still Not Final as Enforcement Deadline Approaches; CPRA Appears to Move Forward

Businesses spent the latter months of 2019 working hard to prepare for the January 1, 2020 implementation of the California Consumer Privacy Act. Months later, those businesses still are uncertain of their full range of potential compliance obligations because the California Attorney General’s CCPA implementing regulations are still not final. As businesses refine their CCPA compliance programs, they should also be aware that privacy rules in California could again change before the end of this year if the California Privacy Rights Act ballot initiative is approved by voters. Both the regulations and the CPRA are subject to complicated administrative processes that could affect their adoption and implementation, as described in this post.

Posted in Consumer Privacy, News & Events

Second Modified CCPA Draft Regulations Released—Comments Due March 27

On March 11, The California Attorney General released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act. These modifications update the initial draft regulations published on October 11, 2019 as well as the first set of modified draft regulations published on February 10, 2020. The second set of modifications contain a small number of impactful changes, which we summarize in this post.

Posted in Consumer Privacy

Modified CCPA Regulations Released—Comments Due February 25 (Updated)

On Friday, February 7, 2020, the California Attorney General released notice of changes to the California Consumer Privacy Act draft regulations. Initial draft regulations were published for public comment on October 11, 2019. Public comments on these modified draft CCPA regulations will be accepted by the CA AG until Monday, February 24, 2020, at 5 pm PST.

Posted in News & Events

Webinar Invitation — California Consumer Privacy Act (CCPA) Update

Please Join us on Thursday, November 14 for a webinar discussion with Hogan Lovells Privacy and Cybersecurity partners Mark Brennan and Tim Tobin of how changes to the California Consumer Privacy Act (CCPA) enacted over the past year and the California Attorney General’s proposed regulations may impact your CCPA compliance efforts.

Posted in Consumer Privacy

IAB Soliciting Comments on Draft Compliance Framework for Programmatic Advertising under the CCPA

On October 22, the Interactive Advertising Bureau, a media and marketing industry trade group, released for public comment the California Consumer Privacy Act Compliance Framework for Publishers and Technology Companies and accompanying technical specifications to implement the Framework. The draft Framework is designed to help Framework participants (including publishers and intermediaries) comply with the California Consumer Privacy Act by: (1) establishing a digital signal that Framework participants can use to communicate consumer requests to opt out of “sales” of personal information associated with digital advertising; and (2) supporting that signal with a standard contract designed to create service provider relationships between publishers and advertising companies after a consumer registers an opt out. The IAB is requesting comments, which can be sent to privacy@iab.com, by November 5, 2019.

Posted in News & Events

Webinar Invitation – CCPA Draft Regulations: What You Need to Know

Please join Hogan Lovells on October 17 for a webinar discussion of the much-anticipated proposed CCPA regulations released by the California Attorney General. The Hogan Lovells team will discuss the proposed requirements and how they would impact privacy notices, individual rights, financial incentive programs, and contracting strategies. We will also discuss steps you can take to develop reasonable and defensible CCPA compliance strategies by January 1, 2020.

Posted in Consumer Privacy

California AG Releases Proposed CCPA Regulations

On October 10, California Attorney General Xavier Becerra released proposed regulations to implement certain provisions of the California Consumer Privacy Act. The proposed regulations would create many new requirements. They provide clarifications to businesses and consumers in five key CCPA areas as summarized within this post.

Posted in News & Events

Now Available: Webinar – Operationalizing the California Consumer Privacy Act – Key Decisions and Compliance Strategies

On June 20, 2019, Hogan Lovells partners Mark Brennan and Bret Cohen discussed in great detail the impact of the law, explained key definitions, and offered practical guidance on how to navigate it during the webinar, “Operationalizing the California Consumer Privacy Act.” More than 600 live attendees participated and were able to hear Mark and Bret cover how to determine whether businesses are covered, how to account for opt-outs from sales to third parties, the content and timing of CCPA notices, how to apply the CCPA’s exceptions, and more.

Posted in Consumer Privacy

CCPA Amendments Advance through California Assembly

A number of legislative proposals seeking to amend the California Consumer Privacy Act are moving forward following an April 23 hearing before the California Assembly’s Committee on Privacy and Consumer Protection in which the bills were approved. The bills will now advance to the Assembly’s Appropriations Committee before being voted on by the full Assembly and potentially advancing to the California Senate for consideration.

Posted in Consumer Privacy

Efforts to Expand CCPA’s Private Right of Action Remain in Question

The California legislature is considering significant amendments to the California Consumer Privacy Act ahead of the law’s January 1, 2020 implementation date. Of particular note has been the potential for CCPA amendments to expand the private right of action beyond violations of businesses’ duty to implement and maintain reasonable security procedures to instead cover violations of any CCPA rights.

Posted in Consumer Privacy

Beyond FERPA: The California Consumer Privacy Act’s New Rules for Privacy in the Education Sector

In June of 2018, California passed the California Consumer Privacy Act, which seeks to give consumers additional safeguards regarding their personal information. The CCPA will become effective January of 2020 and may impact companies in the education sector, including the larger education technology companies. While the CCPA does not apply to nonprofit educational institutions, it may apply to certain for-profit educational institutions, third-party service providers, and others in the education space. If an educational entity meets the threshold requirements below or it processes information on behalf of such an entity, it should prepare for CCPA implementation by January 2020.

Posted in Consumer Privacy

CCPA Update: CA AG Backs Bill to Expand Private Right of Action and Remove Cure Period

A bill introduced to amend the California Consumer Privacy Act of 2018 (“CCPA” or the “Act”) could greatly expand the risks to businesses that collect the personal information of California consumers. Senate Bill 561 (“SB 561”) would expand the CCPA’s private right of action to any violation of a consumer’s CCPA rights, remove the existing 30-day cure period, and eliminate businesses’ right to consult the AG’s office regarding compliance. SB 561 would not impact the CCPA’s current effective date of January 1, 2020.

Posted in Consumer Privacy

California Consumer Privacy Act: The Challenge Ahead – The CCPA’s “Reasonable” Security Requirement

Much of the focus on the California Consumer Protection Act (“CCPA”) has been on the new rights that it affords California consumers, including the rights to access, delete, and opt out of the sale of their personal information. But arguably the greatest risk to covered businesses involves data security, as the CCPA creates for the first time a private right of action with substantial statutory penalties for breaches involving California consumers’ personal information. This installment of the Hogan Lovells’ CCPA series explains the CCPA’s security requirement and consequences for non-compliance, and describes security controls that most organizations can implement to mitigate this risk.

Posted in Consumer Privacy

California DoJ Sets March 8 Deadline for CCPA Pre-Rulemaking Comments

The California Department of Justice has announced a March 8, 2019 deadline for submitting written pre-rulemaking comments on the California Consumer Privacy Act (CCPA). The March 8 deadline is an extension from the previously set end-of-February deadline. Pursuant to section 1798.185(a) of the CCPA, the California Attorney General (AG) is obligated to solicit broad public participation and adopt regulations to further the purposes of the CCPA. The CCPA sets out seven specific areas for AG rulemaking.

Posted in Consumer Privacy

California Department of Justice to Hold Six Public Forums on the CCPA

The California Attorney General Xavier Becerra and the California Department of Justice will hold six public forums about the California Consumer Privacy Act (CCPA) that are open to all members of the public. These public forums are being held pursuant to Section 1798.185 of the CCPA, which requires the Attorney General to “solicit broad public participation and adopt regulations to further the purposes” of the CCPA.

Posted in Consumer Privacy

California Consumer Privacy Act: The Challenge Ahead – The CCPA’s Anti-Discrimination Clause

One of the most controversial elements of the California Consumer Privacy Act (“CCPA”) is the establishment of an “anti-discrimination” right – businesses may not “discriminate” against consumers for exercising certain rights under the CCPA, and they will need to assess whether and how they can require consumers to accept certain data practices as a condition of service.  Compliance would be challenging even if the provision were articulated clearly, but as we have discussed in this blog series, the accelerated drafting process and passage of the CCPA earlier this year left little time for public comment and responsive amendments.  As a result, the law includes a series of ambiguities that complicate compliance, and nowhere is that more apparent than in the anti-discrimination provision.

This entry in Hogan Lovells’ ongoing series on the CCPA focuses on the law’s anti-discrimination clause, its ambiguities and potentially contradictory provisions, and impact on businesses.

Posted in Consumer Privacy

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

The California Consumer Privacy Act of 2018 (“CCPA”) exempts information that is collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (“GLBA”), and its implementing regulations (the “Privacy Rule”), or the California Financial Information Privacy Act (“CFIPA”).  It does not exempt financial institutions altogether from its requirements where a financial information is processing information not subject to these regimes.  In such situations, a financial institution must comply with a wide array of CCPA obligations, including requirements to make certain disclosures to consumers and to provide certain rights to consumers, such as the right to stop “sales” of their personal information and the right to access data that a business has collected about them. Determining whether information a financial institution processes is covered by the exemption or not can be challenging and is something that financial institutions will need to analyze for their operations.

This blog post provides background on the scope of the exemption and an overview of key considerations for financial institutions developing CCPA compliance programs.