Back in July, we shared some good news out of California when a state court judge ruled that the newest regulations under the California Consumer Privacy Act (“CCPA”) could not be enforced until March 2024. But last week, the agency charged with enforcing the CCPA – the California Privacy Protection Agency (with the confusingly similar abbreviation of the “CPPA”) – won reversal of that opinion on appeal. The ruling now gives the CPPA the authority to begin enforcing immediately the regulations that it enacted in March 2023.Continue Reading Delay Lifted in CCPA Regulations Enforcement
CCPA Regulations Version 2.0 – Are you STILL compliant?
Thanks to statutory amendments and regulatory changes, compliance with the California Consumer Privacy Act (“CCPA”) continues to be a moving target. As Vedder Price previously reported, the CCPA, effective January 1, 2020, gave consumers new tools and rights for protecting their data privacy. In October 2020, the California Attorney General (“AG”) approved the “final” set of regulations interpreting the requirements of the CCPA, discussed here. Then in December 2020, the AG proposed some modifications to the regulations in response to comments about the previous set of proposed CCPA modifications.
Recently, on March 15, 2021, the AG announced that the Office of Administrative Law approved the AG’s proposed changes to the CCPA regulations. These newly approved regulations strengthen the language of the CCPA by making three changes relating to the right to opt out of sales and one change to authorized agent requests. Thus, companies that are focused on CCPA compliance should review these regulations with fresh eyes to make sure they are still compliant.Continue Reading CCPA Regulations Version 2.0 – Are you STILL compliant?
Parking Tickets, Jaywalking, and Cybersecurity Breaches at Multinational Companies: City ordinances are coming off the streets and into the server room
Smart companies have been worried about data security for years—no one wants to be in the headlines as the next big company to have a breach, the next corporation to face a class action lawsuit or the next business facing federal or state regulatory scrutiny. It’s only heightened in recent years as companies faced new regulations imposed by the GDPR and the CCPA. Well, things are not getting any better in 2020—now an increasing number of municipalities are getting in on the act.
San Francisco was the first city to have this awakening in 2017. In response to the Equifax data breach on September 7, 2017, San Francisco filed claims against Equifax under California’s Unfair Competition Law (UCL). A few months later, Los Angeles brought a similar lawsuit against Uber claiming that the company paid hackers to delete stolen data and failed to notify consumers of the breach in violation of the UCL. But most state statutes do not give cities standing to bring lawsuits.Continue Reading Parking Tickets, Jaywalking, and Cybersecurity Breaches at Multinational Companies: City ordinances are coming off the streets and into the server room