With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
1/29/2025
/ Consumer Privacy Rights ,
Cookies ,
Cyber Incident Reporting ,
Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Privacy Laws ,
Risk Management ,
Security and Privacy Controls ,
Sensitive Personal Information ,
State Privacy Laws
On September 29, 2024, California Governor Gavin Newsom signed AB 1824 into law, amending the California Consumer Privacy Act (CCPA) to require entities involved in corporate transactions, such as mergers and acquisitions,...more
12/9/2024
/ Acquisitions ,
Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
Consent ,
Consumer Privacy Rights ,
Data Brokers ,
Data Collection ,
Data Sellers ,
Data-Sharing ,
Governor Newsom ,
Mergers ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws
On October 10, 2023, California Governor Gavin Newsom signed SB 362 into law. The “Delete Act” is intended to bridge a gap in consumer privacy rights – whereas the California Privacy Rights Act (the CPRA) grants consumers the...more
On September 21, 2023, the Colorado Division of Insurance adopted a Final Regulation implementing S.B. 21-169, the 2021 law governing Colorado-licensed insurers’ use of external consumer data and information sources (ECDIS),...more
11/30/2023
/ Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Consumer Privacy Rights ,
Data Collection ,
Final Rules ,
Insurance Industry ,
Life Insurance ,
NAIC ,
Predictive Analytics ,
Risk Management ,
Underwriting
The Colorado Privacy Act (“CPA”), Colorado’s first comprehensive consumer privacy law, came into effect on July 1, 2023. Like many new privacy laws, though, there has been uncertainty surrounding when meaningful enforcement...more
As with a growing number of states, Connecticut passed a comprehensive consumer privacy law, the Connecticut Data Privacy Act (the “CTDPA”), on May 10, 2022. The CTDPA becomes effective on July 1, 2023 and, in spite of the...more
7/3/2023
/ Amended Legislation ,
Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Controller ,
Data Deletion ,
Data Processors ,
Data Selling ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Minors ,
PHI ,
Sensitive Personal Information ,
State Privacy Laws
On March 15, 2023, the Colorado Attorney General’s Office announced the finalization of the Regulations implementing the Colorado Privacy Act (CPA), which will take effect on July 1, 2023. Covered businesses that make use of...more
On January 1, 2023, the California Privacy Rights Act of 2020, which amended the existing California Consumer Privacy Act (collectively, the “CPRA”) and Virginia’s Consumer Data Protection Act (“VCDPA”) went into effect....more
By now, it is generally known that comprehensive privacy laws include requirements to allow consumers to opt-out of the sale of the their personal information, including personal information collected through the use of...more
9/19/2022
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Covered Entities ,
Data Controller ,
Data Privacy ,
Data Selling ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Search Engines ,
State Privacy Laws ,
Targeted Digital Advertising
Do Companies have a cure period for alleged violations under the California Privacy Rights Act (“CPRA”)?
No, the CPRA eliminates the thirty (30) day cure period originally permitted under the California Consumer Privacy...more
On July 7, 2021, Governor Jared Polis officially signed the Colorado Privacy Act (“CPA”) into law, after the bill had passed both the Colorado House and Senate in June. The effective date of the CPA is July 1, 2023....more
On November 3, 2020, Californians voted to pass Proposition 24, expanding and modifying the California Consumer Privacy Act (“CCPA”), which came into force on January 1, 2020. The new California Privacy Rights Act (“CPRA”)...more
On November 3, 2020, Californians voted to pass Proposition 24, expanding and modifying the California Consumer Privacy Act (“CCPA”), which came into force on January 1, 2020. The new California Privacy Rights Act (“CPRA”),...more
Not necessarily.
As an initial matter, employees that are residents of California will not qualify as full “consumers” under the law until January 1, 2021....more
Likely no.
Neither the CCPA nor the proposed regulations explicitly address the issue of imposing fees or costs on consumers for responding to requests for access or requests for deletion. However, the CCPA does prohibit...more
When the CCPA was enacted last year, BCLP published a Practical Guide to help companies reduce the requirements of the Act into practice. Following publication of the Guide, we wrote a series of articles that addressed...more
3/11/2020
/ Advertising ,
Behavioral Advertising ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cookie Banners ,
Cookies ,
Opt-Outs ,
Personal Information ,
Private Right of Action ,
Statutory Penalties ,
Websites
Yes.
In fact, businesses may be required to obtain such confirmation from verified consumers under the current (non-final) regulations. As an initial matter, the CCPA states only that a business may have to delete the...more
$2,500 for each violation and $7,500 for each intentional violation.
The CCPA only provides a private right of action to any consumer whose unencrypted sensitive-category information has been breached as a result of a...more