In December, the California Privacy Protection Agency (CPPA) published revised draft regulations on risk assessments required under the California Privacy Rights Act (CPRA).
Under prior draft regulations, the CPPA will...more
This is the third article in a three-part series whereby Ankura privacy experts analyzed the 40 examples of alleged non-compliance with the California Consumer Privacy Act (CCPA) published by the California Office of Attorney...more
This is the second article in a three-part series where Ankura privacy experts analyzed the 40 examples of non-compliance with the California Consumer Privacy Act (CCPA) published by the California Office of Attorney General...more
12/19/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Financial Products ,
Department of Health and Human Services (HHS) ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Devices ,
Noncompliance ,
State Attorneys General ,
Telehealth
The California Office of Attorney General (OAG) is responsible for enforcing the California Consumer Privacy Act (CCPA) and began sending notifications of alleged non-compliance to companies on July 1, 2020. In June 2021,...more
12/15/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Data Privacy ,
Disclosure Requirements ,
Do Not Sell ,
Enforcement Actions ,
Noncompliance ,
Notifications ,
Opt-Outs ,
State Attorneys General
The latest proposed Federal Privacy Law, titled the American Data Privacy and Protection Act (“ADPPA”), continues to gain momentum and in late July 2022, the House Committee on Energy and Commerce voted to advance the bill to...more
7/28/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corrective Actions ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Notification Requirements ,
Policies and Procedures ,
Privacy Laws ,
Privacy Policy ,
Proposed Legislation
The California Office of Attorney General (OAG) is responsible for enforcing the CCPA and began sending notifications of alleged non-compliance to companies on July 1, 2020.
Almost a year later, in June of 2021, the OAG...more
Since its enactment just over a year ago, some companies have struggled to interpret the California Consumer Privacy Act (CCPA) and the circumstances that might subject them to penalties and fines for violations. In an effort...more
The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture,...more
On July 19, 2021, the California Attorney General announced the launch of a new online Consumer Privacy Interactive Tool which allows consumers to directly notify businesses of potential noncompliance that do not have a “Do...more
A new trend in privacy and cybersecurity laws is the introduction of safe harbor clauses for aligning data protection controls to recognized data privacy and cybersecurity frameworks.
OHIO HB376: In July 2021, Ohio...more
8/4/2021
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Safe Harbors
Authors: David Manek, Joe Shepley and Mark Melnychenko The California Privacy Rights Act (CPRA) which goes live January 1, 2023 introduces data retention and deletion requirements very similar to those that we see in the...more
7/20/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Compliance ,
Data Deletion ,
Data Storage ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
Personal Data ,
Risk Management ,
Rulemaking Process ,
Sensitive Personal Information
Organizations are becoming increasingly reliant on external parties to manage parts of their business. The centralized knowledge, expertise, and economies of scale that third parties provide enables organizations to focus...more
7/5/2021
/ Anti-Bribery ,
California Consumer Privacy Act (CCPA) ,
Collaboration ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
NYDFS ,
Risk Management ,
Software ,
Third-Party Risk ,
Transparency ,
Vendors
The Virginia Consumer Data Protection Act (CDPA) overwhelmingly passed both legislative chambers this month and is expected to be signed by the Governor in the coming weeks with an effective date of January 1, 2023. Best...more
6/28/2021
/ Adtech ,
California Consumer Privacy Act (CCPA) ,
CDPA ,
Cookies ,
COPPA ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Personal Data ,
Popular ,
Privacy Laws ,
Sensitive Personal Information ,
Third-Party Service Provider ,
Virginia
A data inventory is the fundamental building block for an effective privacy program. In its simplest form, a data inventory can be thought of as a matrix which documents 1) what personal data is being collected by the...more
5/27/2021
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Retention ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Governance ,
Popular