DE Under 3: Court Held That Workday Was an “Agent” to Employers Licensing its AI Applicant Screening Tools
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
In House Counsel: How To Measure the Effectiveness of Your Staffing Strategy
Sitting with the C-Suite: Identifying Opportunities to Leverage Human Capital
The CCPA for the Land Title Industry: Service Providers and Sale of Data Under the CCPA
Podcast - Risk Management: Troubleshooting & Problem Solving
Cybersecurity in the investment management industry
FCPA Compliance and Ethics Report-Episode 157-Training of Third Parties Under the FCPA
Special Report: The Hot-ish Swag at LegalTech New York 2015
Over a year after his office’s last privacy enforcement action, on July 1, 2025, California Attorney General Rob Bonta (AG) announced a new California Consumer Privacy Act (CCPA) settlement with Healthline Media LLC...more
On February 21, 2024, California Attorney General Rob Bonta ("Cal AG") announced that his office reached a settlement with DoorDash, the food delivery service company, for violating the California Consumer Privacy Act...more
The ability to verify compliance with applicable law, notice and opt-out requirements for subcontractors, and flowing through data minimization principles are key requirements under new US state data protection laws. As...more
American Data Privacy and Protection Act would require organizations to limit collection of personal information, grant consumers access to their own data, enhance data protections for children, mandate implementation of...more
Since 2018, a consistent stream of newly adopted privacy laws and other regulatory developments (such as GDPR, CCPA, Schrems II, and the new EU Standard Contractual Clauses) has required companies to make regular updates to...more
On November 3, 2020, Californians voted to pass Proposition 24, expanding and modifying the California Consumer Privacy Act (“CCPA”), which came into force on January 1, 2020. The new California Privacy Rights Act (“CPRA”)...more
The California Consumer Privacy Act became effective on Jan. 1. Included among its provisions is the grant of a private right of action on behalf of any consumer “whose nonencrypted and nonredacted personal information…is...more
Retailers are divided about whether the use of third party behavioral advertising cookies do, or do not, constitute the sale of personal information. One in four retailers (28%) utilize behavioral advertising cookies and take...more
No. it is not clear whether persistent third party cookies do, or do not, constitute “personal information” under the CCPA. Among other things, whether the cookie can “reasonably be linked” to a particular consumer or...more
No. Under the final regulations promulgated by the California Attorney General, where a business collects information as a service provider for another business, the service provider has no obligation to present its...more
The California Consumer Privacy Act (CCPA) went into effect January 1, 2020 and created several rights for California residents, including the game-changing right to opt-out of the sale of personal information. ...more
Part three of this CCPA client alert series focuses on the obligations for service providers pursuant to the CCPA. The California Consumer Privacy Act of 2018 (the “CCPA”) and the related proposed Attorney General...more
Probably. When a business receives a request from a consumer to access the personal information that the business has “collected,” it must decide whether to grant the request or to deny it based upon one of the exceptions...more
Yes. Unless a service provider has contractually agreed otherwise, they can refuse an instruction to delete personal information that they receive from their client (i.e., the business for whom the service provider was...more
Shook Weighs in on Updated CCPA Regulations - In response to extensive public comment, the California Attorney General’s office released modified draft regulations under the CCPA on February 7. Shook has provided initial...more
Maybe. Many online businesses utilize map services to provide location, distance, and direction information to consumers. The provision of map services inherently requires the business to share consumers’ personal...more
Maybe. Many online businesses utilize “bot” detection services to determine whether actions taken on a website or application have been made by a human or by an automated program (i.e., a “bot”). The provision of bot...more
The CCPA broadly defines the term “sale” as including the act of “disclosing” or “making available” personal information “for monetary or other valuable consideration” from one business to another. This arguably could include...more
On February 10, 2020, the California Attorney General published revisions to the proposed regulations (Revised Regulations) to implement the California Consumer Privacy Act of 2018 (CCPA). The changes largely clarify and...more
Sometimes. Many companies today use “look-alike audiences” (a.k.a “mirror audiences” or “similar audiences”) to reach potential consumers through online advertising. A look-alike audience is created when a business sends...more
The arrival of the California Consumer Privacy Act (CCPA) on January 1, 2020 brings steep risk for companies that collect information on California residents. In particular, and among other statutory penalties, a business...more
While the California Consumer Privacy Act has impacted businesses in all sectors, one industry that has been steadily barreling toward compliance is the automotive industry. Simply put: The new “oil” in the automotive sector...more