With less than 60 days until the California Consumer Privacy Act (CCPA) goes into effect, businesses need to aggressively focus their compliance efforts. Although each organization will face unique compliance challenges, all businesses need to tackle a discrete set of tasks – at a minimum – to comply by January 1, 2020.

Join us on Wednesday, November 13, as we cut through the confusion surrounding the CCPA, identify the discrete tasks that all businesses must undertake and offer guidance on how to complete them by the January 1st deadline.

Click here for more information and to register.

 

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Saturday, November 2, will mark 60 days until the California Consumer Privacy Act (CCPA) goes into effect. While each organization will have its unique compliance challenges, as discussed below, there are a discrete set of tasks – at a minimum – that each organization needs to undertake in the next 60 days as the first steps toward compliance.

In addition, on November 13, members of Husch Blackwell’s privacy and cybersecurity practice group will present a webinar to discuss these tasks in greater detail.  For more information or to register, click here.

Continue Reading 60 Days Until The CCPA Goes Into Effect: Are You Ready?

Keypoint: As of January 1, 2020, manufacturers of IoT devices will need to comply with new laws in California and Oregon.

It may be hard to believe but the California Consumer Privacy Act is not the only new law that will go into effect on January 1, 2020. Rather, new laws in California and Oregon that regulate IoT devices also will go into effect on that date. Below is an overview of those laws.

Continue Reading Two New State IoT Laws Go into Effect on January 1

Key Points

  • The Illinois Biometric Information Privacy Act (BIPA) is the most stringent privacy law in the country providing claimants with a private right of action without alleging actual injury.
  • Recent decisions have held that companies outside of Illinois that collect, store or use information on employees and persons in Illinois are subject to BIPA mandates.
  • Courts have held that notice of the collection of biometric information must be obtained from all persons prior to collection of the biometric information.
  • A recent decision acknowledged that an expansive reading of the statute suggests that each scan of biometric information may constitute a single violation under the BIPA.
  • Union employees subject to a collective bargaining agreement must pursue their BIPA claims in arbitration or before an administrative board.
  • Claims of willful or intentional violation of the new law must be supported by facts.
  • BIPA contains no statute of limitations for actions brought under the law, and the issue of the applicable length of the statute of limitations remains unresolved.

As tech companies race to develop facial recognition software for new applications across industry sectors, including the automotive, cosmetic, and healthcare industries, state legislatures are developing privacy laws to protect individuals’ right to privacy and control over their biometric information. The Illinois BIPA is the most stringent biometric privacy law in the U.S for the following reasons:

Continue Reading Overview of Recent Decisions Interpreting the Illinois Biometric Information Privacy Act

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: The long-awaited proposed AG regulations are here, and while they provide some much-needed clarity, they will leave businesses wanting more.

On October 10, 2019, the California Attorney General’s office published its long-awaited proposed CCPA regulations. The AG’s office also announced that it will hold public hearings on the regulations on December 2, 3, 4 and 5, 2019, and that the written comment period will end on December 6, 2019, at 5:00 p.m.

In the following blog post, we will analyze and discuss many of these proposed regulations. In addition, members of Husch Blackwell’s privacy and data security practice group will host a webinar on Tuesday, October 15, from 12:00-1:30 p.m. CT, to analyze the proposed regulations.  Click here to register.

Continue Reading CCPA Update: Analyzing the AG’s Proposed Regulations

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.We previously posted that Alastair Mactaggart, one of the co-authors of the California Consumer Privacy Act (CCPA), intended to submit a new ballot initiative to strengthen the privacy rights that already exist in the CCPA. The full text of the ballot measure – which is entitled the California Consumer Privacy Rights and Enforcement Act of 2020 – is now available on the California Attorney General’s website.  There also is an annotated version of the initiative available here.

While Mactaggart’s press release identified a few of the proposed changes, our initial review of the initiative is that it would bring about a substantial rewrite of the CCPA.  While there is a lot to unpack in this initiative, here are our initial highlights:

Continue Reading The California Privacy Rights and Enforcement Act of 2020

data privacyAlastair Mactaggart, Founder & Chair of Californians for Consumer Privacy, announced that he intends to file a ballot initiative – the California Privacy Enforcement Act – to appear on the November 2020 ballot. According to his press release, the new law would:

  • Create new rights around the use and sale of sensitive personal information, such as health and financial information, racial or ethnic origin, and precise geolocation;
  • Triple the CCPA’s fines for violating the law’s requirements governing the collection and sale of children’s private information and require opt-in consent to collect data from consumers under the age of 16;
  • Require transparency around automated decision-making and profiling;
  • Establish a new authority to protect the privacy rights;
  • Amend election disclosure laws to require corporations to disclose whether, and how, they use personal information to influence elections; and
  • Require that future amendments be in furtherance of the law.

According to the San Francisco Chronicle, Mactaggart intends to spend as much as $3 million collecting over 600,000 signatures to qualify the measure for the November 2020 ballot. Those familiar with the CCPA’s history will know that Mactaggart’s initial ballot initiative drove the ultimate passage of the CCPA legislation in June 2018. The fact that he is once-again pursuing a ballot initiative is not to be taken lightly.

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: The California Attorney General’s office is on track to publish draft CCPA regulations in October and final regulations by year end. Although the exact contours of the regulations are yet to be determined, businesses subject to the CCPA will need to understand the regulations and integrate their requirements into their CCPA compliance efforts.

The final piece of the CCPA puzzle should be in place by year end. According to Bloomberg Law, the California Attorney General’s office is on track to publish draft CCPA regulations in October and final regulations by the CCPA’s January 1, 2020, effective date. That report is in line with prior expectations that the AG’s office would publish draft regulations shortly after the California Governor’s October 13 deadline to sign the CCPA amendments that passed the legislature on September 13.

Although the CCPA becomes effective on January 1, 2020, the AG’s office cannot bring an enforcement action “until six months after the publication of final regulations . . . or July 1, 2020, whichever is sooner.” Therefore, it appears the AG’s office could potentially be poised to start enforcement actions prior to July 1, 2020.

Continue Reading Cal. AG Reportedly Will Issue Final CCPA Regulations by Year End: What Does it Mean?

Key Point: The FTC’s fine is the largest for any COPPA-related incident; however, two issues of first impression alleged in the Complaint could have a more significant impact over the long term.

Medicine doctor hand working with modern digital tablet

We previously reported that the Federal Trade Commission (“FTC”) entered into a settlement agreement with Facebook, Inc., which included a record-breaking $5 billion fine for repeat violations of consumers’ privacy rights. The FTC recently announced that it had entered into a settlement with Google, LLC (“Google”) and its subsidiary YouTube, LLC (“YouTube”), in which those entities will pay a $170 million fine for violating the Children’s Online Privacy Protection Act (“COPPA”) Rule. The $170 million fine is the largest the FTC has issued in a COPPA case since Congress enacted the law in 1998.

Continue Reading A Deeper Dive into the FTC’s Record-Breaking Fine to Google and YouTube for Violating the COPPA Rule