On June 24, 2020, the California Secretary of State announced that county election officials had validated enough signatures through the random signature validation process to make the California Privacy Rights Act of 2020 (a/k/a CCPA 2.0) eligible for the November 3, 2020 ballot. The final projected valid signatures based on the random sample validation process was 718,233 signatures, well in excess of the requirement.

The measure will now move to the November ballot. Polling previously released by the Californians for Consumer Privacy – the advocacy group that submitted the CPRA – indicated that 88% of California voters supported the measure.

If passed, the CPRA will significantly revise the CCPA’s requirements. For a discussion of the CPRA, see our on-demand webinar available here.

In early June, the California Attorney General filed final CCPA regulations with the California Office of Administrative Law. The final regulations were accompanied by a 59-page Final Statement of Reasons along with six appendices containing over 500 pages of comments on the regulations and the Attorney General’s responses to those comments. One of the many topics that the Attorney General’s office discussed was the final regulation’s requirements for drafting privacy policies. Given that the drafting of a privacy policy is a necessary part of CCPA compliance, it is worth analyzing those comments.

Continue Reading Analyzing the California Attorney General’s Comments on Drafting Privacy Policies

On May 26, the District Court found in the In Re: Capital One Consumer Data Security Breach Litigation, MDL No. 1:19md2915 (AJT/JFA)(ED VA) that a report prepared by Mandiant concerning the Capital One data breach (Breach Report) was not protected by the work product privilege and must be turned over to Plaintiffs. Continue Reading Breach Report in Capital One Litigation Not Privileged

The California Attorney General’s office just published final CCPA regulations. The Attorney General also submitted a written justification requesting an expedited review of the regulations and an effective date upon the filing of the regulations with Secretary of State.

Join us on Friday, June 5, 2020, from noon to 1:00 CDT for a live webinar taking a first look at the final regulations.

To register for the webinar, click here.

Keypoint: If passed, the bill would create a regulatory structure around the use of contact-tracing apps, including requiring operators of such services to obtain affirmative express consent, provide privacy disclosures, not transfer the data unless under certain circumstances, and delete the data on demand or within thirty days.

According to multiple sources, a bipartisan group of Senators plan to introduce a bill to regulate the use of contact-tracing and exposure notification apps. The bill, entitled the “Exposure Notification Privacy Act” is the latest in a series of bills that seek to regulate these new apps. Previous competing bills were submitted by Republican and Democrat Senators. The new bipartisan bill raises hopes that federal privacy legislation (albeit on a limited issue) may finally pass.

Below is a discussion of the Act’s relevant provisions.

Continue Reading Bipartisan Group of Senators Proposes Privacy Bill for COVID-19 Contact-Tracing Apps

In this 25 minute on-demand webinar, Husch Blackwell attorneys David Stauss and Malia Rogers provide an overview of the California Privacy Rights Act (CPRA or CCPA 2.0), which is currently on track to appear on the November 2020 California ballot. If passed, the CPRA will significantly amend and expand the California Consumer Privacy Act. David and Malia provide a background on the CPRA and its current status, analyze its notable provisions, and discuss its implementation timeline.

Click here to view the webinar.

Resulting in Zoom Promising to Implement an Information Security Program, Resembling the SHIELD Act

Key point: The Letter of Agreement between the New York Attorney General and Zoom Video Communications, Inc. provides insight into what the Attorney General may consider satisfying the Reasonable Safeguards requirement under the SHIELD Act.

On May 7, 2020 Zoom Video Communications, Inc. (Zoom) became the first company to experience one of the new enforcement tools available to the New York Attorney General’s Office (NYAG) under the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act).

The SHIELD Act took effect on March 21, 2020, and requires any person or business owning or licensing computerized data containing the private information of a New York resident “to develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of that private information.” GBL § 899-BB(2).

Continue Reading Zoom’s Popularity Leads to New York Investigating Its Security Flaws

Keypoint: If the California Privacy Rights Act is approved by voters in November, it would trigger a series of deadlines ultimately culminating in a January 1, 2023 effective date and July 1, 2023 enforcement date.

On May 4, 2020, privacy advocates reported that they were submitting over 900,000 signatures to qualify the California Privacy Rights Act (CPRA or CCPA.20) for the November election. Assuming the initiative passes the signature verification process, it would be on the November 3, 2020 ballot and become law if approved by a simple majority of California voters.

If the CPRA does pass in November, it will trigger a complicated timeline of staggered effective and enforcement dates and regulatory rulemaking deadlines.

Continue Reading CCPA 2.0: Analysis of the California Privacy Rights Act’s Implementation Timeline

Keypoint: Advocates seem certain that they have done enough to qualify CCPA 2.0 for the November ballot.

On May 4, 2020, the Californians for Consumer Privacy advocacy group announced that they were submitting over 900,000 signatures to qualify the California Privacy Rights Act (CPRA, commonly referred to as “CCPA 2.0”) for the November 2020 ballot. As discussed in our prior post, privacy advocates were required to collect and submit 623,212 signatures to qualify the CPRA for the November ballot. However, given that signatures need to be verified, it is typical for advocates to submit many more signatures than is necessary.

The initiative will now enter the signature verification process. The Californians for Consumer Privacy appeared certain that they had done enough to qualify the CPRA for the November election, posting on Twitter: “Today we submitted signatures to qualify CPRA2020 for the November ballot. See you at the ballot box!”

For a discussion of CCPA 2.0 and how it would change the CCPA’s requirements, click here.