![Photo of David Stauss [Former Attorney]](https://lexblogplatform.com/wp-content/uploads/sites/631/userphoto/7147-1572288796.jpg)
On June 5, Husch Blackwell’s privacy and data security practice group will host another webinar on the California Consumer Privacy Act (CCPA). In this webinar, we will:
As we previously reported, the Texas legislature has been considering two bills directed at addressing consumer privacy. Those bills were proposed in the wake of last year’s enactment of the California Consumer Privacy Act.
On May 7, 2019, the Texas House voted overwhelmingly to pass one of those bills – HB 4390 – however, the version it passed was significantly amended and will no longer provide any privacy rights to Texas residents.
[Update: After publication of the below post, AB 1035 was amended to remove the below-referenced language. The fact that the California legislature considered defining what constitutes “reasonable security procedures and practices” for purposes of the CCPA’s private right of action but, at least as of now, did not proceed with such legislation leaves businesses subject to the CCPA with little to no legislative direction as to how they can demonstrate that they are undertaking reasonable security procedures and practices. It also exposes the CCPA to the argument that the subject language is void for vagueness. Given the substantial penalties businesses are exposed to under the CCPA’s private right of action, the failure of the legislature to address this issue is notable especially considering that Ohio implemented legislation last year that California could have used as a guide.]
Given the near ubiquitous coverage of proposed CCPA amendments, it may be hard to believe that any bill could fly under the radar, but that appears to be the case with AB 1035, which would amend the CCPA’s private right of action to link “reasonable security procedures and practices” to NIST standards.
As we first reported in February, the Nevada legislature has been considering legislation that would amend its online privacy notice statutes, NRS 603A.300 to 360. Among other things, Nevada’s existing law requires “operators” to provide a notice to consumers that (1) identifies the types of information the operator collects online, (2) describes the process (if any) for consumers to review or request changes to their information, (3) describes the process by which the operator notifies consumers of changes to the notice, and (4) discloses whether a third party may collect covered information about an individual’s online activities over time and across different Internet websites or online services.
Although there certainly will be more bills proposed to amend the California Consumer Privacy Act (CCPA), there already are a significant number of bills that have been working their way through the legislative process. One of these bills – SB561, which would expand the CCPA’s private right of action – received widespread attention when it was introduced
Thank you to everyone who attended our webinar “Complying with the California Consumer Privacy Act.” For those who were unable to attend, you can listen to the recording and obtain a copy of the slide deck by clicking here.
In our prior blog post, we discussed how the Washington Privacy Act (WPA) had passed the state’s senate and would be taken up by the state’s House of Representatives. On March 22, 2019, the House Innovation, Technology & Economic Development Committee held a public hearing on the legislation. A recording of the almost two-hour hearing
With CCPA compliance efforts ramping up, Husch Blackwell’s privacy and data security practice group compiled the most frequently asked client questions and answers into one resource – the California Consumer Privacy Act Guidebook. The CCPA Guidebook is a great resource for any entity that is trying to understand the CCPA and what it will require
On Wednesday, Washington took a major step towards becoming the second state to enact broad privacy legislation when its state senate approved the Washington Privacy Act. The bill passed the senate with overwhelming bipartisan support on a vote of 46-1 (with 2 excused). It now moves to the House where a companion bill has
One of the myriad of issues arising from the California Consumer Privacy Act (CCPA) is the extent to which financial institutions subject to the Gramm-Leach-Bliley Act (GLBA) must comply with the CCPA’s requirements in light of Section 1798.145(e), which provides that the CCPA “shall not apply to personal information collected, processed, sold, or disclosed pursuant to [the GLBA], and implementing regulations.” Because the CCPA’s definition of “personal information” is broader than the GLBA’s definition of “nonpublic personal information,” financial institutions have been faced with the daunting task of not only data mapping but also classifying that data based on whether it is subject to the GLBA.