California Consumer Privacy Act

On June 24, 2020, the California Secretary of State announced that county election officials had validated enough signatures through the random signature validation process to make the California Privacy Rights Act of 2020 (a/k/a CCPA 2.0) eligible for the November 3, 2020 ballot. The final projected valid signatures based on the random sample validation process

In early June, the California Attorney General filed final CCPA regulations with the California Office of Administrative Law. The final regulations were accompanied by a 59-page Final Statement of Reasons along with six appendices containing over 500 pages of comments on the regulations and the Attorney General’s responses to those comments. One of the many topics that the Attorney General’s office discussed was the final regulation’s requirements for drafting privacy policies. Given that the drafting of a privacy policy is a necessary part of CCPA compliance, it is worth analyzing those comments.

Continue Reading Analyzing the California Attorney General’s Comments on Drafting Privacy Policies

The California Attorney General’s office just published final CCPA regulations. The Attorney General also submitted a written justification requesting an expedited review of the regulations and an effective date upon the filing of the regulations with Secretary of State.

Join us on Friday, June 5, 2020, from noon to 1:00 CDT for a live webinar

In this 25 minute on-demand webinar, Husch Blackwell attorneys David Stauss and Malia Rogers provide an overview of the California Privacy Rights Act (CPRA or CCPA 2.0), which is currently on track to appear on the November 2020 California ballot. If passed, the CPRA will significantly amend and expand the California Consumer Privacy Act.

Keypoint: If the California Privacy Rights Act is approved by voters in November, it would trigger a series of deadlines ultimately culminating in a January 1, 2023 effective date and July 1, 2023 enforcement date.

On May 4, 2020, privacy advocates reported that they were submitting over 900,000 signatures to qualify the California Privacy Rights Act (CPRA or CCPA.20) for the November election. Assuming the initiative passes the signature verification process, it would be on the November 3, 2020 ballot and become law if approved by a simple majority of California voters.

If the CPRA does pass in November, it will trigger a complicated timeline of staggered effective and enforcement dates and regulatory rulemaking deadlines.


Continue Reading CCPA 2.0: Analysis of the California Privacy Rights Act’s Implementation Timeline

Keypoint: The use of no-contact temperature taking devices can be an important part of a company’s return-to-work program, but companies should fully vet these devices to ensure that they are not unintentionally violating privacy laws or exposing themselves to potential liabilities.

As U.S. companies start planning and implementing return-to-work plans, many are considering whether to use no-contact temperature taking devices.

The federal government has recognized that taking temperatures is a step that companies can take to mitigate the risk of spreading coronavirus. For example, the CDC interim guidance for critical infrastructure workers recommends that employers “measure the employee’s temperature and assess symptoms prior to them starting work.” EEOC return-to-work guidance also recognizes that employee screening “may include continuing to take temperatures . . . of all those entering the workplace.”

States and cities also have recommended taking temperatures. For example, in Colorado, the Governor’s office has encouraged large workplaces to implement symptom and temperature checks as part of the state’s gradual return-to-work strategy. New York Mayor Bill de Blasio has stated that temperature checks will be part of the City’s return-to-work program. New Jersey Governor Phil Murphy suggested that restaurants could check temperatures before allowing customers to enter.

However, the taking of temperatures creates logistical issues such as who should take the temperatures, what precautions should be in place, and when and where the temperatures should be taken. As with many other facets of this pandemic, companies have looked to technology to answer some of these questions, and there are many solutions – some old, some new – in the marketplace.

Depending on the type of device, the use of no-contact temperature taking devices can raise numerous privacy issues. As companies begin to vet and implement these devices, they will need to ensure that they do not unintentionally violate privacy laws or assume potential liabilities.


Continue Reading U.S. Privacy Law Implications with the Use of No-Contact Temperature Taking Devices

Keypoint: If properly deployed, the use of COVID-19 contact-tracing apps by employers, in combination with other measures, could be an effective way to return employees to the workforce. However, before deploying these apps, employers should take caution to fully vet the technologies being used to ensure that employee privacy is respected.

As the United States and Europe have started the process of returning to work, the development, deployment, and use of COVID-19 contact-tracing apps has become a focal point for how governments intend to mitigate risk. ChinaSingapore, and South Korea have already implemented national contact-tracing apps. European countries and Australia have been rapidly working towards their deployment.

In connection with the rapid development of governmental contact-tracing apps, tech companies have started to develop similar apps for employers. A handful of employer-focused contact-tracing apps are already on the market and many more are in development. Some employers are already planning to deploy these apps. For example, Ferrari recently announced that it will utilize a contact-tracing app as part of its “Back on Track” plan.

The use of these apps raises numerous privacy concerns for U.S. employers. As employers begin to vet these apps, they will need to ensure that they do not unintentionally violate privacy laws or assume liabilities by deploying them with their workforce.


Continue Reading U.S. Privacy Law Implications for Employers Considering Employee Contact-Tracing Apps

Keypoint: The AG’s office again signals that the CCPA’s July 1 enforcement deadline will not be extended.

In another sign that the California Attorney General has no plans to delay the CCPA’s July 1, 2020, enforcement deadline, on Friday April 10, 2020, the AG’s office issued a press release reminding California residents of their data privacy rights during the COVID-19 pandemic.


Continue Reading CCPA Update: AG Says CCPA Privacy Rights Now “More Important Than Ever”