California Consumer Privacy Act

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: The modified proposed regulations make substantial changes to the proposed regulations, including modifying how consumer notices must be drafted and changing some of the requirements for receiving and responding to consumer requests.

On Friday, February 7, 2020, the California Attorney General’s office published a notice of modifications to the text of the proposed regulations regarding the California Consumer Privacy Act (CCPA). The AG’s office also published redline and clean versions of the modified regulations.

The changes modify the proposed regulations published by the Attorney General’s office on October 11, 2019. The changes are the result of four public hearings held in December 2019 and the submission of over 1,700 pages of written comments. The Attorney General’s notice states that the department will accept written comments on the proposed changes until 5:00 p.m. on February 24, 2020.

Based on guidance previously published by the Attorney General’s office, this abbreviated comment period reflects the Attorney General’s determination that the changes are “substantial and sufficiently related,” but not “major,” which would require a new 45-day comment period. Following review of written comments, the Attorney General’s office will publish an updated informative digest and final statement of reasons (with summary and response comments) in addition to the final text of the regulations.

Members of Husch Blackwell’s privacy and data security practice group will host a webinar on Wednesday, February 12 at noon CST to review and discuss the modified regulations. To register, click here.

Below is our analysis of the modified regulations.


Continue Reading

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.

2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer Privacy Act (CCPA) was the most significant story, but there also were developments in states such as New York and Nevada. Numerous other states also considered consumer privacy legislation, and federal lawmakers even jumped into the fray, proposing a variety of bills and regulations. Overseas, GDPR garnered the most headlines of course, but other countries, such as Brazil, also made news.

But 2019 was just the start. There is no doubt that privacy and cybersecurity law is undergoing a fundamental change in the United States. If nothing else, the legal landscape of privacy law in the United States promises to look very different by the end of the year.

Below we discuss what we anticipate will be the biggest stories in 2020 and beyond.


Continue Reading

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: Those hoping that the final CCPA regulations will clarify its requirements may be disappointed. 

According to an article in Bloomberg Law, California Attorney General Becerra does not anticipate his office making substantial changes to the regulations as proposed when it issues the final regulations.

The AG’s office published the proposed regulations on October

With less than 60 days until the California Consumer Privacy Act (CCPA) goes into effect, businesses need to aggressively focus their compliance efforts. Although each organization will face unique compliance challenges, all businesses need to tackle a discrete set of tasks – at a minimum – to comply by January 1, 2020.

Join us on

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Saturday, November 2, will mark 60 days until the California Consumer Privacy Act (CCPA) goes into effect. While each organization will have its unique compliance challenges, as discussed below, there are a discrete set of tasks – at a minimum – that each organization needs to undertake in the next 60 days as the first steps toward compliance.

In addition, on November 13, members of Husch Blackwell’s privacy and cybersecurity practice group will present a webinar to discuss these tasks in greater detail.  For more information or to register, click here.


Continue Reading

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: The long-awaited proposed AG regulations are here, and while they provide some much-needed clarity, they will leave businesses wanting more.

On October 10, 2019, the California Attorney General’s office published its long-awaited proposed CCPA regulations. The AG’s office also announced that it will hold public hearings on the regulations on December 2, 3, 4 and 5, 2019, and that the written comment period will end on December 6, 2019, at 5:00 p.m.

In the following blog post, we will analyze and discuss many of these proposed regulations. In addition, members of Husch Blackwell’s privacy and data security practice group will host a webinar on Tuesday, October 15, from 12:00-1:30 p.m. CT, to analyze the proposed regulations.  Click here to register.


Continue Reading

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.We previously posted that Alastair Mactaggart, one of the co-authors of the California Consumer Privacy Act (CCPA), intended to submit a new ballot initiative to strengthen the privacy rights that already exist in the CCPA. The full text of the ballot measure – which is entitled the California Consumer Privacy Rights and Enforcement Act of 2020 – is now available on the California Attorney General’s website.  There also is an annotated version of the initiative available here.

While Mactaggart’s press release identified a few of the proposed changes, our initial review of the initiative is that it would bring about a substantial rewrite of the CCPA.  While there is a lot to unpack in this initiative, here are our initial highlights:


Continue Reading