On August 30, 2020, the California legislature passed Assembly Bill 1281, which extends the CCPA’s business-to-business and employee exemptions by one year until January 1, 2022. The bill now moves to the California Governor’s office.
Continue Reading CCPA Update: Legislature Extends Business-to-Business and Employee Exemptions for One Year

Keypoint: Some additional changes to the CCPA regulations were made before they were filed with the Secretary of State and became effective.

As discussed in our prior post, on Friday, August 14, 2020, the California Office of Administrative Law (OAL) approved the California Office of the Attorney General’s (OAG) final CCPA regulations and filed them with the California Secretary of State (SOS). The regulations were immediately effective.

Notably, the final text of the regulations submitted to the SOS was modified from the one filed with the OAL. The OAG published an Addendum to the Final Statement of Reasons setting forth the changes. Many of the changes are stylistic and grammatical. However, some of the changes are substantive and will impact compliance efforts. The most notable changes are discussed below:


Continue Reading CCPA Update: Analyzing the Changes to the Final CCPA Regulations

In this 25 minute on-demand webinar, Husch Blackwell attorneys David Stauss and Malia Rogers provide an overview of the California Privacy Rights Act (CPRA or CCPA 2.0), which is currently on track to appear on the November 2020 California ballot. If passed, the CPRA will significantly amend and expand the California Consumer Privacy Act.

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: The modified proposed regulations make substantial changes to the proposed regulations, including modifying how consumer notices must be drafted and changing some of the requirements for receiving and responding to consumer requests.

On Friday, February 7, 2020, the California Attorney General’s office published a notice of modifications to the text of the proposed regulations regarding the California Consumer Privacy Act (CCPA). The AG’s office also published redline and clean versions of the modified regulations.

The changes modify the proposed regulations published by the Attorney General’s office on October 11, 2019. The changes are the result of four public hearings held in December 2019 and the submission of over 1,700 pages of written comments. The Attorney General’s notice states that the department will accept written comments on the proposed changes until 5:00 p.m. on February 24, 2020.

Based on guidance previously published by the Attorney General’s office, this abbreviated comment period reflects the Attorney General’s determination that the changes are “substantial and sufficiently related,” but not “major,” which would require a new 45-day comment period. Following review of written comments, the Attorney General’s office will publish an updated informative digest and final statement of reasons (with summary and response comments) in addition to the final text of the regulations.

Members of Husch Blackwell’s privacy and data security practice group will host a webinar on Wednesday, February 12 at noon CST to review and discuss the modified regulations. To register, click here.

Below is our analysis of the modified regulations.


Continue Reading CCPA Update: AG’s Office Publishes Modified Proposed Regulations

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.

2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer Privacy Act (CCPA) was the most significant story, but there also were developments in states such as New York and Nevada. Numerous other states also considered consumer privacy legislation, and federal lawmakers even jumped into the fray, proposing a variety of bills and regulations. Overseas, GDPR garnered the most headlines of course, but other countries, such as Brazil, also made news.

But 2019 was just the start. There is no doubt that privacy and cybersecurity law is undergoing a fundamental change in the United States. If nothing else, the legal landscape of privacy law in the United States promises to look very different by the end of the year.

Below we discuss what we anticipate will be the biggest stories in 2020 and beyond.


Continue Reading The Year to Come in U.S. Privacy & Cybersecurity Law

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: Those hoping that the final CCPA regulations will clarify its requirements may be disappointed. 

According to an article in Bloomberg Law, California Attorney General Becerra does not anticipate his office making substantial changes to the regulations as proposed when it issues the final regulations.

The AG’s office published the proposed regulations on October

With less than 60 days until the California Consumer Privacy Act (CCPA) goes into effect, businesses need to aggressively focus their compliance efforts. Although each organization will face unique compliance challenges, all businesses need to tackle a discrete set of tasks – at a minimum – to comply by January 1, 2020.

Join us on

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Saturday, November 2, will mark 60 days until the California Consumer Privacy Act (CCPA) goes into effect. While each organization will have its unique compliance challenges, as discussed below, there are a discrete set of tasks – at a minimum – that each organization needs to undertake in the next 60 days as the first steps toward compliance.

In addition, on November 13, members of Husch Blackwell’s privacy and cybersecurity practice group will present a webinar to discuss these tasks in greater detail.  For more information or to register, click here.


Continue Reading 60 Days Until The CCPA Goes Into Effect: Are You Ready?

Keypoint: As of January 1, 2020, manufacturers of IoT devices will need to comply with new laws in California and Oregon.

It may be hard to believe but the California Consumer Privacy Act is not the only new law that will go into effect on January 1, 2020. Rather, new laws in California and Oregon that regulate IoT devices also will go into effect on that date. Below is an overview of those laws.


Continue Reading Two New State IoT Laws Go into Effect on January 1