California Consumer Privacy Act

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.September 13 was the final day for the California legislature to pass bills amending the California Consumer Privacy Act (CCPA) prior to its January 1, 2020, effective date. After months of speculation and anticipation, we finally have clarity (subject to the Governor’s approval) on the CCPA’s provisions.

Although there were changes – and both business and privacy advocates are claiming victories – the CCPA did not undergo a dramatic change. For businesses, the most notable changes are the addition of limited exemptions for the personal information of employees and business to business contacts as well as changes to the definition of personal information. On the other hand, privacy advocates will point to what did not change, namely, the CCPA retained its core privacy rights.

Below we discuss the changes.


Continue Reading

Key Point: If signed by the Governor, the legislation will expand the types of personal information covered by the CCPA’s provision authorizing private litigants to seek statutory damages of between $100 and $750, per consumer per incident, for data breaches.

On September 6, the California legislature passed amendments to the state’s data breach notification statutes

data privacyOn July 11, Husch Blackwell’s privacy and data security practice group will host a webinar analyzing the Gramm-Leach-Bliley Act (GLBA) exemption in the California Consumer Privacy Act (CCPA). In this webinar, we will discuss the following topics:

  • History of the CCPA’s GLBA exemption
  • Analysis of the GLBA’s definition of nonpublic personal information and relevant definitions

data privacyIn March we published an extensive analysis of proposed bills that would amend or supplement the California Consumer Privacy Act (CCPA). With a number of those bills having either passed the Assembly or been withdrawn , it is a good time to update our analysis.

In the below post, we identify and analyze these bills. In doing so, we first provide a summary of where the legislative process stands. We then analyze the most significant proposed changes and takeaways. Finally, we provide a table linking to each bill, identifying the issue to which it is directed, and providing an analysis of the bill’s proposed changes.

Over the next few months, Husch Blackwell’s privacy and data security blog will continue to track these bills. Register here to stay up-to-date.


Continue Reading

data privacyThose who have spent time critically thinking about the California Consumer Privacy Act (CCPA), can undoubtedly identify a number of ambiguities and uncertainties. Some of those may be resolved through the current legislative amendment process or the forthcoming Attorney General interpretive regulations. However, notwithstanding those efforts, there likely will be many unresolved issues when the CCPA becomes effective.

Continue Reading

data privacyKey Point:  Although not as far-reaching as the CCPA, the Nevada legislation will require entities subject to the statute to revise their online privacy notices and create an internal process to ensure compliance with the new opt-out right.

As we previously reported, the Nevada legislature has been considering legislation to amend Nevada’s existing online privacy notice statutes, NRS 603A.300 to .360. On May 23, 2019, the Nevada Assembly unanimously passed that legislation. The Senate previously passed it in April. The legislation is now headed to the Governor’s office for signature.

The legislation amends Nevada’s law in two notable ways. First, entities subject to the statute will need to establish a designated request address through which consumers can submit verified requests directing the entity not to make any “sale” of covered information collected about consumers. That provision will be enforceable only by the Nevada Attorney General’s office which can seek an injunction or $5,000 penalty for “each violation.” Second, the legislation excludes financial institutions subject to the Gramm-Leach-Bliley Act, HIPAA covered entities, and certain motor vehicle manufacturers from having to comply with the online privacy notice statute.


Continue Reading

data privacyKey Point: SB 561, which would have expanded the CCPA’s private right of action, has failed.

According to multiple reports, SB 561 failed to pass the California Senate on Thursday. The failure of SB 561 is a significant victory for businesses as the bill would have expanded the California Consumer Privacy Act’s (“CCPA”) private right of action to allow individual consumers to sue businesses for violations of the CCPA’s privacy-related rights. The current version of the CCPA only allows individual consumers to sue for certain types of data breaches and leaves enforcement of the CCPA’s privacy-related rights to the California Attorney General’s office. SB 561 was backed by the California Attorney General’s office and privacy-rights organizations. It was strongly opposed by business interests. You can read more about SB 561’s failure here and here. 


Continue Reading

data privacyOn June 5, Husch Blackwell’s privacy and data security practice group will host another webinar on the California Consumer Privacy Act (CCPA). In this webinar, we will:

  • Provide a brief overview of the CCPA and its requirements
  • Analyze the current proposed amendments and how they would modify the CCPA
  • Discuss the proposed amendments that have

Texas flagAs we previously reported, the Texas legislature has been considering two bills directed at addressing consumer privacy. Those bills were proposed in the wake of last year’s enactment of the California Consumer Privacy Act.

On May 7, 2019, the Texas House voted overwhelmingly to pass one of those bills – HB 4390 – however, the version it passed was significantly amended and will no longer provide any privacy rights to Texas residents.


Continue Reading