When it comes to privacy compliance, businesses will have a lot on their plate in 2023. Major changes to the California Consumer Privacy Act (CCPA) are going into effect (including the expiration of employee data exemption), as well as four new state privacy laws. Among these is the Utah Consumer Privacy Act (UCPA).
Read More
As 2023 approaches and a new round of data privacy laws are slated to take effect, business leaders are scrambling to determine which laws apply to their companies and how to juggle multi-state compliance. The Connecticut Data Privacy Act (CDPA) is one of those laws, going into effect on July 1, 2023.
Read More
A simple browser signal may have the power to reshape online privacy.
Read More
There are a lot of misconceptions surrounding cookie banners and data privacy laws like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). The proliferation of cookie pop-ups and consent banners has led many to believe they are required, even when they are not (they are required in Europe, but more on that below). More dangerously, some believe that adding a cookie banner to their website is all that is required for privacy compliance, which is...
Read More
Since it was passed in 2018, the California Consumer Privacy Act (CCPA) has been seen as mainly an issue for marketing and eCommerce teams—i.e., people who deal with customers and website visitors. Even though they handle large volumes of personal information, human resources departments have been spared many of the privacy law’s requirements because they deal exclusively with internal data from job applicants, employees, and contractors.
Read More
Article Highlights: California Age-Appropriate Design Code Act extends beyond existing COPPA protections All minors under 18 years old are protected Major restrictions where online services are likely to be accessed by children
Read More
Article Highlights: Exemption set to expire on January 1, 2023 Employee and B2B data will be treated like any other personal information Businesses should revisit several areas of their CCPA compliance
Read More
Article Highlights: CCPA enforcement remains robust Case examples emphasize ease of user experience for consumers Exchange of personal information for services is considered a "sale"
Read More
Article Highlights: First major fine for violation of the CCPA Sephora website had no method to opt-out of sale of personal information & no implementation of the Global Privacy Control standard Fines likely to be more common as the mandatory 30-day cure period expires California Attorney General Rob Bonta announced that his office has recently settled a case with makeup retailer Sephora over a number of violations of the California Consumer Privacy Act (CCPA). The settlement requires Sephora...
Read More
The momentum of states passing their own privacy laws is showing no signs of slowing down. The Connecticut legislature recently passed the Connecticut Data Privacy Act (CTDPA), which was then signed into law by Governor Ned Lamont. A trend that began with Europe’s General Data Protection Regulation (GDPR) and then the California Consumer Privacy Act (CCPA) seems to be picking up pace—the CTDPA is the second such state law passed just in the first half of 2022, following right on the heels of...
Read More
Recently signed into law by Governor Spencer Cox, the Utah Consumer Privacy Act (UCPA) is now the nation’s fourth data privacy law to go on the books. While it does not go into effect until December 31, 2023, it’s never too early to learn about the new law and how it compares to privacy legislation in other states.
Read More
In a recent press release, California Attorney General Rob Bonta made it clear that customer loyalty programs are an enforcement priority for California Consumer Privacy Act (CCPA) compliance. His office sent out 30-day cure notices to a number of “major corporations in the retail, home improvement, travel, and food services industries.” Companies that fix any alleged violations of the data privacy law within that time period will face no further penalties.
Read More
If the California Consumer Privacy Act (CCPA) applies to your business, there is no question you should already be in compliance with the privacy law. Enforcement began in July 2020, and with the creation of the California Privacy Protection Agency (CPPA), the expectation is that enforcement activities will increase dramatically. Some businesses have held off on making the required changes, as they weigh the risks and costs of non-compliance. Others may not yet realize that the CCPA applies to...
Read More
Virtually any business that works in the healthcare space will be accessing and managing health information. If personally identifiable information (PII) is linked with medical information, that data is considered protected health information (PHI), a special class of data that must be secured according to HIPAA standards. But building a HIPAA-compliant application requires expert knowledge in engineering for security as well as the law itself. There are few small businesses that have the...
Read More