The California Privacy Protection Agency Board (the “Board”) held a public meeting on February 3, 2023, adopting and approving the current set of draft rules (the “Draft Rules”), which implement and clarify the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act of 2020 (“CPRA”). The Draft Rules cover many CCPA requirements, including restrictions on the collection and use of personal information, transparency obligations, consumer rights and responding to consumer requests, and service provider contract requirements. At the meeting, the Board also addressed additional proposed rulemaking processes concerning cybersecurity audits, risk assessments, and automated decision-making.
In our previous blog, we featured the California Privacy Rights Act’s Enhanced Cybersecurity Safeguards.[1] We now highlight significant privacy safeguards under the California Privacy Rights Act (“CPRA”) that will require advance planning in preparation for its January 1, 2023 effective date.[2] These new requirements will impact the collection and use of personal information across each organization. In particular, businesses, at a minimum, will need to assess and plan for:
- the effective implementation of data minimization policies, practices, and ...
The California Privacy Rights Act (“CPRA”) leaps forward on cybersecurity by amending the California Consumer Privacy Act (“CCPA”) to impose enhanced protections. The CPRA enhancements apply to “for profit” companies and other organizations: (a) with more than $25 million in gross revenues in the preceding calendar year, or (b) that annually buy, sell or share the personal information of 100,000 or more consumers or households, or (c) that derive at least 50 percent of their annual revenue from selling or sharing consumer personal information ...
As the COVID-19 pandemic continues to affect workplaces throughout the world, employers are considering new ways to ensure a safe workplace when employees return to the office. Outside the US, employers must balance their duty of care to protect the health and safety of all their employees with safeguarding employees’ privacy and complying with data protection regulations. Many employers already have analyzed whether they may require or request employees to (i) submit to COVID-19 testing at the workplace, (ii) certify certain health information regarding exposure to ...
Washington State is considering sweeping legislation (SB 5376) to govern the security and privacy of personal data similar to the requirements of the European Union’s General Data Protection Regulation (“GDPR”). Under the proposed legislation, Washington residents will gain comprehensive rights in their personal data. Residents will have the right, subject to certain exceptions, to request that data errors be corrected, to withdraw consent to continued processing and to deletion of their data. Residents may require an organization to confirm whether it is processing ...
Blog Editors
Recent Updates
- Updated for 2025: Epstein Becker Green’s Free Wage-Hour App
- Employers Should Plan for the Impact of Evolving Social Policy on Their Workforce
- Video: Federal Agencies Begin Compliance Efforts Under Trump Administration - Employment Law This Week
- Video: How Will Trump’s Federal Changes Impact Employers? - Employment Law This Week
- DEI Dead at Revamped EEOC: EEOC Enforcement Priorities After Trump Administration Makeover