Lately, seemingly following California’s lead, a member of the New York State Legislature proposed legislation which would have solidifies the privacy rights of individuals in New York. The proposed bill was hailed as providing stronger protection for individuals that the California Privacy Act. Notably, it would provide increased transparency to let individuals know what data companies collected, who they’ve shared that data with, make certain requests that it be corrected or deleted, and choose to…

One of the larger exemptions to being deemed a seller of personal data under the CCPA is the “service provider” exemption. I am not going to quote the statutory language as frankly its written in a confusing way. But the CCPA states that a business will not be deemed a seller of personal data, with respect only to its relationship with a service provider, where such business uses or shares with a service provider personal…

New York was concerned that companies with sensitive data, such as people’s banking information, social security numbers and other financial records could be unlawfully accessed by hackers (other nations, individuals, companies). The New York Department of Financial Services (“DFS”) has promulgated regulations entitled the “Cybersecurity Requirements for Financial Services Companies” which can be found at 23 NYCRR 500. The regulation applies to “Covered Entities” which means any person or individual holding a permit or…

New York was concerned that companies with sensitive data, such as people’s banking information, social security numbers and other financial records could be unlawfully accessed by hackers (other nations, individuals, companies). The New York Department of Financial Services (“DFS”) has promulgated regulations entitled the “Cybersecurity Requirements for Financial Services Companies” which can be found at 23 NYCRR 500. The regulation applies to “Covered Entities” which means any person or individual holding a permit or…

So while the California Consumer Privacy Act of 2018 won’t take effect until 2020 (or later depending on when the regulations are issued), when it does go into effect, part of it will require companies who are subject to the act to have kept records of the data collected within the 12 months prior to the effectiveness of the act. This seems a little retroactive in application and its questionable legally of how this will…

So while the California Consumer Privacy Act of 2018 won’t take effect until 2020 (or later depending on when the regulations are issued), when it does go into effect, part of it will require companies who are subject to the act to have kept records of the data collected within the 12 months prior to the effectiveness of the act. This seems a little retroactive in application and its questionable legally of how this will…

We introduced the California Consumer Privacy Act of 2018 (CCPA) before, and there has been some updates since then.  While the CCPA was to take effect on January 1, 2020, the date of effectiveness and the date when the California Attorney General has to promulgate the regulations for same has been pushed back to July 1, 2020.  Similarly, the time of enforcement of same is to be that date if the regulations are published…