Just as we were getting used to the California Consumer Privacy Act of 2018 (the “CCPA”), Californians voted to approve Proposition 24, the California Privacy Rights Enforcement Act of 2020 (the “CPRA”). For now, the CCPA is still with us – the CPRA becomes effective on January 1, 2023 – but companies that do business in California need to address the new industry requirements, consumer privacy rights, and enforcement mechanisms as far in advance as…

LOS ANGELES—Jeffer Mangels Butler & Mitchell LLP (JMBM) is pleased to announce that Michael A. Gold, co-chair of JMBM’s Cybersecurity & Privacy Group, has been recognized by the Daily Journal as one of California’s Top Cyber Lawyers. As reported by the Daily Journal, his clients include companies that operate within large and complex data environments, particularly those with international operations and regulatory challenges. In the Daily Journal’s profile, Gold said: “Threats and exploits and hacks…

Many races and initiatives that California voters considered on November 3 are still undecided, but Proposition 24, the California Privacy Rights Act of 2020 (the “CPRA”) isn’t one of them. The California electorate approved Proposition 24 by a comfortable margin – 56% of Californians voted in favor. Like its predecessor the California Consumer Privacy Act of 2018 (the “CCPA”), the impact of the CPRA won’t be felt immediately. It goes into effect on January 1,…

Are your cybersecurity management practices reasonable? Do you know your risk tolerance? Are you covering all the cybersecurity bases that make up reasonable cybersecurity? The California Consumer Privacy Act (CCPA) and other emerging laws require organizations to have “reasonable cybersecurity practices.” The challenge is that there is no accepted definition of exactly what “reasonable” means. Addressing this challenge, Robert Braun, co-chair of JMBM’s Cybersecurity & Privacy Group, will participate as a panelist for the online…

On September 29, California Governor Gavin Newsom signed an amendment (AB 1281) that extends the California Consumer Privacy Act (CCPA) partial employee and business-to-business exemptions through December 31, 2021. The extended exemptions may provide some relief to businesses struggling to comply with changing local, state and federal COVID-19 requirements. Partial Employee and B2B Exemptions The amendment extended the exception for businesses from complying with certain CCPA requirements with respect to the personal information of California…

The Blackbaud Breach In July of this year, Blackbaud, a U.S. based cloud computing provider and one of the world’s largest providers of administration, fundraising, and financial management software, notified its clients that it had discovered and stopped a ransomware attack.  In a public statement, Blackbaud described the attack: In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. After discovering the attack, our Cyber…

Shrems II – Groundhog Day, All Over Again Past is Prologue One of the keys to the European’s Union data protection regime has been the prohibition against transferring personal data from EU countries to jurisdictions that do not have regimes that, in the determination of the EU, provide adequate protection to consumers. Beginning in 2000 the U.S. – EU Safe Harbor Framework allowed U.S. companies to certify their compliance with EU data protection requirements, and…